Submitted URL: http://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Effective URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Submission: On November 21 via manual from MX — Scanned from GB

Summary

This website contacted 3 IPs in 3 countries across 2 domains to perform 20 HTTP transactions. The main IP is 217.112.95.254, located in United Kingdom and belongs to SIMPLYTRANSIT Simply Transit Ltd, GB. The main domain is 217.112.95.254.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 27th 2024. Valid for: a year.
This is the only time 217.112.95.254 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
18 217.112.95.254 29550 (SIMPLYTRA...)
1 2a00:1450:400... 15169 (GOOGLE)
1 142.250.185.195 15169 (GOOGLE)
20 3
Apex Domain
Subdomains
Transfer
1 gstatic.com
fonts.gstatic.com
18 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
1 KB
20 2
Domain Requested by
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com 217.112.95.254
20 2

This site contains no links.

Subject Issuer Validity Valid
axstand.agileincloud.com
Sectigo RSA Domain Validation Secure Server CA
2024-07-27 -
2025-07-27
a year crt.sh
upload.video.google.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
*.gstatic.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh

This page contains 1 frames:

Primary Page: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Frame ID: E0F66370DD0F1D2E427760C8810F5590
Requests: 20 HTTP requests in this frame

Screenshot

Page Title

Login

Page URL History Show full URLs

  1. http://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx HTTP 307
    https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.aspx?(?:$|\?)
  • <input[^>]+name="__VIEWSTATE

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

10 %
HTTPS

33 %
IPv6

2
Domains

2
Subdomains

3
IPs

3
Countries

338 kB
Transfer

696 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx HTTP 307
    https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Login.aspx
217.112.95.254/admin/
Redirect Chain
  • http://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
  • https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
14 KB
5 KB
Document
General
Full URL
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.112.95.254 , United Kingdom, ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB),
Reverse DNS
217-112-95-254.static.as29550.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
34e70def3aada27b2536b0eea7fc83510dba07b28f51341e6e3cc02ddfd1b653

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
private
content-encoding
gzip
content-length
4748
content-type
text/html; charset=utf-8
date
Thu, 21 Nov 2024 05:13:47 GMT
server
Microsoft-IIS/10.0
vary
Accept-Encoding
x-aspnet-version
2.0.50727
x-powered-by
ASP.NET

Redirect headers

Location
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Non-Authoritative-Reason
HttpsUpgrades
jQueryUI.css
217.112.95.254/RichWidgets/Blocks/RichWidgets/Private/
4 KB
1020 B
Stylesheet
General
Full URL
https://217.112.95.254/RichWidgets/Blocks/RichWidgets/Private/jQueryUI.css?5
Requested by
Host: 217.112.95.254
URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.112.95.254 , United Kingdom, ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB),
Reverse DNS
217-112-95-254.static.as29550.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
9f0daa9787da931c58610be80c062baa2b1dd49be0af30b495eb1c956cc97344

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx

Response headers

content-encoding
gzip
etag
"08e25fe7e37d71:0"
accept-ranges
bytes
content-length
963
date
Thu, 21 Nov 2024 05:13:47 GMT
content-type
text/css
last-modified
Thu, 22 Apr 2021 13:54:20 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
Feedback_Message.css
217.112.95.254/RichWidgets/Blocks/RichWidgets/RichWidgets/
2 KB
756 B
Stylesheet
General
Full URL
https://217.112.95.254/RichWidgets/Blocks/RichWidgets/RichWidgets/Feedback_Message.css?5
Requested by
Host: 217.112.95.254
URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.112.95.254 , United Kingdom, ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB),
Reverse DNS
217-112-95-254.static.as29550.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
7816e92e9070a357f9a8e88dc7dd9b4a1c59e446e862ef952431276eb86da081

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx

Response headers

content-encoding
gzip
etag
"53e93ffe7e37d71:0"
accept-ranges
bytes
content-length
663
date
Thu, 21 Nov 2024 05:13:47 GMT
content-type
text/css
last-modified
Thu, 22 Apr 2021 13:54:20 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
ADM_Login.css
217.112.95.254/Admin/Blocks/Admin/amOrgManShared/
6 KB
2 KB
Stylesheet
General
Full URL
https://217.112.95.254/Admin/Blocks/Admin/amOrgManShared/ADM_Login.css?143
Requested by
Host: 217.112.95.254
URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.112.95.254 , United Kingdom, ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB),
Reverse DNS
217-112-95-254.static.as29550.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
c0825119d15b6ef993cde045a256e334b56eae2e2503308d52ca3bc694a91ec1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx

