urlscan.io logo urlscan.io
SecurityTrails logo

iconsult.com.pk Open in urlscan Pro
192.99.219.184  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://ooyael.twitooo.soshafpi.co.za/#iconsult.com.pk/v/
Effective URL: https://iconsult.com.pk/v/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3c254ea73d19f020bb3c29701a5c3969946ab0f25c2678...
Submission: On June 29 via api from IE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 5 HTTP transactions. The main IP is 192.99.219.184, located in Canada and belongs to OVH, FR. The main domain is iconsult.com.pk.
TLS certificate: Issued by R3 on May 8th 2021. Valid for: 3 months.
This is the only time iconsult.com.pk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 156.38.175.60 37153 (xneelo)
1 3 192.99.219.184 16276 (OVH)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:3c01::f0... 63949 (LINODE-AP...)
5 5
Domain Requested by
3 iconsult.com.pk 1 redirects ooyael.twitooo.soshafpi.co.za
1 jsonip.com cdnjs.cloudflare.com
1 cdnjs.cloudflare.com iconsult.com.pk
1 ooyael.twitooo.soshafpi.co.za
5 4

This site contains no links.

Subject Issuer Validity Valid
cpcalendars.iconsult.com.pk
R3		 2021-05-08 -
2021-08-06		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-10-21 -
2021-10-20		 a year crt.sh
jsonip.com
R3		 2021-04-27 -
2021-07-26		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://iconsult.com.pk/v/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3c254ea73d19f020bb3c29701a5c3969946ab0f25c2678f035522f2f150bd2733219175a
Frame ID: 272C785247840C3132621B9ED357063D
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://ooyael.twitooo.soshafpi.co.za/ Page URL
  2. https://iconsult.com.pk/v/ HTTP 303
    https://iconsult.com.pk/v/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3c254ea73d19f020bb3c297... Page URL
  3. https://iconsult.com.pk/v/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3c254ea73d19f020bb3c29701a... Page URL

Page Statistics

5
Requests

80 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

120 kB
Transfer

349 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ooyael.twitooo.soshafpi.co.za/ Page URL
  2. https://iconsult.com.pk/v/ HTTP 303
    https://iconsult.com.pk/v/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3c254ea73d19f020bb3c29701a5c3969946ab0f25c2678f035522f2f150bd2733219175a Page URL
  3. https://iconsult.com.pk/v/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3c254ea73d19f020bb3c29701a5c3969946ab0f25c2678f035522f2f150bd2733219175a Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://iconsult.com.pk/v/ HTTP 303
  • https://iconsult.com.pk/v/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3c254ea73d19f020bb3c29701a5c3969946ab0f25c2678f035522f2f150bd2733219175a

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
ooyael.twitooo.soshafpi.co.za/ 		821 B
838 B 		Document
General
Check archive.org
Download Go to
Full URL
http://ooyael.twitooo.soshafpi.co.za/
Protocol
HTTP/1.1
Server
156.38.175.60 Johannesburg, South Africa, ASN37153 (xneelo, ZA),
Reverse DNS
maia.thishost.co.za
Software
LiteSpeed /
Resource Hash
1cc177aedbb05065acc31eb2299891b885d38295ffabc56943531a2e087579cc

Request headers

Host
ooyael.twitooo.soshafpi.co.za
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
content-type
text/html
last-modified
Thu, 24 Jun 2021 01:33:45 GMT
accept-ranges
bytes
content-encoding
gzip
vary
Accept-Encoding
content-length
546
date
Tue, 29 Jun 2021 16:46:09 GMT
server
LiteSpeed
r.php
iconsult.com.pk/v/
Redirect Chain
  • https://iconsult.com.pk/v/
  • https://iconsult.com.pk/v/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3c254ea73d19f020bb3c29701a5c3969946ab0f25c2678f035522f2f150bd2733219175a
222 B
502 B 		Document
General
Check archive.org
Download Go to
Full URL
https://iconsult.com.pk/v/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3c254ea73d19f020bb3c29701a5c3969946ab0f25c2678f035522f2f150bd2733219175a
Requested by
Host: ooyael.twitooo.soshafpi.co.za
URL: http://ooyael.twitooo.soshafpi.co.za/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
192.99.219.184 , Canada, ASN16276 (OVH, FR),
Reverse DNS
kvm07rdns1.websouls.net
Software
Apache /
Resource Hash
78b4d9e0c2e937322635f81554786bf6d07710944aab291f8c3616f7f3e4c0d0

