holytrinitybroomfield.com Open in urlscan Pro
45.60.97.130 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://holytrinitybroomfield.com/fiv/microsoft/index.html
Submission: On May 10 via manual (May 10th 2019, 2:51:22 pm UTC) from US

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 11 HTTP transactions. The main IP is 45.60.97.130, located in Redwood City, United States and belongs to INCAPSULA - Incapsula Inc, US. The main domain is holytrinitybroomfield.com.
TLS certificate: Issued by GlobalSign CloudSSL CA - SHA256 - G3 on April 25th 2019. Valid for: a year.

This is the only time holytrinitybroomfield.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
8	45.60.97.130 45.60.97.130	19551 (INCAPSULA) (INCAPSULA - Incapsula Inc)
2	151.101.120.193 151.101.120.193	54113 (FASTLY) (FASTLY - Fastly)
11	3

8 45.60.97.130 (Redwood City, United States)

ASN19551 (INCAPSULA - Incapsula Inc, US)

holytrinitybroomfield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.120.193 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	holytrinitybroomfield.com holytrinitybroomfield.com	38 KB
2	imgur.com i.imgur.com	80 KB
11	2

	Domain	Requested by
8	holytrinitybroomfield.com	holytrinitybroomfield.com
2	i.imgur.com	holytrinitybroomfield.com
11	2

This site contains no links.

Subject Issuer	Validity	Valid
incapsula.com GlobalSign CloudSSL CA - SHA256 - G3	`2019-04-25` - `2020-03-23`	a year	crt.sh
*.imgur.com DigiCert SHA2 Secure Server CA	`2018-12-14` - `2020-02-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://holytrinitybroomfield.com/fiv/microsoft/index.html
Frame ID: 751A28C7CFC6B2143582F946AF6C80B6
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://holytrinitybroomfield.com/fiv/microsoft/index.html Page URL
https://holytrinitybroomfield.com/fiv/microsoft/index.html Page URL

Page Statistics

11
Requests

91 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

118 kB
Transfer

328 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://holytrinitybroomfield.com/fiv/microsoft/index.html Page URL
https://holytrinitybroomfield.com/fiv/microsoft/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	index.html Show response holytrinitybroomfield.com/fiv/microsoft/	210 B 560 B	553ms 105ms	Document text/html	45.60.97.130 Incapsula Inc
General Check archive.org Show headers Download Go to Full URL https://holytrinitybroomfield.com/fiv/microsoft/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.97.130 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS Software / Resource Hash `d2f3e642df0b6c754c71f80502056d952f874ef92da84205a158c21c012f616d` Request headers :method GET :authority holytrinitybroomfield.com :scheme https :path /fiv/microsoft/index.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 200 content-type text/html cache-control no-cache content-length 210 x-iinfo 11-52829564-0 0NNN RT(1557499864263 0) q(0 -1 -1 1) r(0 -1) B10(4,314,0) U18 x-iejgwucgyu 1 set-cookie visid_incap_1788205=meU/4ZtUSOuejPP/w1RqJ9iP1VwAAAAAQUIPAAAAAACRcDOMvESo6ZPpAHPCd1DM; expires=Sat, 09 May 2020 09:25:24 GMT; path=/; Domain=.holytrinitybroomfield.com incap_ses_1226_1788205=zAFCJLQD+TXYN09jpqADEdiP1VwAAAAA3vA5mYgu61KWoYnwxb2Y1g==; path=/; Domain=.holytrinitybroomfield.com
GET H2	200	_Incapsula_Resource Show response holytrinitybroomfield.com/	141 KB 21 KB	110ms 109ms	Script application/javascript	45.60.97.130 Incapsula Inc
General Check archive.org Show headers Download Go to Full URL https://holytrinitybroomfield.com/_Incapsula_Resource?SWJIYLWA=5074a744e2e3d891814e9a2dace20bd4,719d34d31c8e3a6e6fffd425f7e032f3 Requested by Host: holytrinitybroomfield.com URL: https://holytrinitybroomfield.com/fiv/microsoft/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.97.130 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS Software / Resource Hash `ae0409fbf064a55397eb464ef0aa44b913f2fda3929630d7bc4a8a7db5c6d907` Request headers Referer https://holytrinitybroomfield.com/fiv/microsoft/index.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 200 content-encoding gzip cache-control no-cache content-length 21344 content-type application/javascript
GET H2	200	_Incapsula_Resource holytrinitybroomfield.com/	29 B 55 B	102ms 101ms	XHR application/javascript	45.60.97.130 Incapsula Inc
General Check archive.org Show headers Download Go to Full URL https://holytrinitybroomfield.com/_Incapsula_Resource?SWHANEDL=469333913377485890,16804601599273001000,7448122571276335871,278903 Requested by Host: holytrinitybroomfield.com URL: https://holytrinitybroomfield.com/fiv/microsoft/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.97.130 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS Software / Resource Hash Request headers Referer https://holytrinitybroomfield.com/fiv/microsoft/index.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 200 cache-control no-cache content-length 29 content-type application/javascript
GET H2	200	Primary Request index.html Show response holytrinitybroomfield.com/fiv/microsoft/	1006 B 718 B	424ms 424ms	Document text/html	45.60.97.130 Incapsula Inc
General Check archive.org Show headers Download Go to Full URL https://holytrinitybroomfield.com/fiv/microsoft/index.html Requested by Host: holytrinitybroomfield.com URL: https://holytrinitybroomfield.com/fiv/microsoft/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.97.130 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS Software nginx/1.14.1 / Resource Hash `75635bc6ead6ffe5bd3694a121a105a3f57791548cda129589cbe3d76fe8e950` Request headers :method GET :authority holytrinitybroomfield.com :scheme https :path /fiv/microsoft/index.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 referer https://holytrinitybroomfield.com/fiv/microsoft/index.html accept-encoding gzip, deflate, br cookie visid_incap_1788205=meU/4ZtUSOuejPP/w1RqJ9iP1VwAAAAAQUIPAAAAAACRcDOMvESo6ZPpAHPCd1DM; incap_ses_1226_1788205=zAFCJLQD+TXYN09jpqADEdiP1VwAAAAA3vA5mYgu61KWoYnwxb2Y1g== Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://holytrinitybroomfield.com/fiv/microsoft/index.html Response headers status 200 server nginx/1.14.1 date Fri, 10 May 2019 14:51:05 GMT content-type text/html last-modified Thu, 10 Jan 2019 10:23:40 GMT content-encoding gzip x-iinfo 11-52829663-52829664 NNNN CT(76 156 0) RT(1557499864719 0) q(0 0 2 -1) r(3 3) U12 x-cdn Incapsula
GET H2	200	_Incapsula_Resource holytrinitybroomfield.com/	1 B 34 B	106ms 105ms	Image text/plain	45.60.97.130 Incapsula Inc
General Check archive.org Show headers Download Go to Show image Full URL https://holytrinitybroomfield.com/_Incapsula_Resource?SWKMTFSR=1&e=0.22769589861456185 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.97.130 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS Software / Resource Hash Request headers Referer https://holytrinitybroomfield.com/fiv/microsoft/index.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 200 cache-control no-cache content-length 1 content-type text/plain
GET		_Incapsula_Resource holytrinitybroomfield.com/	0 0

