john3thirty.net
Open in
urlscan Pro
65.181.111.9
Malicious Activity!
Public Scan
Effective URL: https://john3thirty.net/
Submission: On January 30 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on January 28th 2024. Valid for: 3 months.
This is the only time john3thirty.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 192.185.30.177 192.185.30.177 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
6 | 65.181.111.9 65.181.111.9 | 14670 (WHG-USE1) (WHG-USE1) | |
6 | 1 |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 192-185-30-177.unifiedlayer.com
asonahores.com |
ASN14670 (WHG-USE1, GB)
PTR: s863.use1.mysecurecloudhost.com
john3thirty.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
john3thirty.net
john3thirty.net |
371 KB |
1 |
asonahores.com
1 redirects
asonahores.com |
92 B |
6 | 2 |
Domain | Requested by | |
---|---|---|
6 | john3thirty.net |
john3thirty.net
|
1 | asonahores.com | 1 redirects |
6 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
john3thirty.net R3 |
2024-01-28 - 2024-04-27 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://john3thirty.net/
Frame ID: 79877F2B10902D0006960A948ED5FA13
Requests: 6 HTTP requests in this frame
Screenshot
Page Title
ConfirmationPage URL History Show full URLs
-
https://asonahores.com/secure.php
HTTP 302
https://john3thirty.net/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://asonahores.com/secure.php
HTTP 302
https://john3thirty.net/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
john3thirty.net/ Redirect Chain
|
21 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
faboulous.css
john3thirty.net/ |
86 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
faboulous.js
john3thirty.net/ |
278 KB 79 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
faboulous.png
john3thirty.net/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
faboulous3.png
john3thirty.net/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
faboulous2.png
john3thirty.net/ |
265 KB 265 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| validateuname function| meetU function| meetData function| meetP1 function| meetData1 function| meetP function| meetData20 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
asonahores.com
john3thirty.net
192.185.30.177
65.181.111.9
265a924c42de4784cba8fd0e1bd77133bc833ea5f5a31fc77e08922c18fcfa43
43a17b42d8b5f613ec1b7d707c8c4f965a63cf15c59813d4d24278e54ad25958
76490b548e36d37baf74430c08ef8db85d95eec6c31175cbe3d39b9688468e1e
a8e954fc9668172a94b5e7d74efca982d6abd6891d0457e3d859c99018087fff
ddb6b5706f83f5a11d4de018b5b1d40164ee2703f95e4ed6ba93a656f6b17edd
e2f8ccc8a603135d9669b71f5b695def341c88d73b622ab4827397c418805e7b