217.112.95.254
Open in
urlscan Pro
217.112.95.254
Malicious Activity!
Public Scan
Effective URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Submission: On November 21 via manual from MX — Scanned from GB
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 27th 2024. Valid for: a year.
This is the only time 217.112.95.254 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
18 | 217.112.95.254 217.112.95.254 | 29550 (SIMPLYTRA...) (SIMPLYTRANSIT Simply Transit Ltd) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.250.185.195 142.250.185.195 | 15169 (GOOGLE) (GOOGLE) | |
20 | 3 |
ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB)
PTR: 217-112-95-254.static.as29550.net
217.112.95.254 |
ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
gstatic.com
fonts.gstatic.com |
18 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29 |
1 KB |
20 | 2 |
Domain | Requested by | |
---|---|---|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
217.112.95.254
|
20 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
axstand.agileincloud.com Sectigo RSA Domain Validation Secure Server CA |
2024-07-27 - 2025-07-27 |
a year | crt.sh |
upload.video.google.com WR2 |
2024-10-21 - 2025-01-13 |
3 months | crt.sh |
*.gstatic.com WR2 |
2024-10-21 - 2025-01-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Frame ID: E0F66370DD0F1D2E427760C8810F5590
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
LoginPage URL History Show full URLs
-
http://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
HTTP 307
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx Page URL
Detected technologies
Microsoft ASP.NET (Web Frameworks) ExpandDetected patterns
- \.aspx?(?:$|\?)
- <input[^>]+name="__VIEWSTATE
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
HTTP 307
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Login.aspx
217.112.95.254/admin/ Redirect Chain
|
14 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jQueryUI.css
217.112.95.254/RichWidgets/Blocks/RichWidgets/Private/ |
4 KB 1020 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Feedback_Message.css
217.112.95.254/RichWidgets/Blocks/RichWidgets/RichWidgets/ |
2 KB 756 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ADM_Login.css
217.112.95.254/Admin/Blocks/Admin/amOrgManShared/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Theme.Admin.css
217.112.95.254/admin/ |
21 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_osjs.js
217.112.95.254/admin/ |
193 KB 50 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jQueryComponents.pt.js
217.112.95.254/Admin/Blocks/RichWidgets/Private/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jQueryCookie.pt.js
217.112.95.254/Admin/Blocks/RichWidgets/Private/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jQueryCurvycorners.pt.js
217.112.95.254/Admin/Blocks/RichWidgets/Private/ |
27 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jQueryUI.pt.js
217.112.95.254/Admin/Blocks/RichWidgets/Private/ |
202 KB 51 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Container_Round.pt.js
217.112.95.254/Admin/Blocks/RichWidgets/RichWidgets/ |
1 KB 725 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Feedback_Message.pt.js
217.112.95.254/Admin/Blocks/RichWidgets/RichWidgets/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RemovePopups.pt.js
217.112.95.254/Admin/Blocks/RichWidgets/RichWidgets/ |
808 B 425 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LOGOSAFELYCAR01.png
217.112.95.254/Admin/img/ |
124 KB 124 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
menu.css
217.112.95.254/admin/css/ |
4 KB 983 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
user.png
217.112.95.254/Admin/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lock24512.png
