morganrichter.com Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://friedman.klorenz.com/0LVQWO6I6DGM2JIJQIEY3E0FF33QNN7S6HT.wr8FSXRH7iXfbIsXTQoZtq0oSiIDn81ui4JGL6RQ?C3nvKqcbbbcsqjD1ccm...
Effective URL:
https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub...
Submission: On June 20 via manual (June 20th 2022, 1:25:11 am UTC) from FR — Scanned from FR

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 5 domains to perform 14 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is morganrichter.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 12th 2022. Valid for: a year.

This is the only time morganrichter.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Tracking (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	194.135.23.246 194.135.23.246	400377 (AS-DC) (AS-DC)
1 1	185.142.27.12 185.142.27.12	61317 (ASDETUK w...) (ASDETUK www.heficed.com)
1 1	34.117.79.165 34.117.79.165	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 10	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:303... 2606:4700:3037::6815:4392	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	3

1 194.135.23.246 (Frankfurt am Main, Germany) 1 redirects

ASN400377 (AS-DC, US)

friedman.klorenz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.142.27.12 (Frankfurt am Main, Germany) 1 redirects

ASN61317 (ASDETUK www.heficed.com, GB)

www.affordableserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.79.165 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 165.79.117.34.bc.googleusercontent.com

www.lpredirect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

morganrichter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3037::6815:4392 (United States)

ASN13335 (CLOUDFLARENET, US)

virtualpushplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	morganrichter.com 1 redirects morganrichter.com	721 KB
4	virtualpushplatform.com virtualpushplatform.com — Cisco Umbrella Rank: 247557	7 KB
1	lpredirect.com 1 redirects www.lpredirect.com — Cisco Umbrella Rank: 535553	494 B
1	affordableserve.com 1 redirects www.affordableserve.com — Cisco Umbrella Rank: 370977	580 B
1	klorenz.com 1 redirects friedman.klorenz.com	279 B
14	5

	Domain	Requested by
10	morganrichter.com	1 redirects morganrichter.com
4	virtualpushplatform.com	morganrichter.com virtualpushplatform.com
1	www.lpredirect.com	1 redirects
1	www.affordableserve.com	1 redirects
1	friedman.klorenz.com	1 redirects
14	5

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-12` - `2023-05-11`	a year	crt.sh
*.virtualpushplatform.com E1	`2022-04-25` - `2022-07-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1
Frame ID: 8528F014A6577D582AF9F8057E2BBCF2
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

(1) Notification

Page URL History Show full URLs

http://friedman.klorenz.com/0LVQWO6I6DGM2JIJQIEY3E0FF33QNN7S6HT.wr8FSXRH7iXfbIsXTQoZtq0oSiIDn81ui4JGL6RQ... HTTP 302
https://www.affordableserve.com/4ms7wlg/w5jqz63/?sub1=35_166285_2629631&sub2=278_1392459_3689541_11&sub3=484... HTTP 302
https://www.lpredirect.com/24QSBG/BL18NW5/?source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc HTTP 302
https://morganrichter.com/QW039FO9QE/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e... HTTP 302
https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&s... Page URL

