www.franklintextile.com Open in urlscan Pro
192.185.26.7 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.franklintextile.com/wp-includes/ID3/hotmail/
Submission: On November 07 via automatic, source openphish (November 7th 2017, 4:59:47 pm UTC)

Summary HTTP 17 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 17 HTTP transactions. The main IP is 192.185.26.7, located in Houston, United States and belongs to CYRUSONE - CyrusOne LLC, US. The main domain is www.franklintextile.com.

This is the only time www.franklintextile.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

	IP Address	AS Autonomous System
5 19	192.185.26.7 192.185.26.7	20013 (CYRUSONE) (CYRUSONE - CyrusOne LLC)
3	2a02:26f0:122... 2a02:26f0:122:394::34ef	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
17	2

19 192.185.26.7 (Houston, United States) 5 redirects

ASN20013 (CYRUSONE - CyrusOne LLC, US)
PTR: 192-185-26-7.unifiedlayer.com

www.franklintextile.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
franklintextile.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:122:394::34ef (European Union)

ASN20940 (AKAMAI-ASN1, US)

auth.gfx.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	franklintextile.com 5 redirects www.franklintextile.com franklintextile.com	69 KB
3	gfx.ms auth.gfx.ms
17	2

	Domain	Requested by
15	www.franklintextile.com	5 redirects www.franklintextile.com
4	franklintextile.com	www.franklintextile.com
3	auth.gfx.ms	www.franklintextile.com
17	3

This site contains links to these domains. Also see Links.

Domain
go.microsoft.com
account.live.com
signup.live.com
login.live.com

Subject Issuer	Validity	Valid
msagfx.live.com Microsoft IT TLS CA 4	`2017-07-27` - `2019-07-17`	2 years	crt.sh

This page contains 3 frames:

Primary Page: http://www.franklintextile.com/wp-includes/ID3/hotmail/
Frame ID: 14955.1
Requests: 7 HTTP requests in this frame

Frame: http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm
Frame ID: 14955.2
Requests: 7 HTTP requests in this frame

Frame: http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US.htm
Frame ID: 14955.3
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.franklintextile.com/wp-includes/ID3/hotmail HTTP 301
http://www.franklintextile.com/wp-includes/ID3/hotmail/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

17
Requests

18 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

67 kB
Transfer

108 kB
Size

1
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: http://go.microsoft.com/fwlink/?LinkID=254486
Title: What's this?

Search URL Search Domain Scan URL

URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3fwa%3dwsignin1.0%26rpsnv%3d11%26ct%3d1370934950%26rver%3d6.1.6206.0%26wp%3dMBI%26wreply%3dhttp:%252F%252Fmail.live.com%252Fdefault.aspx%26id%3d64855%26cbcxt%3dmai%26snsc%3d1%26vv%3d1450%26mkt%3dEN-US%26lc%3d1033&id=64855&uiflavor=web&mkt=EN-US&lc=1033&bk=1370934995
Title: Can't access your account?

Search URL Search Domain Scan URL

URL: https://signup.live.com/?wa=wsignin1.0&rpsnv=11&ct=1370934950&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855&cbcxt=mai&snsc=1&bk=1370934995&uiflavor=web&mkt=EN-US&lc=1033
Title: Sign up now

Search URL Search Domain Scan URL

URL: http://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&mkt=EN-US&vv=1450
Title: Terms

Search URL Search Domain Scan URL

URL: http://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=EN-US&vv=1450
Title: Privacy & Cookies

Search URL Search Domain Scan URL

URL: http://login.live.com/gls.srf?urlID=WLHelpCentral&mkt=EN-US&vv=1450
Title: Help Center

Search URL Search Domain Scan URL

URL: http://login.live.com/gls.srf?urlID=WLFeedback&mkt=EN-US&vv=1450
Title: Feedback