Response headers

content-encoding
gzip
etag
"0dd5b7815f3da1:0"
accept-ranges
bytes
content-length
1591
date
Thu, 21 Nov 2024 05:13:47 GMT
content-type
text/css
last-modified
Tue, 20 Aug 2024 15:27:30 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
Theme.Admin.css
217.112.95.254/admin/
21 KB
4 KB
Stylesheet
General
Full URL
https://217.112.95.254/admin/Theme.Admin.css?143
Requested by
Host: 217.112.95.254
URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.112.95.254 , United Kingdom, ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB),
Reverse DNS
217-112-95-254.static.as29550.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
ccc0bbc658dc3deb046ea93176a8d7fa78ebd15265a49d9b2bdc59b59ccc623b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx

Response headers

content-encoding
gzip
etag
"0dd5b7815f3da1:0"
accept-ranges
bytes
content-length
4488
date
Thu, 21 Nov 2024 05:13:47 GMT
content-type
text/css
last-modified
Tue, 20 Aug 2024 15:27:30 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
_osjs.js
217.112.95.254/admin/
193 KB
50 KB
Script
General
Full URL
https://217.112.95.254/admin/_osjs.js?7_0_1_28
Requested by
Host: 217.112.95.254
URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.112.95.254 , United Kingdom, ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB),
Reverse DNS
217-112-95-254.static.as29550.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
6d81b801c5604bd2a1638fe2e6bfd363d6312347e8d691c2db7fd1eb92a0bf62

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx

Response headers

content-encoding
gzip
etag
"8019927615f3da1:0"
accept-ranges
bytes
content-length
51130
date
Thu, 21 Nov 2024 05:13:47 GMT
content-type
application/javascript
last-modified
Tue, 20 Aug 2024 15:27:27 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
jQueryComponents.pt.js
217.112.95.254/Admin/Blocks/RichWidgets/Private/
2 KB
1 KB
Script
General
Full URL
https://217.112.95.254/Admin/Blocks/RichWidgets/Private/jQueryComponents.pt.js?5
Requested by
Host: 217.112.95.254
URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.112.95.254 , United Kingdom, ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB),
Reverse DNS
217-112-95-254.static.as29550.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
716fcc606491f5b3094b7e420f95fcac50eec81b5d7695bd92bcb3bbd35f8200

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx

Response headers

content-encoding
gzip
etag
"55a63fc7e37d71:0"
accept-ranges
bytes
content-length
1241
date
Thu, 21 Nov 2024 05:13:47 GMT
content-type
application/javascript
last-modified
Thu, 22 Apr 2021 13:54:17 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
jQueryCookie.pt.js
217.112.95.254/Admin/Blocks/RichWidgets/Private/
4 KB
2 KB
Script
General
Full URL
https://217.112.95.254/Admin/Blocks/RichWidgets/Private/jQueryCookie.pt.js?5
Requested by
Host: 217.112.95.254
URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.112.95.254 , United Kingdom, ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB),
Reverse DNS
217-112-95-254.static.as29550.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
aaa33398a1d0781914015863d00cb0cb8da80f24f77f059490bd2a264197028e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx

Response headers

content-encoding
gzip
etag
"80ca5bfc7e37d71:0"
accept-ranges
bytes
content-length
1518
date
Thu, 21 Nov 2024 05:13:47 GMT
content-type
application/javascript
last-modified
Thu, 22 Apr 2021 13:54:17 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
jQueryCurvycorners.pt.js
217.112.95.254/Admin/Blocks/RichWidgets/Private/
27 KB
7 KB
Script
General
Full URL
https://217.112.95.254/Admin/Blocks/RichWidgets/Private/jQueryCurvycorners.pt.js?5
Requested by
Host: 217.112.95.254
URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.112.95.254 , United Kingdom, ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB),
Reverse DNS
217-112-95-254.static.as29550.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
c775743582ffc9560b915f4bddb1720e9f1a0134605b714e09b327031fc79d80