Detected technologies

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

Page Statistics

14
Requests

93 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

3
IPs

2
Countries

728 kB
Transfer

813 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://friedman.klorenz.com/0LVQWO6I6DGM2JIJQIEY3E0FF33QNN7S6HT.wr8FSXRH7iXfbIsXTQoZtq0oSiIDn81ui4JGL6RQ?C3nvKqcbbbcsqjD1ccmTYfcxH4QcGchxcpc5q3Jdm4Ncbbb4Q HTTP 302
https://www.affordableserve.com/4ms7wlg/w5jqz63/?sub1=35_166285_2629631&sub2=278_1392459_3689541_11&sub3=484271914 HTTP 302
https://www.lpredirect.com/24QSBG/BL18NW5/?source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc HTTP 302
https://morganrichter.com/QW039FO9QE/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 HTTP 302
https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response morganrichter.com/ Redirect Chain http://friedman.klorenz.com/0LVQWO6I6DGM2JIJQIEY3E0FF33QNN7S6HT.wr8FSXRH7iXfbIsXTQoZtq0oSiIDn81ui4JGL6RQ?C3nvKqcbbbcsqjD1ccmTYfcxH4QcGchxcpc5q3Jdm4Ncbbb4Q https://www.affordableserve.com/4ms7wlg/w5jqz63/?sub1=35_166285_2629631&sub2=278_1392459_3689541_11&sub3=484271914 https://www.lpredirect.com/24QSBG/BL18NW5/?source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc https://morganrichter.com/QW039FO9QE/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1	13 KB 3 KB	80ms 77ms	Document text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9726213f0045155834d24d4055ea37d4c48cef62aa5fe78f78df6d38a248a378` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 71e0b565ed90cda7-CDG content-encoding br content-type text/html date Mon, 20 Jun 2022 01:25:05 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" last-modified Tue, 14 Jun 2022 08:47:25 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R1G0Ov3cNcP0OORm376JzD%2F5h4bkP%2FlC4HF6GWjpdx8JQ9m%2FNFp%2F3qymVUsK7i59PLUgDEQsXl6mDh0qLUDSro7ESKz76QazyxJHdmlcWjmoEyt1Beq%2B%2B4Zp%2BPOt2FWzDBbDHgmBYFNrJwPin98lzg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 71e0b5657d6ccda7-CDG content-type text/html date Mon, 20 Jun 2022 01:25:05 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" location https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mSnK6ZkBzNEkcuOk97Lm3WuVv2bdIcpbDJJ6tUvLdFldSspAffMSCpJS1TqCboWGPm06sjbvgZdYMSF4lKv3XZRbRQ2xuBp%2BpJj7RG5KO2%2B%2BjcmnzFAfEtl696mf%2B2B%2F6Fzo%2FdyGZMEhsYs3rQYQgw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H3	200	style.css morganrichter.com/css/	10 KB 3 KB	87ms 87ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://morganrichter.com/css/style.css Requested by Host: morganrichter.com URL: https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d7d5bb9b629ed5ae56bc7554e970e42f083729f8ecf961a772828a067baa2bd0` Request headers accept-language fr-FR,fr;q=0.9 Referer https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 01:25:05 GMT content-encoding br cf-cache-status DYNAMIC last-modified Wed, 01 Jun 2022 08:35:46 GMT server cloudflare etag W/"3327056869" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QAGaMQpkkdk1b98XmXKeqJSTupBy%2FOk3wTd%2BZbHRMigJcPSvo9rrLUXh6ZCXOK5Y5Jr5XV8R%2BqSAxmEn8zhLOPjOkXmTMH0XRo7IYbuXI%2FHwqjOtnKr6R3CH7m5Yv2lsNkafygXg3IoV%2Fe%2F4TboEvw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 cf-ray 71e0b56679dc998a-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	animate.min.css morganrichter.com/css/	57 KB 5 KB	78ms 78ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://morganrichter.com/css/animate.min.css Requested by Host: morganrichter.com URL: https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4c055e6d0d9ba2b8f1be4719110e92c1b9499ed0759f0d1c48fccd16a7b31dcf` Request headers accept-language fr-FR,fr;q=0.9 Referer https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 01:25:05 GMT content-encoding br cf-cache-status DYNAMIC last-modified Wed, 01 Jun 2022 08:35:46 GMT server cloudflare etag W/"2124405044" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oSxmQsp038Ao2b3CoJr%2BDxkrG9FB8B0zkIPbuxVkFS2b6jpWqGiakiKVX13pI%2B8Sz09Fw6dxhsPl6WZZ5jZNQh2xQsBo%2BYW8B4vwRwZ6o1V%2F2eA5hlWM0S%2BG%2B8AnZXEHqE9KGpjMLCLBi5%2FnRNcuTA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 cf-ray 71e0b56679de998a-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	ace-push.js Show response virtualpushplatform.com/	13 KB 5 KB	1981ms 1902ms	Script application/javascript	2606:4700:3037::6815:4392 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://virtualpushplatform.com/ace-push.js Requested by Host: morganrichter.com URL: https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:4392 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d4880710c87636a8a8aaacfd576c79a5768fc651367636c71d2443ecc4ccb02e` Request headers accept-language fr-FR,fr;q=0.9 Referer https://morganrichter.