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.franklintextile.com/wp-includes/ID3/hotmail HTTP 301
http://www.franklintextile.com/wp-includes/ID3/hotmail/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://www.franklintextile.com/wp-includes/ID3/hotmail/files/Login_Strings_JS1033.js HTTP 301
http://franklintextile.com/wp-includes/ID3/hotmail/files/Login_Strings_JS1033.js

Request Chain 2

http://www.franklintextile.com/wp-includes/ID3/hotmail/files/Login_Core.js HTTP 301
http://franklintextile.com/wp-includes/ID3/hotmail/files/Login_Core.js

Request Chain 11

http://www.franklintextile.com/wp-includes/ID3/hotmail/files/mbox.js HTTP 301
http://franklintextile.com/wp-includes/ID3/hotmail/files/mbox.js

Request Chain 14

http://www.franklintextile.com/wp-includes/ID3/hotmail/files/bk-coretag.js HTTP 301
http://franklintextile.com/wp-includes/ID3/hotmail/files/bk-coretag.js

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response www.franklintextile.com/wp-includes/ID3/hotmail/ Redirect Chain http://www.franklintextile.com/wp-includes/ID3/hotmail http://www.franklintextile.com/wp-includes/ID3/hotmail/	16 KB 5 KB	124ms 123ms	Document text/html	192.185.26.7 CyrusOne LLC
General Check archive.org Show headers Download Go to Full URL http://www.franklintextile.com/wp-includes/ID3/hotmail/ Protocol HTTP/1.1 Server 192.185.26.7 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS 192-185-26-7.unifiedlayer.com Software nginx/1.12.2 / Resource Hash `f1f4a19b8846a5e1fa4f14d94370c9f1fd312d5748c9e46c00f32303c88bf8cb` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.franklintextile.com Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Cache-Control no-cache Connection keep-alive User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 07 Nov 2017 16:59:33 GMT Content-Encoding gzip Last-Modified Mon, 21 Jul 2014 21:29:42 GMT Server nginx/1.12.2 Connection keep-alive Transfer-Encoding chunked Content-Type text/html Redirect headers Location http://www.franklintextile.com/wp-includes/ID3/hotmail/ Date Tue, 07 Nov 2017 16:59:32 GMT Server nginx/1.12.2 Connection keep-alive Content-Length 336 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	R3WinLive1033.css www.franklintextile.com/wp-includes/ID3/hotmail/files/	32 KB 8 KB	122ms 122ms	Stylesheet text/css	192.185.26.7 CyrusOne LLC
General Check archive.org Show headers Download Go to Full URL http://www.franklintextile.com/wp-includes/ID3/hotmail/files/R3WinLive1033.css Requested by Host: www.franklintextile.com URL: http://www.franklintextile.com/wp-includes/ID3/hotmail/ Protocol HTTP/1.1 Server 192.185.26.7 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS 192-185-26-7.unifiedlayer.com Software nginx/1.12.2 / Resource Hash `1f73b5c4310620c8c8e984a5dd058b0fab0e7042c4114f3baefd2cbc35d4e1af` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.franklintextile.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept text/css,/;q=0.1 Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/ Connection keep-alive Cache-Control no-cache Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 07 Nov 2017 16:59:33 GMT Content-Encoding gzip Last-Modified Mon, 21 Jul 2014 21:29:42 GMT Server nginx/1.12.2 Connection keep-alive Transfer-Encoding chunked Content-Type text/css
GET H/1.1	404 Not Found	Cookie set Login_Strings_JS1033.js franklintextile.com/wp-includes/ID3/hotmail/files/ Redirect Chain http://www.franklintextile.com/wp-includes/ID3/hotmail/files/Login_Strings_JS1033.js http://franklintextile.com/wp-includes/ID3/hotmail/files/Login_Strings_JS1033.js	0 0	734ms 614ms	Script text/html	192.185.26.7 CyrusOne LLC
General Check archive.org Show headers Download Go to Full URL http://franklintextile.com/wp-includes/ID3/hotmail/files/Login_Strings_JS1033.js Requested by Host: www.franklintextile.com URL: http://www.franklintextile.com/wp-includes/ID3/hotmail/ Protocol HTTP/1.1 Server 192.185.26.7 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS 192-185-26-7.unifiedlayer.com Software nginx/1.12.2 / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host franklintextile.