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx

Response headers

content-encoding
gzip
etag
"80ca5bfc7e37d71:0"
accept-ranges
bytes
content-length
7163
date
Thu, 21 Nov 2024 05:13:47 GMT
content-type
application/javascript
last-modified
Thu, 22 Apr 2021 13:54:17 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
jQueryUI.pt.js
217.112.95.254/Admin/Blocks/RichWidgets/Private/
202 KB
51 KB
Script
General
Full URL
https://217.112.95.254/Admin/Blocks/RichWidgets/Private/jQueryUI.pt.js?5
Requested by
Host: 217.112.95.254
URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.112.95.254 , United Kingdom, ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB),
Reverse DNS
217-112-95-254.static.as29550.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
1739ac2d807f1f15a339fa52056050c88360b5a578739f48245aa4977d711dac

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx

Response headers

content-encoding
gzip
etag
"08e25fe7e37d71:0"
accept-ranges
bytes
content-length
51695
date
Thu, 21 Nov 2024 05:13:47 GMT
content-type
application/javascript
last-modified
Thu, 22 Apr 2021 13:54:20 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
Container_Round.pt.js
217.112.95.254/Admin/Blocks/RichWidgets/RichWidgets/
1 KB
725 B
Script
General
Full URL
https://217.112.95.254/Admin/Blocks/RichWidgets/RichWidgets/Container_Round.pt.js?5
Requested by
Host: 217.112.95.254
URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.112.95.254 , United Kingdom, ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB),
Reverse DNS
217-112-95-254.static.as29550.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
c150eae69b5a9e3ae4d848f49250b220fe8c4bb94e5d0bd4ce471b19e8669c31

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx

Response headers

content-encoding
gzip
etag
"7359b2fe7e37d71:0"
accept-ranges
bytes
content-length
667
date
Thu, 21 Nov 2024 05:13:47 GMT
content-type
application/javascript
last-modified
Thu, 22 Apr 2021 13:54:20 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
Feedback_Message.pt.js
217.112.95.254/Admin/Blocks/RichWidgets/RichWidgets/
3 KB
1 KB
Script
General
Full URL
https://217.112.95.254/Admin/Blocks/RichWidgets/RichWidgets/Feedback_Message.pt.js?5
Requested by
Host: 217.112.95.254
URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.112.95.254 , United Kingdom, ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB),
Reverse DNS
217-112-95-254.static.as29550.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
aef31670ee76a33cd0b83875cfd41ca359ae2042123ffb7ea27b296ab8f09863

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx

Response headers

content-encoding
gzip
etag
"08e25fe7e37d71:0"
accept-ranges
bytes
content-length
1160
date
Thu, 21 Nov 2024 05:13:47 GMT
content-type
application/javascript
last-modified
Thu, 22 Apr 2021 13:54:20 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
RemovePopups.pt.js
217.112.95.254/Admin/Blocks/RichWidgets/RichWidgets/
808 B
425 B
Script
General
Full URL
https://217.112.95.254/Admin/Blocks/RichWidgets/RichWidgets/RemovePopups.pt.js?5
Requested by
Host: 217.112.95.254
URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.112.95.254 , United Kingdom, ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB),
Reverse DNS
217-112-95-254.static.as29550.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b56f1f1d2a1bebc581948fae936aec98f3d561e2495869e4f67286fbbe928764

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx

Response headers

content-encoding
gzip
etag
"5f9481fe7e37d71:0"
accept-ranges
bytes
content-length
367
date
Thu, 21 Nov 2024 05:13:47 GMT
content-type
application/javascript
last-modified
Thu, 22 Apr 2021 13:54:20 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
css
fonts.googleapis.com/
2 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto
Requested by
Host: 217.112.95.254
URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
adf768c23e06caa3676973294122e24048a1296ae400745ba47e08bd39276e06
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://217.112.95.254/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Thu, 21 Nov 2024 05:13:48 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 21 Nov 2024 05:13:48 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Thu, 21 Nov 2024 03:55:27 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
LOGOSAFELYCAR01.png
217.112.95.254/Admin/img/
124 KB
124 KB
Image
General
Full URL
https://217.112.95.254/Admin/img/LOGOSAFELYCAR01.png?143
Requested by
Host: 217.112.95.254
URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.112.95.254 , United Kingdom, ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB),
Reverse DNS
217-112-95-254.static.as29550.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
771f5ad171935b0885e7ae946afbbf04abf20a06d4865a81be0d3cf11362f049

