weldondebusk.com - urlscan.io

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 6 HTTP transactions. The main IP is 199.204.248.124, located in Saint Petersburg, United States and belongs to AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US. The main domain is weldondebusk.com.

This is the only time weldondebusk.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 4	199.204.248.124 199.204.248.124	17054 (AS17054) (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA)
1	184.30.209.155 184.30.209.155	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	34.248.208.147 34.248.208.147	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	54.228.218.9 54.228.218.9	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
6	4

4 199.204.248.124 (Saint Petersburg, United States) 1 redirects

ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US)
PTR: cp14.machighway.com

weldondebusk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.209.155 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a184-30-209-155.deploy.static.akamaitechnologies.com

deluxe.script.ag	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.248.208.147 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-248-208-147.eu-west-1.compute.amazonaws.com

s.thebrighttag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.228.218.9 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-228-218-9.eu-west-1.compute.amazonaws.com

s.thebrighttag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	weldondebusk.com 1 redirects weldondebusk.com	123 KB
2	thebrighttag.com s.thebrighttag.com	1 KB
1	script.ag deluxe.script.ag	12 KB
6	3

	Domain	Requested by
4	weldondebusk.com	1 redirects weldondebusk.com
2	s.thebrighttag.com	deluxe.script.ag
1	deluxe.script.ag	weldondebusk.com
6	3

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://weldondebusk.com/data/general/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=amh@mibas.no
Frame ID: (FA1C70ECFCE7BADC27DD063FE1D978D0)
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://weldondebusk.com/data/index.php?userid=amh@mibas.no HTTP 302
http://weldondebusk.com/data/general/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=amh@m... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Page Statistics