Request headers

Host
iconsult.com.pk
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
http://ooyael.twitooo.soshafpi.co.za/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
PHPSESSID=5a4fdf3b68fe04425ae3eaad6a1591e2
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://ooyael.twitooo.soshafpi.co.za/#iconsult.com.pk/v/

Response headers

Date
Tue, 29 Jun 2021 16:46:11 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Connection
close
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Tue, 29 Jun 2021 16:46:10 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Set-Cookie
PHPSESSID=5a4fdf3b68fe04425ae3eaad6a1591e2; path=/
LOCATION
./r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3c254ea73d19f020bb3c29701a5c3969946ab0f25c2678f035522f2f150bd2733219175a
Content-Length
0
Connection
close
Content-Type
text/html; charset=UTF-8
Primary Request /
iconsult.com.pk/v/s/ 		54 KB
54 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://iconsult.com.pk/v/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3c254ea73d19f020bb3c29701a5c3969946ab0f25c2678f035522f2f150bd2733219175a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
192.99.219.184 , Canada, ASN16276 (OVH, FR),
Reverse DNS
kvm07rdns1.websouls.net
Software
Apache /
Resource Hash
9a55339205b48bbd14fd33f2056f924f537a57537b8f82c44c3627e8c7e3f50f

Request headers

Host
iconsult.com.pk
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://iconsult.com.pk/v/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3c254ea73d19f020bb3c29701a5c3969946ab0f25c2678f035522f2f150bd2733219175a
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
PHPSESSID=5a4fdf3b68fe04425ae3eaad6a1591e2
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://iconsult.com.pk/v/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3c254ea73d19f020bb3c29701a5c3969946ab0f25c2678f035522f2f150bd2733219175a

Response headers

Date
Tue, 29 Jun 2021 16:46:11 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Connection
close
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/ 		257 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/jquery.js
Requested by
Host: iconsult.com.pk
URL: https://iconsult.com.pk/v/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3c254ea73d19f020bb3c29701a5c3969946ab0f25c2678f035522f2f150bd2733219175a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8eb3cb67ef2f0f1b76167135cef6570a409c79b23f0bc0ede71c9a4018f1408a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://iconsult.com.pk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 16:46:11 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
1010837
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
64997
cf-request-id
0afa430f3d00004a732585d000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-40464"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=sfXevYvdlulWkhGXV2XuX3v8D8GwGck67uEaXBEt01gZncc1mpGg3LCiYdavOQ%2Bi%2FJsapg2pk%2F%2BAWQetv4DsufW9pr5hOevrncJKIQ1o3hYGglFxWEflRjDNjWrnHOyNXVmFueRbNZGQbLdd8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6670a12b9c8d4a73-FRA
expires
Sun, 19 Jun 2022 16:46:11 GMT
truncated
/ 		17 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
87a64f2ef4e77731a76b808a2c0c8481dc87588979be1a4a6566b60c2062513d

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
/
jsonip.com/ 		153 B
454 B 		Script
General
Check archive.org
Download Go to
Full URL
https://jsonip.com/?callback=jQuery300045768521234617876_1624985171813&_=1624985171814
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/jquery.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:3c01::f03c:91ff:fe79:43b Fremont, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
64e6c5cab7c21228f0eb4b06f7ffc208622f43976679c8143c8ab0ebc63936c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
https://iconsult.com.pk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 29 Jun 2021 16:46:12 GMT
Server
nginx/1.16.1
Strict-Transport-Security
max-age=31536000;
Access-Control-Allow-Methods
GET
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Connection
keep-alive
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
32e37b49fe415578339000165e93560f7fe36a749bdf08baecbc070d3dad3315

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		10 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c22e9b0006f1884f79d9139afb23465214d48a46a709b3301e1cf29f4a4acb9d

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f10b650802926d8b48038100471fff0c65dc708162702d54d9fff02b0c04d05d

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| getIPAddress string| x

1 Cookies

Domain/Path Name / Value
iconsult.com.pk/v/s Name: ip11
Value: 2a01:4f8:192:5414::2

1 Console Messages

Source Level URL
Text
console-api log (Line 1)
Message:
iconsult.com.pk/v/