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx

Response headers

etag
"29970c01538d71:0"
accept-ranges
bytes
content-length
126817
date
Thu, 21 Nov 2024 05:13:47 GMT
content-type
image/png
last-modified
Fri, 23 Apr 2021 07:53:30 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
menu.css
217.112.95.254/admin/css/
4 KB
983 B
Stylesheet
General
Full URL
https://217.112.95.254/admin/css/menu.css
Requested by
Host: 217.112.95.254
URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.112.95.254 , United Kingdom, ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB),
Reverse DNS
217-112-95-254.static.as29550.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
977950095545bf2bcfdcf6c7ac648c4733965bd406c9a4f7bdd10272aac1f4f4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx

Response headers

content-encoding
gzip
etag
"038e5b9347d71:0"
accept-ranges
bytes
content-length
903
date
Thu, 21 Nov 2024 05:13:47 GMT
content-type
text/css
last-modified
Wed, 12 May 2021 07:52:16 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
user.png
217.112.95.254/Admin/img/
2 KB
2 KB
Image
General
Full URL
https://217.112.95.254/Admin/img/user.png?143
Requested by
Host: 217.112.95.254
URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.112.95.254 , United Kingdom, ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB),
Reverse DNS
217-112-95-254.static.as29550.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
fcc7ebe9ed903253612b02b94a68102296ca0d821505fd2118cdd7d044e1487b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx

Response headers

etag
"ff8191d57e37d71:0"
accept-ranges
bytes
content-length
2453
date
Thu, 21 Nov 2024 05:13:47 GMT
content-type
image/png
last-modified
Thu, 22 Apr 2021 13:53:11 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
lock24512.png
217.112.95.254/Admin/img/
65 KB
65 KB
Image
General
Full URL
https://217.112.95.254/Admin/img/lock24512.png?143
Requested by
Host: 217.112.95.254
URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.112.95.254 , United Kingdom, ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB),
Reverse DNS
217-112-95-254.static.as29550.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
d0aee5a727f4ef509227e2704dd02cfaea8cf7e2ae42b1727308f6bb80707f2b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx

Response headers

etag
"a11f8fd57e37d71:0"
accept-ranges
bytes
content-length
66578
date
Thu, 21 Nov 2024 05:13:47 GMT
content-type
image/png
last-modified
Thu, 22 Apr 2021 13:53:11 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
_status.aspx
217.112.95.254/Admin/
410 B
499 B
XHR
General
Full URL
https://217.112.95.254/Admin/_status.aspx
Requested by
Host: 217.112.95.254
URL: https://217.112.95.254/admin/_osjs.js?7_0_1_28
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.112.95.254 , United Kingdom, ASN29550 (SIMPLYTRANSIT Simply Transit Ltd, GB),
Reverse DNS
217-112-95-254.static.as29550.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
560d430808a66c4ed3b40dab83bb3ff75d09e95c34ed372fc26661489171fea1

Request headers

Referer
https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
*/*

Response headers

cache-control
private
x-aspnet-version
2.0.50727
content-encoding
gzip
content-length
388
date
Thu, 21 Nov 2024 05:13:47 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/
18 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://217.112.95.254
Referer
https://fonts.googleapis.com/

Response headers

age
143706
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 19 Nov 2025 13:18:42 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 19 Nov 2024 13:18:42 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18536
x-xss-protection
0
server
sffe