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 01:25:07 GMT content-encoding br cf-cache-status BYPASS last-modified Fri, 03 Jun 2022 11:22:20 GMT server cloudflare etag W/"1d8773c30540a1e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=39j7dCuCWib4RB0QbIzF5y1PptG%2BCCnNT5KkEEBzSH3tva8SzB0oig14r4wO5XTsH7okgQO3DWm1xE%2BNXbC76uoZFFjsUkr9zUryhQGwgYtyrP8n25s%2FLSji%2BATB1vy9quEtxRIp8O2pONyP4FXrzGBY1orfdA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 71e0b566fdc899ed-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	logo.png morganrichter.com/images/	157 KB 158 KB	83ms 83ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://morganrichter.com/images/logo.png Requested by Host: morganrichter.com URL: https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9de8a10738e75812e1ed3ab870d91c384ab559267e67593f88d1d9be83f42793` Request headers accept-language fr-FR,fr;q=0.9 Referer https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 01:25:05 GMT cf-cache-status DYNAMIC last-modified Wed, 01 Jun 2022 08:35:47 GMT server cloudflare etag "2901021150" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3La6yz0bhVFwBA%2FB5u1SLmJTxeK%2FKoG6MJGOEyK5Wk%2Fan7lY%2Fnmyzj9OavlSBGm%2F1P%2BcWoUiqKcRdg2fTvxXT6VR2U9G4QNBy68glm3C4z6DYTToYzfaB9tajAMXZLfUJLes%2BQRcwNNWPCf29AIgTA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png accept-ranges bytes cf-ray 71e0b5677a99998a-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 160841
GET H3	200	package.png morganrichter.com/images/	17 KB 18 KB	73ms 73ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://morganrichter.com/images/package.png Requested by Host: morganrichter.com URL: https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3b19eeb21d7fbd9b8b260e57c2d9198f83732339a9e3cbd5d2264f77e722df26` Request headers accept-language fr-FR,fr;q=0.9 Referer https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 01:25:06 GMT cf-cache-status DYNAMIC last-modified Wed, 01 Jun 2022 08:35:47 GMT server cloudflare etag "2505969917" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lruybU4ayIHNwB8zq268zYIokqkBFHEiXHxfurjkZWUzP6otik9xoiTwwpPDsgoOQ%2FVdYe%2BbVbSOFHxdHwUbp7XHxDx%2F%2F6C60UNLsR%2FlELbtrfkNXkOQfxFbvXEKANMFz%2Btlf9%2Foct32em1gsUtbxQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png accept-ranges bytes cf-ray 71e0b5689b8d998a-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 17622
GET H3	200	loading.gif morganrichter.com/images/	496 KB 497 KB	88ms 87ms	Image image/gif	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://morganrichter.com/images/loading.gif Requested by Host: morganrichter.com URL: https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fc85702baca03c9e5cea9b68ee081a4fcb99d8ab9c028772dc69e908208128f7` Request headers accept-language fr-FR,fr;q=0.9 Referer https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 01:25:06 GMT cf-cache-status DYNAMIC last-modified Wed, 01 Jun 2022 08:35:47 GMT server cloudflare etag "164044102" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UCl56RaC5fBQerzH0ZBp%2F6nRAfhayE7tbb707xVCZAUfYfmC0wNDtoSLHzghIoVEYprKovk0xl0faluPBhOso1NzOZg0w56yJ7u310os%2B%2FYOeNC4VV9xtgPsA88dInJgBJYABW3aOS9YE7fVPwPA%2BA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif accept-ranges bytes cf-ray 71e0b5690bf0998a-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 508135
GET H3	200	check.png morganrichter.com/images/	18 KB 18 KB	89ms 89ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://morganrichter.com/images/check.png Requested by Host: morganrichter.com URL: https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ddc9f495fa5ffd2acaa85dcfc467f54155a759fc7b86b920e6cce7551ceee14d` Request headers accept-language fr-FR,fr;q=0.9 Referer https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 01:25:06 GMT cf-cache-status DYNAMIC last-modified Wed, 01 Jun 2022 08:35:47 GMT server cloudflare etag "682021803" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZyN3I22Ct9hk2vbyYYEo9TXPV%2F2Z%2BckTQqX%2F%2Fwq1r5R%2Fuxp0z82abQZp8xIHL%2BcOIEqLcD07XJTz1hcWNsxu4Or7I0HYzB%2B2X%2B7ziuPkmtx%2FGS0Q%2FmUQHJR%2BwR0H3zWwGBoGti3%2BHY648oBY%2F%2F963g%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png accept-ranges bytes cf-ray 71e0b56a0c96998a-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 18285