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept / Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/ Connection keep-alive Cache-Control no-cache Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Pragma no-cache Date Tue, 07 Nov 2017 16:59:34 GMT Content-Encoding gzip Server nginx/1.12.2 X-Pingback http://franklintextile.com/xmlrpc.php Connection keep-alive Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Transfer-Encoding chunked Set-Cookie PHPSESSID=8e41c99dc6903369e9af1727ac6567c0; path=/ Expires Wed, 11 Jan 1984 05:00:00 GMT Redirect headers Pragma no-cache Date Tue, 07 Nov 2017 16:59:33 GMT Server nginx/1.12.2 X-Pingback http://franklintextile.com/xmlrpc.php Connection keep-alive Content-Type text/html; charset=UTF-8 Location http://franklintextile.com/wp-includes/ID3/hotmail/files/Login_Strings_JS1033.js Cache-Control no-cache, must-revalidate, max-age=0 Set-Cookie PHPSESSID=ac1e97219c147efa88021d2203d19eda; path=/ Content-Length 0 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	Cookie set Login_Core.js franklintextile.com/wp-includes/ID3/hotmail/files/ Redirect Chain http://www.franklintextile.com/wp-includes/ID3/hotmail/files/Login_Core.js http://franklintextile.com/wp-includes/ID3/hotmail/files/Login_Core.js	0 0	857ms 738ms	Script text/html	192.185.26.7 CyrusOne LLC
General Check archive.org Show headers Download Go to Full URL http://franklintextile.com/wp-includes/ID3/hotmail/files/Login_Core.js Requested by Host: www.franklintextile.com URL: http://www.franklintextile.com/wp-includes/ID3/hotmail/ Protocol HTTP/1.1 Server 192.185.26.7 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS 192-185-26-7.unifiedlayer.com Software nginx/1.12.2 / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host franklintextile.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept / Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/ Connection keep-alive Cache-Control no-cache Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Pragma no-cache Date Tue, 07 Nov 2017 16:59:34 GMT Content-Encoding gzip Server nginx/1.12.2 X-Pingback http://franklintextile.com/xmlrpc.php Connection keep-alive Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Transfer-Encoding chunked Set-Cookie PHPSESSID=2cfbf08da2db01b1498d3468256fb3da; path=/ Expires Wed, 11 Jan 1984 05:00:00 GMT Redirect headers Pragma no-cache Date Tue, 07 Nov 2017 16:59:33 GMT Server nginx/1.12.2 X-Pingback http://franklintextile.com/xmlrpc.php Connection keep-alive Content-Type text/html; charset=UTF-8 Location http://franklintextile.com/wp-includes/ID3/hotmail/files/Login_Core.js Cache-Control no-cache, must-revalidate, max-age=0 Set-Cookie PHPSESSID=15458dced42e56ed62674b7235aa682d; path=/ Content-Length 0 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	Login_Strings_JS1033.js auth.gfx.ms/14.500.21741.00/	0 0	404ms 386ms	Script text/plain	2a02:26f0:122:394::34ef AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://auth.gfx.ms/14.500.21741.00/Login_Strings_JS1033.js Requested by Host: www.franklintextile.com URL: http://www.franklintextile.com/wp-includes/ID3/hotmail/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:122:394::34ef , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Microsoft-IIS/8.5 / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host auth.gfx.ms User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Accept / Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/ Connection keep-alive Cache-Control no-cache Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers Access-Control-Allow-Origin * Date Tue, 07 Nov 2017 16:59:35 GMT PPServer PPV: 30 H: BL2IDSPRTS1C003 V: 0 Connection keep-alive Content-Length 0 Server Microsoft-IIS/8.5
GET H/1.1	404 Not Found	Login_Core.js auth.gfx.ms/14.500.21741.00/	0 0	412ms 395ms	Script text/plain	2a02:26f0:122:394::34ef AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://auth.gfx.ms/14.500.21741.00/Login_Core.js Requested by Host: www.franklintextile.com URL: http://www.franklintextile.com/wp-includes/ID3/hotmail/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:122:394::34ef , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Microsoft-IIS/8.5 / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host auth.gfx.ms User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Accept / Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/ Connection keep-alive Cache-Control no-cache Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers Access-Control-Allow-Origin * Date Tue, 07 Nov 2017 16:59:35 GMT PPServer PPV: 30 H: BL2IDSPRTS1A002 V: 0 Connection keep-alive Content-Length 0 Server Microsoft-IIS/8.5
GET H/1.1	200 OK	EN-US(1).htm Show response www.franklintextile.com/wp-includes/ID3/hotmail/files/ Frame 1495	2 KB 1 KB	140ms 140ms	Document text/html	192.185.26.7 CyrusOne LLC
