mylegalteamja.com
Open in
urlscan Pro
198.54.126.125
Malicious Activity!
Public Scan
Submitted URL: http://www.firstfertility.co.th/visitus/
Effective URL: https://mylegalteamja.com/ee/logins92dae136ae7b
Submission Tags: @ipnigh
Submission: On April 03 via api from GB
Effective URL: https://mylegalteamja.com/ee/logins92dae136ae7b
Submission Tags: @ipnigh
Submission: On April 03 via api from GB
Summary
This website contacted 3 IPs
in 3 countries
across 4 domains to perform 19 HTTP transactions.
The main IP is 198.54.126.125, located in
Los Angeles, United States and
belongs to NAMECHEAP-NET, US.
The main domain is mylegalteamja.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 20th 2020. Valid for: 2 years.
This is the only time mylegalteamja.com was scanned on urlscan.io!
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 20th 2020. Valid for: 2 years.
This is the only time mylegalteamja.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: EE (Telecommunication)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 2 | 203.170.129.18 203.170.129.18 | 9891 (CSLOX-IDC...) (CSLOX-IDC-AS-AP CS LOXINFO Public Company Limited.) | |
| 12 | 198.54.126.125 198.54.126.125 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:81a::200a | 15169 (GOOGLE) (GOOGLE) | |
| 19 | 3 |
2
203.170.129.18
(Thailand)
ASN9891 (CSLOX-IDC-AS-AP CS LOXINFO Public Company Limited., TH)
PTR: thsv18.hostatom.com
ASN9891 (CSLOX-IDC-AS-AP CS LOXINFO Public Company Limited., TH)
PTR: thsv18.hostatom.com
| www.firstfertility.co.th |
12
198.54.126.125
(Los Angeles, United States)
ASN22612 (NAMECHEAP-NET, US)
PTR: server123-3.web-hosting.com
ASN22612 (NAMECHEAP-NET, US)
PTR: server123-3.web-hosting.com
| mylegalteamja.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 12 |
mylegalteamja.com
mylegalteamja.com |
265 KB |
| 2 |
firstfertility.co.th
2 redirects
www.firstfertility.co.th |
459 B |
| 1 |
googleapis.com
ajax.googleapis.com |
30 KB |
| 0 |
Failed
function sub() { [native code] }. Failed |
|
| 19 | 4 |
| Domain | Requested by | |
|---|---|---|
| 12 | mylegalteamja.com |
mylegalteamja.com
|
| 2 | www.firstfertility.co.th | 2 redirects |
| 1 | ajax.googleapis.com |
mylegalteamja.com
|
| 0 | scrapbook Failed |
mylegalteamja.com
|
| 19 | 4 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| yourhomeaccount.orange.co.uk |
| accessories.ee.co.uk |
| community.ee.co.uk |
| newsroom.ee.co.uk |
| recycle.ee.co.uk |
| jobs.ee.co.uk |
| twitter.com |
| www.facebook.com |
| www.youtube.com |
| www.linkedin.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| mylegalteamja.com Sectigo RSA Domain Validation Secure Server CA |
2020-03-20 - 2022-03-23 |
2 years | crt.sh |
| *.storage.googleapis.com GTS CA 1O1 |
2020-03-03 - 2020-05-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://mylegalteamja.com/ee/logins92dae136ae7b
Frame ID: 647812B1A1B6EB76C3BB678C7E521D89
Requests: 19 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://www.firstfertility.co.th/visitus/
HTTP 301
https://www.firstfertility.co.th/visitus/ HTTP 302
https://mylegalteamja.com/ee/logins92dae136ae7b Page URL
Detected technologies
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
13 Outgoing links
These are links going to different origins than the main page.