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

187 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| osjs object| osQueue object| osAjaxBackend object| osFocusBackend function| OsAjax object| os_t_e object| os_t_origin object| os_t_eventTarget object| os_t_ajaxEvent object| os_t_bucketIds function| OsAjaxDelayedTrigger number| osOnChangeTimerDelay function| OsOnChangeCheck function| OsStopOnChangeChecking function| OsStartOnChangeChecking function| OsInitializeOnChangeElement function| OsInitializeOnChange function| OsGetElementValue function| OsSetElementValue function| OsGetSelectedIndexes function| OsSetSelectedIndexes function| OsArrayIndexOf function| OsArrayEquals function| OsArrayRemoveIndex function| OsIsEqual function| OsIsDescendant function| OsIsIE function| OsFocusBaseBackend function| OsFocusBackendIE function| OsFocusBackendGecko function| OsAjaxDelayed function| OsNotifyWidget function| OsBuildAjaxEventContext function| OsCallQueue function| OsIeCleanProgressBar function| OsEndRequest function| OsExecuteNextInQueue function| OsInitializeSpanDisplay string| osRegisterEffectHighlightColor number| osRegisterEffectHighlightTime function| OsRegisterEffectHighlight number| osRegisterEffectListRemoveHighlightTime function| OsRegisterEffectListRemoveHighlight number| osRegisterEffectFadeOutTime number| osRegisterEffectFadeInTime function| OsRegisterEffectFade number| osRegisterEffectVerticalSlideUpTime number| osRegisterEffectVerticalSlideDownTime function| OsRegisterEffectVerticalSlide function| OsSetInnerHTML function| OsExtractScriptTags function| OsRemoveOldAttributes function| OsAddNewAttributes function| OsReplaceWith object| OsJSONUpdateQueue function| OsJSONUpdate function| OsRefreshElement function| OsGetAttributesObject function| OsEvaluateUserJavaScript function| OsHandleSystemException function| OsAlertExceptionHandler function| OsRegisterExceptionHandler function| OsHandleException function| OsLoadNextScript function| OsExecuteJSONUpdate function| OsExecuteTableRecordOperation function| OsExecuteListRecordOperation function| OsExecuteNextJSONUpdate function| OsSetTableRowOddEvenStyles function| OsSetRowOddEvenStyle function| OsRedirectToURL function| OsEventHandler function| OsAjaxBaseBackend function| OsAjaxBackendIFrame function| OsAjaxBackendXHR function| OsExecuteCallToServer function| OsInputPrompt_Bootstrap function| OsInputPrompt_GetInputData function| OsInputPrompt_OnFocus function| OsInputPrompt_OnBlur function| OsInputPrompt_IsEmpty function| OsInputPrompt_OnBeforeSubmit function| OsInputPrompt_OnAfterSubmit number| ctTypeNbr number| ctTypeDte number| ctTypeDtm number| ctTypeTim string| _DATE_FORMAT string| _TIME_FORMAT string| _DATE_TIME_FORMAT number| ctYMD number| ctMonthIdx number| ctYearIdx number| ctHMS number| ctTimYear number| ctTimMonth number| ctTimDay string| ctNbrThousandsSepDefault number| ctNbrDecimalPlacesDefault function| getEventSrc function| getFormat function| OsFmtFrmElemGetInfoReturn function| OsIsEmpty function| OsParseNumberToArray function| OsDataType function| OsRemoveRightSpaces function| OsRemoveLeftSpaces function| OsRemoveSpaces function| OsParseDigits function| OsParseSeparator function| OsMsgBoxError function| OsFocusReturnError function| OsFmtFrmElemGetInfo function| OsFmtValueGetPrintable function| OsFmtFrmElemValidate object| dtText object| dtInteger object| dtDecimal object| dtDate object| dtDateTime object| dtTime function| existsInArray function| continueValidation function| OsCustomValidatorCurrency function| OsCustomValidatorDate function| OsCustomValidatorDateTime function| OsCustomValidatorDecimal function| OsCustomValidatorInteger function| OsCustomValidatorPhoneNumber function| OsCustomValidatorEmail function| OsCustomValidatorText function| OsCustomValidatorTextNumeric function| OsCustomValidatorTime function| OSCustomValidatorRequiredField function| OsCustomValidator function| OsCustomValidatorUnknown function| OsLimitInput function| OsEnterKey object| MONTH_NAMES object| DAY_NAMES function| LZ function| formatDate function| _isInteger function| _getInt function| getDateFromFormat function| OsPrepareCheckboxesForSubmit function| OsFixUploadBeforeSubmit function| OsSimpleGet string| OsPage_ValidationVer boolean| OsPage_IsValid boolean| OsFocusInvalidInput string| OSINVALID_INPUT_CLASS string| OSVALIDATION_ICON_PREFIX string| OSVALIDATION_MESSAGE_PREFIX string| OSMANDATORY_SYMBOL_PREFIX function| OsUpdateInvalidClassInElement function| OsValidatorUpdateDisplay function| OsValidatorShowInvalidInput function| OsValidatorCleanDisplayMessages function| OsValidatorCleanDisplayMessage function| OsValidatorUpdateIsValid function| OsValidatorGetValue function| OsValidatorGetValueRecursive function| OsPage_GetValidationElementOrder function| OsPage_ClientValidate function| OsValidatorCommonOnSubmit function| OsValidatorValidate function| OsValidatorOnLoad function| OsCustomValidatorEvaluateIsValid function| OsRequiredFieldValidatorEvaluateIsValid function| OsValidatorTrim function| OsRemovePageValidator function| OsAddPageValidator object| redrawList function| DP_jQuery_1732166028106 function| RichWidgets_Container_Round function| RichWidgets_Container_RoundTops string| RichWidgets_Feedback_Message_notifyWidget function| RichWidgets_Feedback_Message_feedbackSlideDown function| RichWidgets_Feedback_Message_ErrorHandler object| theForm function| __doPostBack function| WebForm_OnSubmit object| OsPage_ValidatorsOrder object| OsPage_Validators boolean| OsPage_ValidationActive function| OsValidatorOnSubmit