General Check archive.org Show headers Download Go to Full URL http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm Requested by Host: www.franklintextile.com URL: http://www.franklintextile.com/wp-includes/ID3/hotmail/ Protocol HTTP/1.1 Server 192.185.26.7 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS 192-185-26-7.unifiedlayer.com Software nginx/1.12.2 / Resource Hash `b33dc43b2da625ef57a5d5c99ba9e12a1edbd3df40397eb05b67e4b7bc987cff` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.franklintextile.com Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/ Cookie PHPSESSID=ac1e97219c147efa88021d2203d19eda Connection keep-alive Cache-Control no-cache Upgrade-Insecure-Requests 1 Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 07 Nov 2017 16:59:35 GMT Content-Encoding gzip Last-Modified Mon, 21 Jul 2014 21:29:42 GMT Server nginx/1.12.2 Connection keep-alive Transfer-Encoding chunked Content-Type text/html
GET H/1.1	200 OK	EN-US.htm Show response www.franklintextile.com/wp-includes/ID3/hotmail/files/ Frame 1495	627 B 466 B	123ms 123ms	Document text/html	192.185.26.7 CyrusOne LLC
General Check archive.org Show headers Download Go to Full URL http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US.htm Requested by Host: www.franklintextile.com URL: http://www.franklintextile.com/wp-includes/ID3/hotmail/ Protocol HTTP/1.1 Server 192.185.26.7 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS 192-185-26-7.unifiedlayer.com Software nginx/1.12.2 / Resource Hash `1d2216be7e7f5ec07ae65fc21adc3b3e6011cc0c494df1a972f4d16735478f4d` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.franklintextile.com Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/ Cookie PHPSESSID=ac1e97219c147efa88021d2203d19eda Connection keep-alive Cache-Control no-cache Upgrade-Insecure-Requests 1 Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 07 Nov 2017 16:59:35 GMT Content-Encoding gzip Last-Modified Mon, 21 Jul 2014 21:29:42 GMT Server nginx/1.12.2 Connection keep-alive Transfer-Encoding chunked Content-Type text/html
GET H/1.1	404 Not Found	controls.png auth.gfx.ms/14.500.21741.00/	0 0	109ms 108ms	Image text/plain	2a02:26f0:122:394::34ef AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://auth.gfx.ms/14.500.21741.00/controls.png Requested by Host: www.franklintextile.com URL: http://www.franklintextile.com/wp-includes/ID3/hotmail/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:122:394::34ef , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Microsoft-IIS/8.5 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host auth.gfx.ms User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://www.franklintextile.com/wp-includes/ID3/hotmail/ Connection keep-alive Cache-Control no-cache Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Tue, 07 Nov 2017 16:59:35 GMT PPServer PPV: 30 H: BL2IDSPRTS1A002 V: 0 Connection keep-alive Content-Length 0 Server Microsoft-IIS/8.5
GET H/1.1	200 OK	header.css www.franklintextile.com/wp-includes/ID3/hotmail/files/ Frame 1495	195 B 164 B	123ms 122ms	Stylesheet text/css	192.185.26.7 CyrusOne LLC
General Check archive.org Show headers Download Go to Full URL http://www.franklintextile.com/wp-includes/ID3/hotmail/files/header.css Requested by Host: www.franklintextile.com URL: http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US.htm Protocol HTTP/1.1 Server 192.185.26.7 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS 192-185-26-7.unifiedlayer.com Software nginx/1.12.2 / Resource Hash `caf380f27bcda4b7d549bf77b61fc62399998f8d13d534cc9c1446c14743cd6e` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.franklintextile.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept text/css,/;q=0.1 Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US.htm Cookie PHPSESSID=ac1e97219c147efa88021d2203d19eda Connection keep-alive Cache-Control no-cache Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 07 Nov 2017 16:59:35 GMT Content-Encoding gzip Last-Modified Mon, 21 Jul 2014 21:29:42 GMT Server nginx/1.12.2 Connection keep-alive Transfer-Encoding chunked Content-Type text/css
GET H/1.1	200 OK	logo_mail.png www.franklintextile.com/wp-includes/ID3/hotmail/files/ Frame 1495	5 KB 5 KB	121ms 121ms	Image image/png	192.185.26.7 CyrusOne LLC
