Submitted URL: https://asonahores.com/secure.php
Effective URL: https://john3thirty.net/
Submission: On January 30 via manual from US — Scanned from DE

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 65.181.111.9, located in United Kingdom and belongs to WHG-USE1, GB. The main domain is john3thirty.net.
TLS certificate: Issued by R3 on January 28th 2024. Valid for: 3 months.
This is the only time john3thirty.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 192.185.30.177 19871 (NETWORK-S...)
6 65.181.111.9 14670 (WHG-USE1)
6 1
Apex Domain
Subdomains
Transfer
6 john3thirty.net
john3thirty.net
371 KB
1 asonahores.com
asonahores.com
92 B
6 2
Domain Requested by
6 john3thirty.net john3thirty.net
1 asonahores.com 1 redirects
6 2

This site contains no links.

Subject Issuer Validity Valid
john3thirty.net
R3
2024-01-28 -
2024-04-27
3 months crt.sh

This page contains 1 frames:

Primary Page: https://john3thirty.net/
Frame ID: 79877F2B10902D0006960A948ED5FA13
Requests: 6 HTTP requests in this frame

Screenshot

Page Title

Confirmation

Page URL History Show full URLs

  1. https://asonahores.com/secure.php HTTP 302
    https://john3thirty.net/ Page URL

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

371 kB
Transfer

655 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://asonahores.com/secure.php HTTP 302
    https://john3thirty.net/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
john3thirty.net/
Redirect Chain
  • https://asonahores.com/secure.php
  • https://john3thirty.net/
21 KB
6 KB
Document
General
Full URL
https://john3thirty.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.181.111.9 , United Kingdom, ASN14670 (WHG-USE1, GB),
Reverse DNS
s863.use1.mysecurecloudhost.com
Software
LiteSpeed /
Resource Hash
76490b548e36d37baf74430c08ef8db85d95eec6c31175cbe3d39b9688468e1e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-length
6263
content-type
text/html
date
Tue, 30 Jan 2024 20:24:50 GMT
last-modified
Tue, 30 Jan 2024 19:20:16 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent

Redirect headers

content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 30 Jan 2024 20:24:49 GMT
location
https://john3thirty.net/
server
Apache
faboulous.css
john3thirty.net/
86 KB
14 KB
Stylesheet
General
Full URL
https://john3thirty.net/faboulous.css
Requested by
Host: john3thirty.net
URL: https://john3thirty.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.181.111.9 , United Kingdom, ASN14670 (WHG-USE1, GB),
Reverse DNS
s863.use1.mysecurecloudhost.com
Software
LiteSpeed /
Resource Hash
a8e954fc9668172a94b5e7d74efca982d6abd6891d0457e3d859c99018087fff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://john3thirty.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 30 Jan 2024 20:24:50 GMT
content-encoding
br
last-modified
Tue, 30 Jan 2024 19:20:13 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
14653
expires
Tue, 06 Feb 2024 20:24:50 GMT
faboulous.js
john3thirty.net/
278 KB
79 KB
Script
General
Full URL
https://john3thirty.net/faboulous.js
Requested by
Host: john3thirty.net
URL: https://john3thirty.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.181.111.9 , United Kingdom, ASN14670 (WHG-USE1, GB),
Reverse DNS
s863.use1.mysecurecloudhost.com
Software
LiteSpeed /
Resource Hash
265a924c42de4784cba8fd0e1bd77133bc833ea5f5a31fc77e08922c18fcfa43

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://john3thirty.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 30 Jan 2024 20:24:50 GMT
content-encoding
br
last-modified
Tue, 30 Jan 2024 19:20:14 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
81238
expires
Tue, 06 Feb 2024 20:24:50 GMT
faboulous.png
john3thirty.net/
4 KB
4 KB
Image
General
Full URL
https://john3thirty.net/faboulous.png
Requested by
Host: john3thirty.net
URL: https://john3thirty.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.181.111.9 , United Kingdom, ASN14670 (WHG-USE1, GB),
Reverse DNS
s863.use1.mysecurecloudhost.com
Software
LiteSpeed /
Resource Hash
43a17b42d8b5f613ec1b7d707c8c4f965a63cf15c59813d4d24278e54ad25958

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://john3thirty.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 30 Jan 2024 20:24:50 GMT
last-modified
Tue, 30 Jan 2024 19:20:12 GMT
server
LiteSpeed
vary
User-Agent
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
4271
expires
Tue, 06 Feb 2024 20:24:50 GMT
faboulous3.png
john3thirty.net/
1 KB
1 KB
Image
General
Full URL
https://john3thirty.net/faboulous3.png
Requested by
Host: john3thirty.net
URL: https://john3thirty.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.181.111.9 , United Kingdom, ASN14670 (WHG-USE1, GB),
Reverse DNS
s863.use1.mysecurecloudhost.com
Software
LiteSpeed /
Resource Hash
e2f8ccc8a603135d9669b71f5b695def341c88d73b622ab4827397c418805e7b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://john3thirty.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 30 Jan 2024 20:24:50 GMT
last-modified
Tue, 30 Jan 2024 19:20:16 GMT
server
LiteSpeed
vary
User-Agent
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
1213
expires
Tue, 06 Feb 2024 20:24:50 GMT
faboulous2.png
john3thirty.net/
265 KB
265 KB
Image
General
Full URL
https://john3thirty.net/faboulous2.png
Requested by
Host: john3thirty.net
URL: https://john3thirty.net/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
65.181.111.9 , United Kingdom, ASN14670 (WHG-USE1, GB),
Reverse DNS
s863.use1.mysecurecloudhost.com
Software
LiteSpeed /
Resource Hash
ddb6b5706f83f5a11d4de018b5b1d40164ee2703f95e4ed6ba93a656f6b17edd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://john3thirty.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 30 Jan 2024 20:24:50 GMT
last-modified
Tue, 30 Jan 2024 19:20:14 GMT
server
LiteSpeed
vary
User-Agent
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
271219
expires
Tue, 06 Feb 2024 20:24:50 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| validateuname function| meetU function| meetData function| meetP1 function| meetData1 function| meetP function| meetData2

0 Cookies