GET H3	200	product.png morganrichter.com/images/	17 KB 18 KB	79ms 78ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://morganrichter.com/images/product.png Requested by Host: morganrichter.com URL: https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a4620f05d5ff31862aae5884d532cc113293243adb929ba49b228c083bdbf19b` Request headers accept-language fr-FR,fr;q=0.9 Referer https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 01:25:06 GMT cf-cache-status DYNAMIC last-modified Wed, 01 Jun 2022 08:35:47 GMT server cloudflare etag "1318473922" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=exSDQxpkaQYDafNvuBsDLGjYYf0IWwOEhr8flrnx8AYlFoXiHZYnBf66zLBi1sAkKNFbsHknqpjHj8AloBMoYAfCGTBZMsfj%2F4ANcfMXtQNZSrzVvXFt3c7bjserdzFHqhhbP6ktaAUjZtxNyZ7rpw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png accept-ranges bytes cf-ray 71e0b56a9cea998a-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 17911
GET H3	200	script.js Show response morganrichter.com/js/	13 KB 2 KB	72ms 71ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://morganrichter.com/js/script.js Requested by Host: morganrichter.com URL: https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6b83282d850d687d049f53f4fd97aec0aa73981c65e77ea38487ae5500c05767` Request headers accept-language fr-FR,fr;q=0.9 Referer https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 01:25:05 GMT content-encoding br cf-cache-status DYNAMIC last-modified Wed, 01 Jun 2022 08:35:47 GMT server cloudflare etag W/"431624918" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ptHTHJYXv03EH2mw4nIJuB8CN%2B6q2JpJiukF24jPR0jXQKmhqpN4HSPhDRfPfvlQWWuRwbYuisztcNweE%2BcFF%2FX39t3kQx5VM95kiaZ2jxlY9XbbRZulCI6cYl1Zx8IZK%2FZVCJJXs%2FU%2FQwIoAj%2FEOQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cf-ray 71e0b5670a4b998a-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST H3	200	visit Show response virtualpushplatform.com/api/v1/	1 KB 2 KB	78ms 77ms	Fetch application/json	2606:4700:3037::6815:4392 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://virtualpushplatform.com/api/v1/visit Requested by Host: virtualpushplatform.com URL: https://virtualpushplatform.com/ace-push.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:4392 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1915ad70670d845b2625416c59e479a685225398f4290d2671a1c3a1fa8ae2b2` Request headers Referer https://morganrichter.com/ accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Content-type application/json Response headers date Mon, 20 Jun 2022 01:25:07 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bv6RzuT0kgOBXEPdJQDv0sHeo%2BE2%2Fbx1bQQJP%2BNYNrvXaimj%2FwcNpQ09VhvkLLOpV%2FwQSkSMpwbiwGUE3SfJUQEPbGyI8vMXbR7mqjMYv0hXsBmb5PQXaKwx68Oxw5mA2MUVdOcV3i5IbqQhPg4WQAgtbaLdFQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * cf-ray 71e0b573cf6e99cc-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
OPTIONS H3	204	visit virtualpushplatform.com/api/v1/	0 0	101ms 63ms	Preflight	2606:4700:3037::6815:4392 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://virtualpushplatform.com/api/v1/visit Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:4392 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Accept / Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://morganrichter.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers access-control-allow-headers content-type access-control-allow-methods POST access-control-allow-origin * alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 71e0b5736f2f99cc-CDG date Mon, 20 Jun 2022 01:25:07 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kfMfJqxfq0WbDHRmWvbJ%2BRqmodlQwq1HOnrzm37y5h61hT4acdJRo%2B23VCydzqD76Fp%2Fq7tKSXghjjNw5y8DP%2FCz6EgmdO1C5ALO8mkuoeosYnTHo7b%2FTbVsZ6esEinwHlwvF3G6MPdTNYMwcApazazWkoKnkQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
POST		log-client-error virtualpushplatform.com/api/v1/visit/	0 0