URL: https://yourhomeaccount.orange.co.uk/
Title: My EE Broadband
Title: My EE Broadband
Search URL Search Domain Scan URL
URL: https://yourhomeaccount.orange.co.uk/b2cselfcare/b2c/your-bills
Title: Bills
Title: Bills
Search URL Search Domain Scan URL
URL: https://yourhomeaccount.orange.co.uk/b2cselfcare/b2c/makepayment
Title: Payments
Title: Payments
Search URL Search Domain Scan URL
URL: https://yourhomeaccount.orange.co.uk/b2cselfcare/b2c/viewaccountdetails
Title: Manage account
Title: Manage account
Search URL Search Domain Scan URL
URL: https://accessories.ee.co.uk/
Title: Accessories
Title: Accessories
Search URL Search Domain Scan URL
URL: https://community.ee.co.uk/
Title: EE Community
Title: EE Community
Search URL Search Domain Scan URL
URL: https://newsroom.ee.co.uk/
Title: Newsroom
Title: Newsroom
Search URL Search Domain Scan URL
URL: https://recycle.ee.co.uk/
Title: Trade In
Title: Trade In
Search URL Search Domain Scan URL
URL: https://jobs.ee.co.uk/
Title: Careers
Title: Careers
Search URL Search Domain Scan URL
URL: https://twitter.com/EE
Title: EE on Twitter
Title: EE on Twitter
Search URL Search Domain Scan URL
URL: http://www.facebook.com/ee
Title: EE on Facebook
Title: EE on Facebook
Search URL Search Domain Scan URL
URL: http://www.youtube.com/ee
Title: EE on YouTube
Title: EE on YouTube
Search URL Search Domain Scan URL
URL: http://www.linkedin.com/company/ee-uk
Title: EE on LinkedIn
Title: EE on LinkedIn
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.firstfertility.co.th/visitus/
HTTP 301
https://www.firstfertility.co.th/visitus/ HTTP 302
https://mylegalteamja.com/ee/logins92dae136ae7b Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
logins92dae136ae7b
mylegalteamja.com/ee/ Redirect Chain
|
150 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
font-awesome.min.css
mylegalteamja.com/ee/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.1e1767e.min.css
mylegalteamja.com/ee/ |
169 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login.1e1767e.min.css
mylegalteamja.com/ee/ |
150 KB 15 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clientlibs_myee.min.css
mylegalteamja.com/ee/ |
182 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clientlibs_meganav.min.css
mylegalteamja.com/ee/ |
72 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
spin.gif
mylegalteamja.com/ee/ |
11 KB 11 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
28.gif
mylegalteamja.com/ee/ |
43 KB 43 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
rubrik_regular.woff
scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
form-error.png
mylegalteamja.com/ee/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ee-icons.woff
mylegalteamja.com/ee/ |
47 KB 25 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
rubrik_semibold.woff
scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
nobblee_light.woff
mylegalteamja.com/ee/ |
32 KB 32 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
nobblee_regular.woff
mylegalteamja.com/ee/ |
47 KB 47 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
rubrik_light.woff
scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
fontsrubrik_regular.ttf
scrapbook:download:error:https://ee.uk.bill701.com/account/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
rubrik_semibold.ttf
scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
rubrik_light.ttf
scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- scrapbook
- URL
- urn:scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/rubrik_regular.woff
- Domain
- scrapbook
- URL
- urn:scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/rubrik_semibold.woff
- Domain
- scrapbook
- URL
- urn:scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/rubrik_light.woff
- Domain
- scrapbook
- URL
- urn:scrapbook:download:error:https://ee.uk.bill701.com/account/fontsrubrik_regular.ttf
- Domain
- scrapbook
- URL
- urn:scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/rubrik_semibold.ttf
- Domain
- scrapbook
- URL
- urn:scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/rubrik_light.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: EE (Telecommunication)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery object| a function| b function| j function| k function| m string| n function| o0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
mylegalteamja.com
scrapbook
www.firstfertility.co.th
scrapbook
198.54.126.125
203.170.129.18
2a00:1450:4001:81a::200a
0103c260b2bef6646967cc2f502793cba050f15e4f51c5ebb1acf66243042f7a
12e9d6354c0ab5a562d99d1184edb6ed8a68d9b759c0c603ce1b7b83aa0d7b6d
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
38d71efaddb28ca95081c6251060b2a8b3e52918e9973c18d0bdb5b8d6ae8004
59a88d64e191e0adfd848a14cd3be24ac3dbbc4c2d888bb20c6e768d7ae59514
59b889ed38cf85192f0911e4b5f492fc21319e1daa3350c27db90b33aa01483f
8d191ce84f73c45404d4064d7ecd95b774cd19dc011082cec404f93b791dd81c
95e7c3f67f71662cbc0eecc434cf763d56e39efa455089c895ac633ac63a894f
a2b35cb11e44fb935099d43e70a5a61c3e4af9769b48c3ff27778c359052ab78
a68db4b2f9124c363603ae9b19631468c8c0b006b5ae1223d2772b26874c776e
da4cc80a79084aaf4e6edd60228913b0244dec63332d25b36c076632619b19ed
dc75908d189d63652a5b6dae39cab3ab35e743bf422eb557bc74ab4b06eb1c1b