6
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

137 kB
Transfer

158 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://weldondebusk.com/data/index.php?userid=amh@mibas.no HTTP 302
http://weldondebusk.com/data/general/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=amh@mibas.no Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.php Show response weldondebusk.com/data/general/ Redirect Chain http://weldondebusk.com/data/index.php?userid=amh@mibas.no http://weldondebusk.com/data/general/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=amh@mibas.no	2 KB 2 KB	168ms 168ms	Document text/html	199.204.248.124 CONTINENTAL BROAD...
General Check archive.org Show headers Download Go to Full URL http://weldondebusk.com/data/general/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=amh@mibas.no Protocol HTTP/1.1 Server 199.204.248.124 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US), Reverse DNS cp14.machighway.com Software Protected by COMODO WAF mod_bwlimited/1.4 / PHP/5.4.45 Resource Hash `130b513ee3dfa8e8a930c4e8cec959df9caae63c77210764cf7a82d40ad50e6d` Request headers Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Connection keep-alive Accept-Encoding gzip, deflate Host weldondebusk.com Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Thu, 25 Jan 2018 00:36:55 GMT Server Protected by COMODO WAF mod_bwlimited/1.4 Connection Keep-Alive X-Powered-By PHP/5.4.45 Transfer-Encoding chunked Keep-Alive timeout=30, max=99 Content-Type text/html Redirect headers Date Thu, 25 Jan 2018 00:36:54 GMT Server Protected by COMODO WAF mod_bwlimited/1.4 X-Powered-By PHP/5.4.45 Content-Type text/html Location general/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=amh@mibas.no Connection Keep-Alive Keep-Alive timeout=30, max=100 Content-Length 0
GET H/1.1	200 OK	google_analytics_auto.htm Show response weldondebusk.com/data/general/index_files/	89 KB 89 KB	119ms 119ms	Script text/html	199.204.248.124 CONTINENTAL BROAD...
General Check archive.org Show headers Download Go to Full URL http://weldondebusk.com/data/general/index_files/google_analytics_auto.htm Requested by Host: weldondebusk.com URL: http://weldondebusk.com/data/general/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=amh@mibas.no Protocol HTTP/1.1 Server 199.204.248.124 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US), Reverse DNS cp14.machighway.com Software Protected by COMODO WAF mod_bwlimited/1.4 / Resource Hash `ab8c8fe3c28c4d5293a82afed630f471b4db04995741f7c4c2f71fd25a634f96` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host weldondebusk.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept / Referer http://weldondebusk.com/data/general/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=amh@mibas.no Connection keep-alive Cache-Control no-cache Referer http://weldondebusk.com/data/general/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=amh@mibas.no User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Thu, 25 Jan 2018 00:36:55 GMT Last-Modified Tue, 19 Sep 2017 23:32:34 GMT Server Protected by COMODO WAF mod_bwlimited/1.4 ETag "1e61ebb-16244-55993460ee880" Transfer-Encoding chunked Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=30, max=98
GET H/1.1	200 OK	logo.png weldondebusk.com/data/general/index_files/	31 KB 31 KB	233ms 119ms	Image image/png	199.204.248.124 CONTINENTAL BROAD...
General Check archive.org Show headers Download Go to Show image Full URL http://weldondebusk.com/data/general/index_files/logo.png Requested by Host: weldondebusk.com URL: http://weldondebusk.com/data/general/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=amh@mibas.no Protocol HTTP/1.1 Server 199.204.248.124 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US), Reverse DNS cp14.machighway.com Software Protected by COMODO WAF mod_bwlimited/1.4 / Resource Hash `449f6a97abfc261ff32809775f3d6ff03624594ccf1e80a6238a44f43fadd027` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host weldondebusk.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://weldondebusk.com/data/general/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=amh@mibas.no Connection keep-alive Cache-Control no-cache Referer http://weldondebusk.com/data/general/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=amh@mibas.no User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Thu, 25 Jan 2018 00:36:55 GMT Last-Modified Tue, 19 Sep 2017 23:32:32 GMT Server Protected by COMODO WAF mod_bwlimited/1.4 ETag "1e61ebc-7bf7-5599345f06400" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=30, max=100 Content-Length 31735
GET H/1.1	200 OK	tag.js Show response deluxe.script.ag/	34 KB 12 KB	50ms 6ms	Script application/javascript	184.30.209.155 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL http://deluxe.script.ag/tag.js Requested by Host: weldondebusk.com URL: http://weldondebusk.com/data/general/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=amh@mibas.no Protocol HTTP/1.1 Server 184.30.209.155 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a184-30-209-155.deploy.static.akamaitechnologies.com Software Apache / Resource Hash `d83b628407a21e171eab4ebd3baa638ecda547d65cc8d7d4443939e5ec3a0c41` Request headers Referer http://weldondebusk.com/data/general/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=amh@mibas.no User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Thu, 25 Jan 2018 00:36:55 GMT Content-Encoding gzip Last-Modified Thu, 18 Jan 2018 17:33:28 GMT Server Apache Vary Accept-Encoding P3P CP="NOI DSP COR NID" Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes Content-Type application/javascript Content-Length 12398
GET H/1.1	200 OK	tag Show response s.thebrighttag.com/	2 KB 787 B	57ms 30ms	Script text/javascript	34.248.208.147 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://s.thebrighttag.com/tag?site=0M6ZVb2&H=bd7g9wy Requested by Host: deluxe.script.ag URL: http://deluxe.script.ag/tag.js Protocol HTTP/1.1 Server 34.248.208.147 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-34-248-208-147.eu-west-1.compute.amazonaws.com Software Jimmy/1.0 / Resource Hash `4baa0bbac9a1a132abdf4a28fd42e412ffd783c287193d331978f2678e8b1a06` Request headers Referer http://weldondebusk.com/data/general/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=amh@mibas.no User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Pragma no-cache X-BT-RequestId d85f65b0-0167-11e8-b58a-0000ac15023f Content-Encoding gzip Server Jimmy/1.0 ETag 94fb676998306f61fd8203e7dafdaa5d Vary Accept-Encoding P3P CP=NOI DSP COR NID Cache-Control private, must-revalidate Transfer-Encoding chunked Connection close Content-Type text/javascript Date Thu, 25 Jan 2018 00:36:55 GMT Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H/1.1	200 OK	tag Show response s.thebrighttag.com/	0 362 B	54ms 27ms	Script text/javascript	54.228.218.9 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://s.thebrighttag.com/tag?site=0M6ZVb2&H=bd7g9wy&referrer=http%3A%2F%2Fweldondebusk.com%2Fdata%2Fgeneral%2Findex.php%3Fl%3D_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID%26userid%3Damh%40mibas.no&mode=v2&_cb_bt_data(%27url%20domain%27)=weldondebusk.com Requested by Host: deluxe.script.ag URL: http://deluxe.script.ag/tag.js Protocol HTTP/1.1 Server 54.228.218.9 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-54-228-218-9.eu-west-1.compute.amazonaws.com Software Jimmy/1.0 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://weldondebusk.com/data/general/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=amh@mibas.no User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Pragma no-cache X-BT-RequestId d8686660-0167-11e8-a7b4-00000a0dd633 Server Jimmy/1.0 ETag d41d8cd98f00b204e9800998ecf8427e P3P CP=NOI DSP COR NID Cache-Control private, must-revalidate Date Thu, 25 Jan 2018 00:36:55 GMT Connection close Content-Type text/javascript Content-Length 0 Expires Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

deluxe.script.ag
s.thebrighttag.com
weldondebusk.com
184.30.209.155
199.204.248.124
34.248.208.147
54.228.218.9
130b513ee3dfa8e8a930c4e8cec959df9caae63c77210764cf7a82d40ad50e6d
449f6a97abfc261ff32809775f3d6ff03624594ccf1e80a6238a44f43fadd027
4baa0bbac9a1a132abdf4a28fd42e412ffd783c287193d331978f2678e8b1a06
ab8c8fe3c28c4d5293a82afed630f471b4db04995741f7c4c2f71fd25a634f96
d83b628407a21e171eab4ebd3baa638ecda547d65cc8d7d4443939e5ec3a0c41
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

weldondebusk.com Open in urlscan Pro 199.204.248.124 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

0 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

3 Countries

137 kBTransfer

158 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

0 Cookies

Indicators

weldondebusk.com Open in urlscan Pro
199.204.248.124 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

137 kB
Transfer

158 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!