OPTIONS H3	204	log-client-error virtualpushplatform.com/api/v1/visit/	0 0	48ms 47ms	Preflight	2606:4700:3037::6815:4392 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://virtualpushplatform.com/api/v1/visit/log-client-error Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:4392 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Accept / Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://morganrichter.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers access-control-allow-headers content-type access-control-allow-methods POST access-control-allow-origin * alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 71e0b575185699cc-CDG date Mon, 20 Jun 2022 01:25:08 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3UGW45uHEn69uJoGgFpw4asi1dZH8SQw7e3sMcNtwAfKZvCtSWVk8Ct%2Bmdrq9FoFnYRihIkCzfoJpHOxlDRvx3WsYwScoWVT0iasljlZkN%2Bj7au3T6lvDHDSERI1xsulotmEAgGL3viofdPsUGJf1twBwsZv6A%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: virtualpushplatform.com
URL: https://virtualpushplatform.com/api/v1/visit/log-client-error

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Tracking (Transportation)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.lpredirect.com/	1970-01-21 03:54:48	Name: uniqueClick_BL18NW5 Value: 5eb3c031-2175-41c7-832d-fc3b1f18b69a:1655688305
www.lpredirect.com/	1970-01-20 06:04:24	Name: transaction_id Value: ba1456e4019b4d89b8ad202720d719d1
morganrichter.com/	1969-12-31 23:59:59	Name: SESSIONIDS Value: QW039FO9QE
.virtualpushplatform.com/	1970-01-20 03:54:51	Name: TiPMix Value: 53.3824340688914
.virtualpushplatform.com/	1970-01-20 03:54:51	Name: x-ms-routing-name Value: self
.virtualpushplatform.com/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: 62a48a55d6f03cbcf2dca9ad6d99edb8896ff4af6b2348f8d79e32d9ac40cddb

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: https://morganrichter.com/?encoded_value=24QSBG&source_id=2265&sub1=e54e44b5caa548db870d32e1645af9dc&sub2=&sub3=&sub4=&sub5=&tid=ba1456e4019b4d89b8ad202720d719d1 Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

friedman.klorenz.com
morganrichter.com
virtualpushplatform.com
www.affordableserve.com
www.lpredirect.com
virtualpushplatform.com
185.142.27.12
194.135.23.246
2606:4700:3037::6815:4392
2a06:98c1:3121::3
34.117.79.165
1915ad70670d845b2625416c59e479a685225398f4290d2671a1c3a1fa8ae2b2
3b19eeb21d7fbd9b8b260e57c2d9198f83732339a9e3cbd5d2264f77e722df26
4c055e6d0d9ba2b8f1be4719110e92c1b9499ed0759f0d1c48fccd16a7b31dcf
6b83282d850d687d049f53f4fd97aec0aa73981c65e77ea38487ae5500c05767
9726213f0045155834d24d4055ea37d4c48cef62aa5fe78f78df6d38a248a378
9de8a10738e75812e1ed3ab870d91c384ab559267e67593f88d1d9be83f42793
a4620f05d5ff31862aae5884d532cc113293243adb929ba49b228c083bdbf19b
d4880710c87636a8a8aaacfd576c79a5768fc651367636c71d2443ecc4ccb02e
d7d5bb9b629ed5ae56bc7554e970e42f083729f8ecf961a772828a067baa2bd0
ddc9f495fa5ffd2acaa85dcfc467f54155a759fc7b86b920e6cce7551ceee14d
fc85702baca03c9e5cea9b68ee081a4fcb99d8ab9c028772dc69e908208128f7

morganrichter.com Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

93 %HTTPS

40 %IPv6

5 Domains

5 Subdomains

3 IPs

2 Countries

728 kBTransfer

813 kBSize

6 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

6 Cookies

1 Console Messages

Indicators

morganrichter.com Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

93 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

3
IPs

2
Countries

728 kB
Transfer

813 kB
Size

6
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!