affordabletowing-ga.com
Open in
urlscan Pro
192.254.224.60
Malicious Activity!
Public Scan
Effective URL: http://affordabletowing-ga.com/subscribe/communicatie/images/office/login.php?cmd=login_submit&id=e5144877047a1fb6d8defbdcee600...
Submission: On July 30 via manual from US
Summary
This is the only time affordabletowing-ga.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2a02:4780:dea... 2a02:4780:dead:685a::1 | 204915 (AWEX) (AWEX) | |
1 5 | 192.254.224.60 192.254.224.60 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
1 | 2a02:26f0:6c0... 2a02:26f0:6c00:29f::34ef | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a01:7c8:aab9... 2a01:7c8:aab9:4f0::1 | 20857 (TRANSIP-A...) (TRANSIP-AS Amsterdam) | |
1 | 104.20.14.105 104.20.14.105 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
7 | 4 |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
affordabletowing-ga.com |
ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL)
static.afbeeldinguploaden.nl |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
image.prntscr.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
affordabletowing-ga.com
1 redirects
affordabletowing-ga.com |
298 KB |
1 |
prntscr.com
image.prntscr.com |
2 KB |
1 |
afbeeldinguploaden.nl
static.afbeeldinguploaden.nl |
1 KB |
1 |
gfx.ms
auth.gfx.ms |
17 KB |
1 |
000webhostapp.com
1 redirects
dskkyd6sfamsh.000webhostapp.com |
214 B |
7 | 5 |
Domain | Requested by | |
---|---|---|
5 | affordabletowing-ga.com |
1 redirects
affordabletowing-ga.com
|
1 | image.prntscr.com |
affordabletowing-ga.com
|
1 | static.afbeeldinguploaden.nl |
affordabletowing-ga.com
|
1 | auth.gfx.ms |
affordabletowing-ga.com
|
1 | dskkyd6sfamsh.000webhostapp.com | 1 redirects |
7 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://affordabletowing-ga.com/subscribe/communicatie/images/office/login.php?cmd=login_submit&id=e5144877047a1fb6d8defbdcee600c4de5144877047a1fb6d8defbdcee600c4d&session=e5144877047a1fb6d8defbdcee600c4de5144877047a1fb6d8defbdcee600c4d
Frame ID: 6A42D892EE6E8C425E6921C915BA8CAE
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://dskkyd6sfamsh.000webhostapp.com/
HTTP 302
http://affordabletowing-ga.com/subscribe/communicatie/images/office/index.php HTTP 302
http://affordabletowing-ga.com/subscribe/communicatie/images/office/login.php?cmd=login_submit&id=e51448770... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://dskkyd6sfamsh.000webhostapp.com/
HTTP 302
http://affordabletowing-ga.com/subscribe/communicatie/images/office/index.php HTTP 302
http://affordabletowing-ga.com/subscribe/communicatie/images/office/login.php?cmd=login_submit&id=e5144877047a1fb6d8defbdcee600c4de5144877047a1fb6d8defbdcee600c4d&session=e5144877047a1fb6d8defbdcee600c4de5144877047a1fb6d8defbdcee600c4d Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
affordabletowing-ga.com/subscribe/communicatie/images/office/ Redirect Chain
|
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Converged1036.css
auth.gfx.ms/16.000.27457.501/ |
85 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
affordabletowing-ga.com/subscribe/communicatie/images/office/data_files/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pcd0TILb.png
static.afbeeldinguploaden.nl/1803/376435/ |
904 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
OHnQlgv3RI2NJHnv1105XQ.png
image.prntscr.com/image/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0.jpg
affordabletowing-ga.com/subscribe/communicatie/images/office/data_files/ |
291 KB 291 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0-small.jpg
affordabletowing-ga.com/subscribe/communicatie/images/office/data_files/ |
1 KB 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
affordabletowing-ga.com
auth.gfx.ms
dskkyd6sfamsh.000webhostapp.com
image.prntscr.com
static.afbeeldinguploaden.nl
104.20.14.105
192.254.224.60
2a01:7c8:aab9:4f0::1
2a02:26f0:6c00:29f::34ef
2a02:4780:dead:685a::1
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
2782785e2ccfed88af3ae6684aa77d11df58330c8a076f19df527e0b31e4f5ba
62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214
908d9c4a2baef54bc5f3e1a7aafd68382f1089e364bb555c96780ce51754b46b
abe50778c9b925748e3c84117544e4ec945b6e8a4ebca4da18147a9527fab5b0
c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b
c8038693683f16e4807875b42cb7219b55aaa274fad7abd581b53fb693db61a6