217.112.95.254/Admin/img/ |
65 KB 65 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_status.aspx
217.112.95.254/Admin/ |
410 B 499 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ |
18 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)187 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| osjs object| osQueue object| osAjaxBackend object| osFocusBackend function| OsAjax object| os_t_e object| os_t_origin object| os_t_eventTarget object| os_t_ajaxEvent object| os_t_bucketIds function| OsAjaxDelayedTrigger number| osOnChangeTimerDelay function| OsOnChangeCheck function| OsStopOnChangeChecking function| OsStartOnChangeChecking function| OsInitializeOnChangeElement function| OsInitializeOnChange function| OsGetElementValue function| OsSetElementValue function| OsGetSelectedIndexes function| OsSetSelectedIndexes function| OsArrayIndexOf function| OsArrayEquals function| OsArrayRemoveIndex function| OsIsEqual function| OsIsDescendant function| OsIsIE function| OsFocusBaseBackend function| OsFocusBackendIE function| OsFocusBackendGecko function| OsAjaxDelayed function| OsNotifyWidget function| OsBuildAjaxEventContext function| OsCallQueue function| OsIeCleanProgressBar function| OsEndRequest function| OsExecuteNextInQueue function| OsInitializeSpanDisplay string| osRegisterEffectHighlightColor number| osRegisterEffectHighlightTime function| OsRegisterEffectHighlight number| osRegisterEffectListRemoveHighlightTime function| OsRegisterEffectListRemoveHighlight number| osRegisterEffectFadeOutTime number| osRegisterEffectFadeInTime function| OsRegisterEffectFade number| osRegisterEffectVerticalSlideUpTime number| osRegisterEffectVerticalSlideDownTime function| OsRegisterEffectVerticalSlide function| OsSetInnerHTML function| OsExtractScriptTags function| OsRemoveOldAttributes function| OsAddNewAttributes function| OsReplaceWith object| OsJSONUpdateQueue function| OsJSONUpdate function| OsRefreshElement function| OsGetAttributesObject function| OsEvaluateUserJavaScript function| OsHandleSystemException function| OsAlertExceptionHandler function| OsRegisterExceptionHandler function| OsHandleException function| OsLoadNextScript function| OsExecuteJSONUpdate function| OsExecuteTableRecordOperation function| OsExecuteListRecordOperation function| OsExecuteNextJSONUpdate function| OsSetTableRowOddEvenStyles function| OsSetRowOddEvenStyle function| OsRedirectToURL function| OsEventHandler function| OsAjaxBaseBackend function| OsAjaxBackendIFrame function| OsAjaxBackendXHR function| OsExecuteCallToServer function| OsInputPrompt_Bootstrap function| OsInputPrompt_GetInputData function| OsInputPrompt_OnFocus function| OsInputPrompt_OnBlur function| OsInputPrompt_IsEmpty function| OsInputPrompt_OnBeforeSubmit function| OsInputPrompt_OnAfterSubmit number| ctTypeNbr number| ctTypeDte number| ctTypeDtm number| ctTypeTim string| _DATE_FORMAT string| _TIME_FORMAT string| _DATE_TIME_FORMAT number| ctYMD number| ctMonthIdx number| ctYearIdx number| ctHMS number| ctTimYear number| ctTimMonth number| ctTimDay string| ctNbrThousandsSepDefault number| ctNbrDecimalPlacesDefault function| getEventSrc function| getFormat function| OsFmtFrmElemGetInfoReturn function| OsIsEmpty function| OsParseNumberToArray function| OsDataType function| OsRemoveRightSpaces function| OsRemoveLeftSpaces function| OsRemoveSpaces function| OsParseDigits function| OsParseSeparator function| OsMsgBoxError function| OsFocusReturnError function| OsFmtFrmElemGetInfo function| OsFmtValueGetPrintable function| OsFmtFrmElemValidate object| dtText object| dtInteger object| dtDecimal object| dtDate object| dtDateTime object| dtTime function| existsInArray function| continueValidation function| OsCustomValidatorCurrency function| OsCustomValidatorDate