GET H2	200	microsoft.css holytrinitybroomfield.com/fiv/microsoft/	594 B 554 B	106ms 105ms	Stylesheet text/css	45.60.97.130 Incapsula Inc
General Check archive.org Show headers Download Go to Full URL https://holytrinitybroomfield.com/fiv/microsoft/microsoft.css Requested by Host: holytrinitybroomfield.com URL: https://holytrinitybroomfield.com/fiv/microsoft/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.97.130 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS Software / Resource Hash `3be4f2cc52a81fab97197456352a0f36258e60bb473eb327b4eaa8eef9cdbd87` Request headers Referer https://holytrinitybroomfield.com/fiv/microsoft/index.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Fri, 10 May 2019 14:51:05 GMT content-encoding gzip last-modified Wed, 16 Jan 2019 16:33:22 GMT x-cdn Incapsula etag "9b89cbcb" content-type text/css status 200 x-iinfo 11-52829776-52818486 2CNN RT(1557499865153 0) q(0 0 0 -1) r(0 0) U18 cache-control max-age=84011, public content-length 330 expires Sat, 11 May 2019 14:11:16 GMT
GET H2	200	nzqsLYY.png i.imgur.com/	3 KB 4 KB	86ms 22ms	Image image/png	151.101.120.193 Fastly
General Check archive.org Show headers Download Go to Show image Full URL https://i.imgur.com/nzqsLYY.png Requested by Host: holytrinitybroomfield.com URL: https://holytrinitybroomfield.com/fiv/microsoft/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.120.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software cat factory 1.0 / Resource Hash `09dec7f4c4642e0bb5f42204dbe72ed7b33ce0e1995a1a50515a031e16a6db44` Request headers Referer https://holytrinitybroomfield.com/fiv/microsoft/index.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Fri, 10 May 2019 14:51:05 GMT age 282173 x-cache HIT, HIT status 200 content-length 3295 x-served-by cache-bwi5142-BWI, cache-cdg20776-CDG last-modified Wed, 09 Jan 2019 21:22:22 GMT server cat factory 1.0 x-timer S1557499866.877233,VS0,VE1 etag "fc2fe29418f2052539d2e54af1b03fce" access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes x-cache-hits 1, 1
GET H2	200	_Incapsula_Resource Show response holytrinitybroomfield.com/	107 KB 16 KB	107ms 107ms	Script application/javascript	45.60.97.130 Incapsula Inc
General Check archive.org Show headers Download Go to Full URL https://holytrinitybroomfield.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=4&cb=1043395302 Requested by Host: holytrinitybroomfield.com URL: https://holytrinitybroomfield.com/fiv/microsoft/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.97.130 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS Software / Resource Hash `ee3b7fffe5559bf77c1df536161f5d51b51404860edb0c771ba4327e5c8f445a` Request headers Referer https://holytrinitybroomfield.com/fiv/microsoft/index.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 200 content-encoding gzip cache-control no-cache content-length 15844 content-type application/javascript
GET H2	200	xDTUS84.jpg i.imgur.com/	76 KB 76 KB	24ms 24ms	Image image/jpeg	151.101.120.193 Fastly
General Check archive.org Show headers Download Go to Show image Full URL https://i.imgur.com/xDTUS84.jpg Requested by Host: holytrinitybroomfield.com URL: https://holytrinitybroomfield.com/fiv/microsoft/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.120.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software cat factory 1.0 / Resource Hash `4595b9461541167468a3058c80d46bfa3148377c260c09a9eacce443c248ab4c` Request headers Referer https://holytrinitybroomfield.com/fiv/microsoft/microsoft.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Fri, 10 May 2019 14:51:05 GMT age 2952041 x-cache HIT, HIT status 200 content-length 77978 x-served-by cache-bwi5136-BWI, cache-cdg20776-CDG last-modified Tue, 08 Jan 2019 18:13:36 GMT server cat factory 1.0 x-timer S1557499866.920849,VS0,VE2 etag "9f502a4c3ef766fd85f50db62a9f34a8" access-control-allow-methods GET, OPTIONS content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes x-cache-hits 1, 1
GET H2	200	_Incapsula_Resource holytrinitybroomfield.com/	1 B 80 B	105ms 105ms	Image text/plain	45.60.97.130 Incapsula Inc
General Check archive.org Show headers Download Go to Show image Full URL https://holytrinitybroomfield.com/_Incapsula_Resource?SWKMTFSR=1&e=0.6293898499197323 Requested by Host: holytrinitybroomfield.com URL: https://holytrinitybroomfield.com/fiv/microsoft/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.97.130 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://holytrinitybroomfield.com/fiv/microsoft/index.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 200 cache-control no-cache content-length 1 content-type text/plain