General Check archive.org Show headers Download Go to Show image Full URL http://www.franklintextile.com/wp-includes/ID3/hotmail/files/logo_mail.png Requested by Host: www.franklintextile.com URL: http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US.htm Protocol HTTP/1.1 Server 192.185.26.7 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS 192-185-26-7.unifiedlayer.com Software nginx/1.12.2 / Resource Hash `6b1af85883b2ab64690488468bf9fb0699b82e0b8c3239129847e726bcd79c1b` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.franklintextile.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US.htm Cookie PHPSESSID=ac1e97219c147efa88021d2203d19eda Connection keep-alive Cache-Control no-cache Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 07 Nov 2017 16:59:35 GMT Last-Modified Mon, 21 Jul 2014 21:29:42 GMT Server nginx/1.12.2 Connection keep-alive Accept-Ranges bytes Content-Length 5104 Content-Type image/png
GET H/1.1	200 OK	style.css www.franklintextile.com/wp-includes/ID3/hotmail/files/ Frame 1495	5 KB 1 KB	123ms 122ms	Stylesheet text/css	192.185.26.7 CyrusOne LLC
General Check archive.org Show headers Download Go to Full URL http://www.franklintextile.com/wp-includes/ID3/hotmail/files/style.css Requested by Host: www.franklintextile.com URL: http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm Protocol HTTP/1.1 Server 192.185.26.7 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS 192-185-26-7.unifiedlayer.com Software nginx/1.12.2 / Resource Hash `0a5318c07463a5ca8220492266cb43a459fd33514fbd77f3bc81bc86ca981563` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.franklintextile.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept text/css,/;q=0.1 Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm Cookie PHPSESSID=ac1e97219c147efa88021d2203d19eda Connection keep-alive Cache-Control no-cache Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 07 Nov 2017 16:59:35 GMT Content-Encoding gzip Last-Modified Mon, 21 Jul 2014 21:29:42 GMT Server nginx/1.12.2 Connection keep-alive Transfer-Encoding chunked Content-Type text/css
GET H/1.1	404 Not Found	mbox.js franklintextile.com/wp-includes/ID3/hotmail/files/ Frame 1495 Redirect Chain http://www.franklintextile.com/wp-includes/ID3/hotmail/files/mbox.js http://franklintextile.com/wp-includes/ID3/hotmail/files/mbox.js	0 0	740ms 621ms	Script text/html	192.185.26.7 CyrusOne LLC
General Check archive.org Show headers Download Go to Full URL http://franklintextile.com/wp-includes/ID3/hotmail/files/mbox.js Requested by Host: www.franklintextile.com URL: http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm Protocol HTTP/1.1 Server 192.185.26.7 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS 192-185-26-7.unifiedlayer.com Software nginx/1.12.2 / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host franklintextile.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept / Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm Cookie PHPSESSID=2cfbf08da2db01b1498d3468256fb3da Connection keep-alive Cache-Control no-cache Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Pragma no-cache Date Tue, 07 Nov 2017 16:59:36 GMT Content-Encoding gzip Server nginx/1.12.2 X-Pingback http://franklintextile.com/xmlrpc.php Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Transfer-Encoding chunked Connection keep-alive Expires Wed, 11 Jan 1984 05:00:00 GMT Redirect headers Pragma no-cache Date Tue, 07 Nov 2017 16:59:36 GMT Server nginx/1.12.2 X-Pingback http://franklintextile.com/xmlrpc.php Content-Type text/html; charset=UTF-8 Location http://franklintextile.com/wp-includes/ID3/hotmail/files/mbox.js Cache-Control no-cache, must-revalidate, max-age=0 Connection keep-alive Content-Length 0 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	200 OK	sdrive_ls2_475x340.jpg www.franklintextile.com/wp-includes/ID3/hotmail/files/ Frame 1495	44 KB 44 KB	261ms 138ms	Image image/jpeg	192.185.26.7 CyrusOne LLC
General Check archive.org Show headers Download Go to Show image Full URL http://www.franklintextile.com/wp-includes/ID3/hotmail/files/sdrive_ls2_475x340.jpg Requested by Host: www.franklintextile.com URL: http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm Protocol HTTP/1.1 Server 192.185.26.7 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS 192-185-26-7.unifiedlayer.com Software nginx/1.12.2 / Resource Hash `e5725977305eded096803d9d226a7fd786ae439f7490e7e923519d88ce58a41b` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.franklintextile.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm Cookie PHPSESSID=ac1e97219c147efa88021d2203d19eda Connection keep-alive Cache-Control no-cache Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 07 Nov 2017 16:59:35 GMT Last-Modified Mon, 21 Jul 2014 21:29:42 GMT Server nginx/1.12.2 Connection keep-alive Accept-Ranges bytes Content-Length 44896 Content-Type image/jpeg