function| OsCustomValidatorDateTime function| OsCustomValidatorDecimal function| OsCustomValidatorInteger function| OsCustomValidatorPhoneNumber function| OsCustomValidatorEmail function| OsCustomValidatorText function| OsCustomValidatorTextNumeric function| OsCustomValidatorTime function| OSCustomValidatorRequiredField function| OsCustomValidator function| OsCustomValidatorUnknown function| OsLimitInput function| OsEnterKey object| MONTH_NAMES object| DAY_NAMES function| LZ function| formatDate function| _isInteger function| _getInt function| getDateFromFormat function| OsPrepareCheckboxesForSubmit function| OsFixUploadBeforeSubmit function| OsSimpleGet string| OsPage_ValidationVer boolean| OsPage_IsValid boolean| OsFocusInvalidInput string| OSINVALID_INPUT_CLASS string| OSVALIDATION_ICON_PREFIX string| OSVALIDATION_MESSAGE_PREFIX string| OSMANDATORY_SYMBOL_PREFIX function| OsUpdateInvalidClassInElement function| OsValidatorUpdateDisplay function| OsValidatorShowInvalidInput function| OsValidatorCleanDisplayMessages function| OsValidatorCleanDisplayMessage function| OsValidatorUpdateIsValid function| OsValidatorGetValue function| OsValidatorGetValueRecursive function| OsPage_GetValidationElementOrder function| OsPage_ClientValidate function| OsValidatorCommonOnSubmit function| OsValidatorValidate function| OsValidatorOnLoad function| OsCustomValidatorEvaluateIsValid function| OsRequiredFieldValidatorEvaluateIsValid function| OsValidatorTrim function| OsRemovePageValidator function| OsAddPageValidator object| redrawList function| DP_jQuery_1732166028106 function| RichWidgets_Container_Round function| RichWidgets_Container_RoundTops string| RichWidgets_Feedback_Message_notifyWidget function| RichWidgets_Feedback_Message_feedbackSlideDown function| RichWidgets_Feedback_Message_ErrorHandler object| theForm function| __doPostBack function| WebForm_OnSubmit object| OsPage_ValidatorsOrder object| OsPage_Validators boolean| OsPage_ValidationActive function| OsValidatorOnSubmit4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
217.112.95.254/ | Name: ASP.NET_SessionId Value: n25of545lqzch4450bweyuiu |
|
217.112.95.254/ | Name: osVisitor Value: b4b969f7-43d1-4eba-8b52-b9a32cd82a88 |
|
217.112.95.254/ | Name: pageLoadedFromBrowserCache Value: true |
|
217.112.95.254/ | Name: osVisit Value: d4047fb4-7345-4495-b125-0fb619cd47ff |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
142.250.185.195
217.112.95.254
2a00:1450:4001:80b::200a
1739ac2d807f1f15a339fa52056050c88360b5a578739f48245aa4977d711dac
34e70def3aada27b2536b0eea7fc83510dba07b28f51341e6e3cc02ddfd1b653
560d430808a66c4ed3b40dab83bb3ff75d09e95c34ed372fc26661489171fea1
6d81b801c5604bd2a1638fe2e6bfd363d6312347e8d691c2db7fd1eb92a0bf62
716fcc606491f5b3094b7e420f95fcac50eec81b5d7695bd92bcb3bbd35f8200
771f5ad171935b0885e7ae946afbbf04abf20a06d4865a81be0d3cf11362f049
7816e92e9070a357f9a8e88dc7dd9b4a1c59e446e862ef952431276eb86da081
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
977950095545bf2bcfdcf6c7ac648c4733965bd406c9a4f7bdd10272aac1f4f4
9f0daa9787da931c58610be80c062baa2b1dd49be0af30b495eb1c956cc97344
aaa33398a1d0781914015863d00cb0cb8da80f24f77f059490bd2a264197028e
adf768c23e06caa3676973294122e24048a1296ae400745ba47e08bd39276e06
aef31670ee76a33cd0b83875cfd41ca359ae2042123ffb7ea27b296ab8f09863
b56f1f1d2a1bebc581948fae936aec98f3d561e2495869e4f67286fbbe928764
c0825119d15b6ef993cde045a256e334b56eae2e2503308d52ca3bc694a91ec1
c150eae69b5a9e3ae4d848f49250b220fe8c4bb94e5d0bd4ce471b19e8669c31
c775743582ffc9560b915f4bddb1720e9f1a0134605b714e09b327031fc79d80
ccc0bbc658dc3deb046ea93176a8d7fa78ebd15265a49d9b2bdc59b59ccc623b
d0aee5a727f4ef509227e2704dd02cfaea8cf7e2ae42b1727308f6bb80707f2b
fcc7ebe9ed903253612b02b94a68102296ca0d821505fd2118cdd7d044e1487b