tradeguardians.org
Open in
urlscan Pro
199.250.206.120
Malicious Activity!
Public Scan
Effective URL: https://tradeguardians.org/prk/auto.html
Submission: On April 27 via manual from NO — Scanned from NO
Summary
TLS certificate: Issued by R3 on April 3rd 2024. Valid for: 3 months.
This is the only time tradeguardians.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Autopay (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 199.250.206.120 199.250.206.120 | 54641 (IMH-IAD) (IMH-IAD) | |
1 | 199.36.158.100 199.36.158.100 | 54113 (FASTLY) (FASTLY) | |
1 | 20.126.75.6 20.126.75.6 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
5 | 137.117.170.23 137.117.170.23 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
17 | 5 |
ASN54641 (IMH-IAD, US)
PTR: ded5926.inmotionhosting.com
tradeguardians.org |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
test.epayment.nets.eu |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
epayment.nets.eu |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
tradeguardians.org
tradeguardians.org |
51 KB |
6 |
nets.eu
test.epayment.nets.eu epayment.nets.eu |
30 KB |
1 |
autopay.io
static.autopay.io |
2 KB |
17 | 3 |
Domain | Requested by | |
---|---|---|
9 | tradeguardians.org |
tradeguardians.org
|
5 | epayment.nets.eu |
tradeguardians.org
|
1 | test.epayment.nets.eu |
tradeguardians.org
|
1 | static.autopay.io |
tradeguardians.org
|
17 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.tradeguardians.org R3 |
2024-04-03 - 2024-07-02 |
3 months | crt.sh |
atkinsbookoflandscapes2020.com GTS CA 1D4 |
2024-04-07 - 2024-07-06 |
3 months | crt.sh |
test.epayment.nets.eu R3 |
2024-03-03 - 2024-06-01 |
3 months | crt.sh |
epayment.nets.eu DigiCert TLS RSA SHA256 2020 CA1 |
2023-06-05 - 2024-07-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://tradeguardians.org/prk/auto.html
Frame ID: 835160E1A8034DD0F6E0F486F834C0DE
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
Nets - Aksepter betalingPage URL History Show full URLs
-
http://tradeguardians.org/prk/auto.html
HTTP 307
https://tradeguardians.org/prk/auto.html Page URL
Detected technologies
Microsoft ASP.NET (Web Frameworks) ExpandDetected patterns
- <input[^>]+name="__VIEWSTATE
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://tradeguardians.org/prk/auto.html
HTTP 307
https://tradeguardians.org/prk/auto.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
auto.html
tradeguardians.org/prk/ Redirect Chain
|
19 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.3.5.min.js
tradeguardians.org/prk/css/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
StyleSheet_ExistingTerminal.css
tradeguardians.org/prk/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
autopay.css
static.autopay.io/netaxept/v1/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Default.js
tradeguardians.org/prk/css/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
TDSMethod.js
tradeguardians.org/prk/css/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
terminalimage.ashx
test.epayment.nets.eu/images/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
terminalimage.ashx
epayment.nets.eu/images/ |
607 B 984 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
TopLedge_New.png
epayment.nets.eu/Terminal/Images/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
terminalimage.ashx
epayment.nets.eu/images/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
32882.jpg
tradeguardians.org/prk/css/ |
41 KB 41 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
helpbutton.png
epayment.nets.eu/Terminal/images/ |
580 B 926 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
visa.png
tradeguardians.org/Images/Issuers/Icons/ |
555 B 555 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Common.js
tradeguardians.org/prk/css/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EasyPayment.js
tradeguardians.org/prk/css/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
transparentProgress.gif
epayment.nets.eu//terminal/Images/ |
723 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon_New.ico
epayment.nets.eu/Images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- epayment.nets.eu
- URL
- https://epayment.nets.eu/Images/favicon_New.ico
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Autopay (Transportation)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| easyPaymentCardNoId string| easyPaymentEpaySessionId string| easyPaymentCurrentIssuerImageId string| easyPaymentCurrentIssuerNameId string| easyPaymentvalidationRequired string| easyPaymentverificationLabel string| easyPaymentsecurityCode string| easyPaymentpopupLink object| easyPaymentIssuers boolean| easyPaymentDiscoverFlag object| chkMobileDevice0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
epayment.nets.eu
static.autopay.io
test.epayment.nets.eu
tradeguardians.org
epayment.nets.eu
137.117.170.23
199.250.206.120
199.36.158.100
20.126.75.6
2db1d1da08cb178619e5517a3919ab9b731454634f078ddd905c78f3639d7ecb
56239290173b9f263e53e63911e0e5c505a57e6a0f70bc048bc57e4451cf5059
5a8f886ffb6afed6497f36d8940ab950086a2eb72fe82266f8ac96acc43a8de2
8b731bb63c483a873948db9fc3f6711956227f26d78fbccc2f54601777b04ad2
a8705899ab21966962695a7516afe58b6e018d1fd0afba05ba00d266d1ac0cf8
ac0cf6a92444a873c2d5d4af1b2857828f9579812bc3720883028ee600bbf37d
b0e39c2678c443e6e6722cacd41e413d51142e670adb7e0bf073cd49dcabf1d3
d17e4d479b21e65e099a312481d3effeb0e0c0e36b965e8174b67df79c4ac2f8
e209d6d6e97cb95d6246e176f50383d75b0ea94345c7cc1c0777e178935db3c5