urlscan.io logo urlscan.io
SecurityTrails logo

afaqnama.com Open in urlscan Pro
41.208.71.72  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://afaqnama.com/joomla16/templates/system/refresh.html
Submission: On April 10 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 5 HTTP transactions. The main IP is 41.208.71.72, located in Libya and belongs to GPTC-AS, LY. The main domain is afaqnama.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 7th 2017. Valid for: 3 months.
This is the only time afaqnama.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

IP Address AS Autonomous System
4 41.208.71.72 21003 (GPTC-AS)
5 2
Apex Domain
Subdomains		 Transfer
2 newofoq.com
newofoq.com Failed
918 KB
2 afaqnama.com
afaqnama.com
490 B
5 2
Domain Requested by
2 newofoq.com text
2 afaqnama.com
5 2

This site contains no links.

Subject Issuer Validity Valid
afaqnama.com
cPanel, Inc. Certification Authority		 2017-04-07 -
2017-07-06		 3 months crt.sh

This page contains 2 frames:

Frame: http://newofoq.com/images/saujanaputra-files/robscerri/moole/altweb/homepdf.html
Frame ID: 3066.1
Requests: 3 HTTP requests in this frame

Frame: data://truncated
Frame ID: 3095.1
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

5
Requests

40 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

918 kB
Transfer

2093 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request refresh.html
afaqnama.com/joomla16/templates/system/ 		162 B
162 B 		Document
General
Check archive.org
Download Go to
Full URL
https://afaqnama.com/joomla16/templates/system/refresh.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
41.208.71.72 , Libya, ASN21003 (GPTC-AS, LY),
Reverse DNS
ls13.server.ly
Software
Apache /
Resource Hash
8db6aaa5ddfd7e383c137bd27bfbf7703a18d49275d81f55b6e753ed797d6b52

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
afaqnama.com
Accept-Language
en-US,en;q=0.8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Cache-Control
no-cache
Connection
keep-alive
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Mon, 10 Apr 2017 21:56:48 GMT
Last-Modified
Fri, 07 Apr 2017 09:53:29 GMT
Server
Apache
Content-Type
text/html
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
162
homepdf.html
newofoq.com/images/saujanaputra-files/robscerri/moole/altweb/ 		0
0
favicon.ico
afaqnama.com/ 		328 B
328 B 		Other
General
Check archive.org
Download Go to
Full URL
https://afaqnama.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
41.208.71.72 , Libya, ASN21003 (GPTC-AS, LY),
Reverse DNS
ls13.server.ly
Software
Apache /
Resource Hash
6b62a3658ad247e8f30d3e9f35da5e00ffac1ea09785bd1f0a9830f659cf01da

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
afaqnama.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
https://afaqnama.com/joomla16/templates/system/refresh.html
Connection
keep-alive
Cache-Control
no-cache
Referer
https://afaqnama.com/joomla16/templates/system/refresh.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Mon, 10 Apr 2017 21:56:48 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
328
Content-Type
text/html; charset=iso-8859-1
homepdf.html
newofoq.com/images/saujanaputra-files/robscerri/moole/altweb/ Frame 3095 		917 KB
917 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://newofoq.com/images/saujanaputra-files/robscerri/moole/altweb/homepdf.html
Protocol
HTTP/1.1
Server
41.208.71.72 , Libya, ASN21003 (GPTC-AS, LY),
Reverse DNS
ls13.server.ly
Software
Apache /
Resource Hash
2af7c9fb15de768c06def3ef4186cfff1414ecc8995930db0845c8e064137b85

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
newofoq.com
Accept-Language
en-US,en;q=0.8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Cache-Control
no-cache
Connection
keep-alive
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Mon, 10 Apr 2017 21:56:48 GMT
Last-Modified
Fri, 07 Apr 2017 07:50:02 GMT
Server
Apache
Content-Type
text/html
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
939464
truncated
/ Frame 3095 		679 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
279cf7c079a6c6f161264b7e4b74a0c40810492a116061486aac004b03a2e4ab

Request headers

Upgrade-Insecure-Requests
1
Referer
http://newofoq.com/images/saujanaputra-files/robscerri/moole/altweb/homepdf.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Content-Type
text/html;charset=US-ASCII
favicon.ico
newofoq.com/ Frame 3095 		328 B
328 B 		Other
General
Check archive.org
Download Go to
Full URL
http://newofoq.com/favicon.ico
Requested by
Host: text
URL: data:text/html;truncated
Protocol
HTTP/1.1
Server
41.208.71.72 , Libya, ASN21003 (GPTC-AS, LY),
Reverse DNS
ls13.server.ly
Software
Apache /
Resource Hash
6b62a3658ad247e8f30d3e9f35da5e00ffac1ea09785bd1f0a9830f659cf01da

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
newofoq.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Cache-Control
no-cache
Connection
keep-alive
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Mon, 10 Apr 2017 21:56:49 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
328
Content-Type
text/html; charset=iso-8859-1
truncated
/ Frame 3095 		28 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
811e4c8b107e503063786ce1da6a6a8790d0904b3cdfef05037773b687f8a476

Request headers

Response headers
truncated
/ Frame 3095 		293 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
529d7dbeaed37759987ef31e12b1d0d956ad98ce052d03743c21c6d0733c182b

Request headers

Response headers
truncated
/ Frame 3095 		39 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dbd1cdf5a371a9aa096942294007926789471a7d00d9d55975be31ddf17d2f5d

Request headers

Response headers
truncated
/ Frame 3095 		54 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c44982f163dfbf0bec33fe0218d27c14bd83745a12f985409366a92de8880e2b

Request headers

Response headers
truncated
/ Frame 3095 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3e97c6ccc64c9ac1587edb55aef8b297d8d73b828245b480bc86aa4de062ed4e

Request headers

Response headers
truncated
/ Frame 3095 		73 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bfb7362b6a5d508578ebe4f1884a92dba530b76fbe6be8db4a7b771c6aacaccf

Request headers

Response headers
truncated
/ Frame 3095 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cf47dd71a230a784e848996d3d034626c87342322b5d1cac5a2984862b66d44f

Request headers

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
newofoq.com
URL
http://newofoq.com/images/saujanaputra-files/robscerri/moole/altweb/homepdf.html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies