infoshelp.club Open in urlscan Pro
158.69.246.130 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://infoshelp.club/chse.verify.home/step2.php
Submission: On April 09 via automatic, source openphish (April 9th 2018, 5:41:00 am UTC)

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 18 HTTP transactions. The main IP is 158.69.246.130, located in Montréal, Canada and belongs to OVH, FR. The main domain is infoshelp.club.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 5th 2018. Valid for: 3 months.

This is the only time infoshelp.club was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online) Chase (Banking)

Domain & IP information

	IP Address	AS Autonomous System
12	158.69.246.130 158.69.246.130	16276 (OVH) (OVH)
1	54.148.84.95 54.148.84.95	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
5	104.19.193.102 104.19.193.102	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
18	3

12 158.69.246.130 (Montréal, Canada)

ASN16276 (OVH, FR)
PTR: ns535599.ip-158-69-246.net

infoshelp.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.148.84.95 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-148-84-95.us-west-2.compute.amazonaws.com

www.sitepoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.19.193.102 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	infoshelp.club infoshelp.club	82 KB
5	cloudflare.com cdnjs.cloudflare.com	108 KB
1	sitepoint.com www.sitepoint.com	6 KB
18	3

	Domain	Requested by
12	infoshelp.club	infoshelp.club
5	cdnjs.cloudflare.com	infoshelp.club
1	www.sitepoint.com	infoshelp.club
18	3

This site contains no links.

Subject Issuer	Validity	Valid
infoshelp.club cPanel, Inc. Certification Authority	`2018-04-05` - `2018-07-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://infoshelp.club/chse.verify.home/step2.php
Frame ID: BF08325E0EFCDC13C3E2AC2331071B0A
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

18
Requests

67 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

196 kB
Transfer

461 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request step2.php Show response
infoshelp.club/chse.verify.home/ 16 KB
16 KB 309ms
111ms Document
text/html 158.69.246.130
OVH

General

infoshelp.club Open in urlscan Pro 158.69.246.130 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

18 Requests

67 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

196 kBTransfer

461 kBSize

0 Cookies

0 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

infoshelp.club Open in urlscan Pro
158.69.246.130 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

67 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

196 kB
Transfer

461 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!