GET H/1.1	200 OK	style_win8.css www.franklintextile.com/wp-includes/ID3/hotmail/files/ Frame 1495	2 KB 464 B	226ms 121ms	Stylesheet text/css	192.185.26.7 CyrusOne LLC
General Check archive.org Show headers Download Go to Full URL http://www.franklintextile.com/wp-includes/ID3/hotmail/files/style_win8.css Requested by Host: www.franklintextile.com URL: http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm Protocol HTTP/1.1 Server 192.185.26.7 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS 192-185-26-7.unifiedlayer.com Software nginx/1.12.2 / Resource Hash `1201c9e70331fab3bfeaae83d453b392f35eeccc008f0674c30b74492e9b1fa0` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.franklintextile.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept text/css,/;q=0.1 Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm Cookie PHPSESSID=ac1e97219c147efa88021d2203d19eda Connection keep-alive Cache-Control no-cache Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 07 Nov 2017 16:59:35 GMT Content-Encoding gzip Last-Modified Mon, 21 Jul 2014 21:29:42 GMT Server nginx/1.12.2 Connection keep-alive Transfer-Encoding chunked Content-Type text/css
GET H/1.1	404 Not Found	bk-coretag.js franklintextile.com/wp-includes/ID3/hotmail/files/ Frame 1495 Redirect Chain http://www.franklintextile.com/wp-includes/ID3/hotmail/files/bk-coretag.js http://franklintextile.com/wp-includes/ID3/hotmail/files/bk-coretag.js	0 0	736ms 591ms	Script text/html	192.185.26.7 CyrusOne LLC
General Check archive.org Show headers Download Go to Full URL http://franklintextile.com/wp-includes/ID3/hotmail/files/bk-coretag.js Requested by Host: www.franklintextile.com URL: http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm Protocol HTTP/1.1 Server 192.185.26.7 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS 192-185-26-7.unifiedlayer.com Software nginx/1.12.2 / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host franklintextile.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept / Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm Cookie PHPSESSID=2cfbf08da2db01b1498d3468256fb3da Connection keep-alive Cache-Control no-cache Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Pragma no-cache Date Tue, 07 Nov 2017 16:59:36 GMT Content-Encoding gzip Server nginx/1.12.2 X-Pingback http://franklintextile.com/xmlrpc.php Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Transfer-Encoding chunked Connection keep-alive Expires Wed, 11 Jan 1984 05:00:00 GMT Redirect headers Pragma no-cache Date Tue, 07 Nov 2017 16:59:36 GMT Server nginx/1.12.2 X-Pingback http://franklintextile.com/xmlrpc.php Content-Type text/html; charset=UTF-8 Location http://franklintextile.com/wp-includes/ID3/hotmail/files/bk-coretag.js Cache-Control no-cache, must-revalidate, max-age=0 Connection keep-alive Content-Length 0 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	200 OK	standard Show response www.franklintextile.com/wp-includes/ID3/hotmail/files/ Frame 1495	2 KB 955 B	150ms 134ms	Script text/plain	192.185.26.7 CyrusOne LLC
General Check archive.org Show headers Download Go to Full URL http://www.franklintextile.com/wp-includes/ID3/hotmail/files/standard Requested by Host: www.franklintextile.com URL: http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm Protocol HTTP/1.1 Server 192.185.26.7 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS 192-185-26-7.unifiedlayer.com Software nginx/1.12.2 / Resource Hash `fb77cb2ac0c0d46608ffc0ec98440b227557ec2e3f2fe6056342652b3047054b` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.franklintextile.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept / Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm Cookie PHPSESSID=ac1e97219c147efa88021d2203d19eda Connection keep-alive Cache-Control no-cache Referer http://www.franklintextile.com/wp-includes/ID3/hotmail/files/EN-US(1).htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 07 Nov 2017 16:59:35 GMT Content-Encoding gzip Last-Modified Mon, 21 Jul 2014 21:29:42 GMT Server nginx/1.12.2 Connection keep-alive Transfer-Encoding chunked Content-Type text/plain

