forextech.xyz
Open in
urlscan Pro
89.163.144.68
Malicious Activity!
Public Scan
Effective URL: http://forextech.xyz/http/Box/login.html
Submission: On March 26 via manual from GB
Summary
This is the only time forextech.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Box.com (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 208.97.176.177 208.97.176.177 | 26347 (DREAMHOST-AS) (DREAMHOST-AS - New Dream Network) | |
2 2 | 45.40.140.1 45.40.140.1 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
2 9 | 89.163.144.68 89.163.144.68 | 24961 (MYLOC-AS) (MYLOC-AS) | |
2 | 134.249.116.78 134.249.116.78 | 15895 (KSNET-AS) (KSNET-AS) | |
9 | 3 |
ASN26347 (DREAMHOST-AS - New Dream Network, LLC, US)
PTR: apache2-ogle.thomas-heyward-jr.dreamhost.com
www.g.bw |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-45-40-140-1.ip.secureserver.net
x.co |
ASN24961 (MYLOC-AS, DE)
PTR: ve068.venus.dedi.server-hosting.expert
forextech.xyz |
ASN15895 (KSNET-AS, UA)
PTR: 134-249-116-78.broadband.kyivstar.net
134.249.116.78 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
forextech.xyz
2 redirects
forextech.xyz |
146 KB |
2 |
x.co
2 redirects
x.co |
299 B |
1 |
g.bw
1 redirects
www.g.bw |
284 B |
9 | 3 |
Domain | Requested by | |
---|---|---|
9 | forextech.xyz |
2 redirects
forextech.xyz
|
2 | x.co | 2 redirects |
1 | www.g.bw | 1 redirects |
9 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.box.com |
account.box.com |
community.box.com |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://forextech.xyz/http/Box/login.html
Frame ID: 6C28E7A3016E1A383B78FA273D2BBB84
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://www.g.bw/j3UiNdb
HTTP 302
http://x.co/BoxMarch26 HTTP 301
https://x.co/BoxMarch26 HTTP 302
http://forextech.xyz/http/Box/login.html Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Moment.js (JavaScript Libraries) Expand
Detected patterns
- env /^moment$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
32 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Dansk
Search URL Search Domain Scan URL
Title: Deutsch
Search URL Search Domain Scan URL
Title: English (Australia)
Search URL Search Domain Scan URL
Title: English (Canada)
Search URL Search Domain Scan URL
Title: English (UK)
Search URL Search Domain Scan URL
Title: English (US)
Search URL Search Domain Scan URL
Title: Español
Search URL Search Domain Scan URL
Title: Español (Latinoamérica)
Search URL Search Domain Scan URL
Title: Français
Search URL Search Domain Scan URL
Title: Français (Canada)
Search URL Search Domain Scan URL
Title: Italiano
Search URL Search Domain Scan URL
Title: Nederlands
Search URL Search Domain Scan URL
Title: Norsk (Bokmål)
Search URL Search Domain Scan URL
Title: Polski
Search URL Search Domain Scan URL
Title: Português
Search URL Search Domain Scan URL
Title: Suomi
Search URL Search Domain Scan URL
Title: Svenska
Search URL Search Domain Scan URL
Title: Türkçe
Search URL Search Domain Scan URL
Title: Русский
Search URL Search Domain Scan URL
Title: हिन्दी
Search URL Search Domain Scan URL
Title: বাংলা
Search URL Search Domain Scan URL
Title: 日本語
Search URL Search Domain Scan URL
Title: 简体中文
Search URL Search Domain Scan URL
Title: 繁體中文
Search URL Search Domain Scan URL
Title: 한국어
Search URL Search Domain Scan URL
Title: Box Blog
Search URL Search Domain Scan URL
Title: Sign Up
Search URL Search Domain Scan URL
Title: ©2019 Box
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.g.bw/j3UiNdb
HTTP 302
http://x.co/BoxMarch26 HTTP 301
https://x.co/BoxMarch26 HTTP 302
http://forextech.xyz/http/Box/login.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- http://forextech.xyz/gen204?category=boomerang&event_type=beacon&keys_and_values[current_rm]=amsterdam_login_premium&keys_and_values[datacenterTag]=unknown&keys_and_values[uri]=http%3A%2F%2Fforextech.xyz%2Fhttp%2FBox%2Flogin.html&&keys_and_values[version]=1&keys_and_values[nt_red_cnt]=0&keys_and_values[nt_nav_type]=0&keys_and_values[nt_nav_st]=1553611070257&keys_and_values[nt_fet_st]=1553611071395&keys_and_values[nt_dns_st]=1553611071397&keys_and_values[nt_dns_end]=1553611071430&keys_and_values[nt_con_st]=1553611071430&keys_and_values[nt_con_end]=1553611071444&keys_and_values[nt_req_st]=1553611071444&keys_and_values[nt_res_st]=1553611071459&keys_and_values[nt_res_end]=1553611071462&keys_and_values[nt_domloading]=1553611071479&keys_and_values[nt_domint]=1553611071655&keys_and_values[nt_domcontloaded_st]=1553611071673&keys_and_values[nt_domcontloaded_end]=1553611071674&keys_and_values[nt_domcomp]=1553611071674&keys_and_values[nt_load_st]=1553611071674&keys_and_values[nt_load_end]=1553611071674&keys_and_values[t_done]=1417&keys_and_values[t_resp]=15&keys_and_values[t_page]=215&runmode_options[splunk]=1&runmode_options[add_geo]=1 HTTP 302
- http://134.249.116.78/index.php
- http://forextech.xyz/index.php?rm=box_gen204_batch_record HTTP 302
- http://134.249.116.78/index.php
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.html
forextech.xyz/http/Box/ Redirect Chain
|
17 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-50a5721c03.css
forextech.xyz/http/Box/login_files/ |
107 KB 38 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
new-office-logo.png
forextech.xyz/http/Box/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
norton.png
forextech.xyz/http/Box/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-3a640191e3.min.js.download
forextech.xyz/http/Box/login_files/ |
250 KB 80 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
49 B 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
index.php
134.249.116.78/ Redirect Chain
|
0 -1 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
134.249.116.78/ |
0 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
index.php
134.249.116.78/ Redirect Chain
|
0 -1 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
134.249.116.78/ |
0 0 |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Box.com (Consumer)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $t function| $ function| jQuery function| P object| Box function| moment object| Resin0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
forextech.xyz
www.g.bw
x.co
134.249.116.78
208.97.176.177
45.40.140.1
89.163.144.68
3f794c658458512e57ba6e8ce570bf166116859657e991b9e864cdd5bd5ac3ea
42228e99e5e7435a0ed85bdda859f5eebd2c90e055d925bd155f43f02081a712
43d5dc022838b859f9754723c1c61dfc5074ebafda61a31175bdfef1cf0e2820
b3a5b6ca29a838f041bbd3b84aa117b219101c306e3a8edfa17b11f19c38f54b
c8dde2ecbfa02b614400d7cb315f21f6280f77b14b45bee931663ca012d6d306
d97c1ea26a50582393fefcd91a79e78b98c78202c5c930a38072f61537df9823
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855