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: holytrinitybroomfield.com
URL: https://holytrinitybroomfield.com/_Incapsula_Resource?ES2LURCT=67&t=78&d=complete%20(s%3A1%2Cc%3A106%2Cr%3A534)

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.holytrinitybroomfield.com/	1969-12-31 23:59:59	Name: incap_ses_1226_1788205 Value: zAFCJLQD+TXYN09jpqADEdiP1VwAAAAA3vA5mYgu61KWoYnwxb2Y1g==
			.holytrinitybroomfield.com/	1970-01-19 09:23:36	Name: visid_incap_1788205 Value: meU/4ZtUSOuejPP/w1RqJ9iP1VwAAAAAQUIPAAAAAACRcDOMvESo6ZPpAHPCd1DM

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

holytrinitybroomfield.com
i.imgur.com
holytrinitybroomfield.com
151.101.120.193
45.60.97.130
09dec7f4c4642e0bb5f42204dbe72ed7b33ce0e1995a1a50515a031e16a6db44
3be4f2cc52a81fab97197456352a0f36258e60bb473eb327b4eaa8eef9cdbd87
4595b9461541167468a3058c80d46bfa3148377c260c09a9eacce443c248ab4c
75635bc6ead6ffe5bd3694a121a105a3f57791548cda129589cbe3d76fe8e950
ae0409fbf064a55397eb464ef0aa44b913f2fda3929630d7bc4a8a7db5c6d907
d2f3e642df0b6c754c71f80502056d952f874ef92da84205a158c21c012f616d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee3b7fffe5559bf77c1df536161f5d51b51404860edb0c771ba4327e5c8f445a

holytrinitybroomfield.com Open in urlscan Pro 45.60.97.130 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

11 Requests

91 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

118 kBTransfer

328 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

2 Cookies

Indicators

holytrinitybroomfield.com Open in urlscan Pro
45.60.97.130 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

91 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

118 kB
Transfer

328 kB
Size

2
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!