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.franklintextile.com/	1970-01-01 00:00:00	Name: PHPSESSID Value: ac1e97219c147efa88021d2203d19eda

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.gfx.ms
franklintextile.com
www.franklintextile.com
192.185.26.7
2a02:26f0:122:394::34ef
0a5318c07463a5ca8220492266cb43a459fd33514fbd77f3bc81bc86ca981563
1201c9e70331fab3bfeaae83d453b392f35eeccc008f0674c30b74492e9b1fa0
1d2216be7e7f5ec07ae65fc21adc3b3e6011cc0c494df1a972f4d16735478f4d
1f73b5c4310620c8c8e984a5dd058b0fab0e7042c4114f3baefd2cbc35d4e1af
6b1af85883b2ab64690488468bf9fb0699b82e0b8c3239129847e726bcd79c1b
b33dc43b2da625ef57a5d5c99ba9e12a1edbd3df40397eb05b67e4b7bc987cff
caf380f27bcda4b7d549bf77b61fc62399998f8d13d534cc9c1446c14743cd6e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5725977305eded096803d9d226a7fd786ae439f7490e7e923519d88ce58a41b
f1f4a19b8846a5e1fa4f14d94370c9f1fd312d5748c9e46c00f32303c88bf8cb
fb77cb2ac0c0d46608ffc0ec98440b227557ec2e3f2fe6056342652b3047054b

www.franklintextile.com Open in urlscan Pro 192.185.26.7 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

18 %HTTPS

50 %IPv6

2 Domains

3 Subdomains

2 IPs

2 Countries

67 kBTransfer

108 kBSize

1 Cookies

7 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

www.franklintextile.com Open in urlscan Pro
192.185.26.7 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

18 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

67 kB
Transfer

108 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!