4 Cookies

Domain/Path Name / Value
217.112.95.254/ Name: ASP.NET_SessionId
Value: n25of545lqzch4450bweyuiu
217.112.95.254/ Name: osVisitor
Value: b4b969f7-43d1-4eba-8b52-b9a32cd82a88
217.112.95.254/ Name: pageLoadedFromBrowserCache
Value: true
217.112.95.254/ Name: osVisit
Value: d4047fb4-7345-4495-b125-0fb619cd47ff

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://217.112.95.254/admin/Login.aspx?OriginalURL=http://217.112.95.254/admin/Marca_List.aspx
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
142.250.185.195
217.112.95.254
2a00:1450:4001:80b::200a
1739ac2d807f1f15a339fa52056050c88360b5a578739f48245aa4977d711dac
34e70def3aada27b2536b0eea7fc83510dba07b28f51341e6e3cc02ddfd1b653
560d430808a66c4ed3b40dab83bb3ff75d09e95c34ed372fc26661489171fea1
6d81b801c5604bd2a1638fe2e6bfd363d6312347e8d691c2db7fd1eb92a0bf62
716fcc606491f5b3094b7e420f95fcac50eec81b5d7695bd92bcb3bbd35f8200
771f5ad171935b0885e7ae946afbbf04abf20a06d4865a81be0d3cf11362f049
7816e92e9070a357f9a8e88dc7dd9b4a1c59e446e862ef952431276eb86da081
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
977950095545bf2bcfdcf6c7ac648c4733965bd406c9a4f7bdd10272aac1f4f4
9f0daa9787da931c58610be80c062baa2b1dd49be0af30b495eb1c956cc97344
aaa33398a1d0781914015863d00cb0cb8da80f24f77f059490bd2a264197028e
adf768c23e06caa3676973294122e24048a1296ae400745ba47e08bd39276e06
aef31670ee76a33cd0b83875cfd41ca359ae2042123ffb7ea27b296ab8f09863
b56f1f1d2a1bebc581948fae936aec98f3d561e2495869e4f67286fbbe928764
c0825119d15b6ef993cde045a256e334b56eae2e2503308d52ca3bc694a91ec1
c150eae69b5a9e3ae4d848f49250b220fe8c4bb94e5d0bd4ce471b19e8669c31
c775743582ffc9560b915f4bddb1720e9f1a0134605b714e09b327031fc79d80
ccc0bbc658dc3deb046ea93176a8d7fa78ebd15265a49d9b2bdc59b59ccc623b
d0aee5a727f4ef509227e2704dd02cfaea8cf7e2ae42b1727308f6bb80707f2b
fcc7ebe9ed903253612b02b94a68102296ca0d821505fd2118cdd7d044e1487b