gloriousgallops.com Open in urlscan Pro
173.212.217.99 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991...
Submission: On September 16 via automatic, source openphish (September 16th 2018, 7:59:42 am UTC)

Summary HTTP 13 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 13 HTTP transactions. The main IP is 173.212.217.99, located in Germany and belongs to CONTABO, DE. The main domain is gloriousgallops.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 20th 2018. Valid for: 3 months.

This is the only time gloriousgallops.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
10	173.212.217.99 173.212.217.99	51167 (CONTABO) (CONTABO)
2	2a02:26f0:6c0... 2a02:26f0:6c00:29f::34ef	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
13	3

10 173.212.217.99 (Germany)

ASN51167 (CONTABO, DE)
PTR: activeservers.in

gloriousgallops.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gloriousgallops.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:29f::34ef (European Union)

ASN20940 (AKAMAI-ASN1, US)

auth.gfx.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	gloriousgallops.com gloriousgallops.com www.gloriousgallops.com	346 KB
2	gfx.ms auth.gfx.ms	293 KB
1	googleapis.com fonts.googleapis.com	743 B
13	3

	Domain	Requested by
5	www.gloriousgallops.com	gloriousgallops.com
5	gloriousgallops.com	gloriousgallops.com
2	auth.gfx.ms	gloriousgallops.com
1	fonts.googleapis.com	gloriousgallops.com
13	4

This site contains links to these domains. Also see Links.

Domain
account.live.com
login.live.com

Subject Issuer	Validity	Valid
gloriousgallops.com cPanel, Inc. Certification Authority	`2018-08-20` - `2018-11-18`	3 months	crt.sh
msagfx.live.com Microsoft IT TLS CA 4	`2017-07-27` - `2019-07-17`	2 years	crt.sh
*.googleapis.com Google Internet Authority G3	`2018-08-28` - `2018-11-20`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Frame ID: CFCDD20FA94108C093E069621E12AEF1
Requests: 6 HTTP requests in this frame

Frame: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html
Frame ID: 5EF2FF69B075E3B22446CB3EFF43A85B
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

13
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

640 kB
Transfer

640 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3fwa%3dwsignin1.0%26rpsnv%3d13%26ct%3d1493260925%26rver%3d6.7.6640.0%26wp%3dMBI_SSL%26wreply%3dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%26id%3d292841%26CBCXT%3dout%26fl%3dwld%26cobrandid%3d90015%26uaid%3da8d60e23f71e4b599fedbd2dd6b98946%26pid%3d0%26contextid%3d0EE9DFF844DE79AF%26bk%3d1500403644&id=292841&uiflavor=web&cobrandid=90015&uaid=a8d60e23f71e4b599fedbd2dd6b98946&mkt=EN-US&lc=1033&bk=1500403644
Title: Forgot my password

Search URL Search Domain Scan URL

URL: https://login.live.com/logout.srf?wa=wsignin1.0&rpsnv=13&ct=1493260925&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1&id=292841&CBCXT=out&fl=wld&cobrandid=90015&uaid=a8d60e23f71e4b599fedbd2dd6b98946&pid=0&contextid=0EE9DFF844DE79AF&ru=https://outlook.live.com/owa/%3fnlp%3d1&bk=1500403644&lm=I
Title: Sign in with a different Microsoft account

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&mkt=EN-US&vv=1600
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=EN-US&vv=1600
Title: Privacy & Cookies

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set verification.php Show response
gloriousgallops.com/book/Share_doc-file/ 10 KB
10 KB 383ms
353ms Document
text/html 173.212.217.99
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.212.217.99 , Germany, ASN51167 (CONTABO, DE),
Reverse DNS: activeservers.in
Software: Apache /
Resource Hash: 2558ad9f798025d5031e64884415493d46f29d5ffaafac8db7b77fb6ce53dc8b

Request headers

Host: gloriousgallops.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: CFCDD20FA94108C093E069621E12AEF1

Response headers

Date: Sun, 16 Sep 2018 07:59:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=sugcavui85vrm5nfv49ikjlfh6; path=/
Content-Length: 10049
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK Converged1033.css
gloriousgallops.com/book/Share_doc-file/files/ 85 KB
85 KB 17ms
16ms Stylesheet
text/css 173.212.217.99
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://gloriousgallops.com/book/Share_doc-file/files/Converged1033.css
Requested by: Host: gloriousgallops.com
URL: https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.212.217.99 , Germany, ASN51167 (CONTABO, DE),
Reverse DNS: activeservers.in
Software: Apache /
Resource Hash: 0df34b37d2d23a2a5056ac368248444c36789c9f71b7e15c13e056b722f335ff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: gloriousgallops.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Cookie: PHPSESSID=sugcavui85vrm5nfv49ikjlfh6
Connection: keep-alive
Cache-Control: no-cache
Referer: https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 16 Sep 2018 07:59:30 GMT
Last-Modified: Mon, 28 Aug 2017 23:33:54 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 86974

GET
H/1.1 200
OK microsoft_logo.svg
gloriousgallops.com/book/Share_doc-file/files/ 4 KB
4 KB 45ms
21ms Image
image/svg+xml 173.212.217.99
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gloriousgallops.com/book/Share_doc-file/files/microsoft_logo.svg
Requested by: Host: gloriousgallops.com
URL: https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.212.217.99 , Germany, ASN51167 (CONTABO, DE),
Reverse DNS: activeservers.in
Software: Apache /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: gloriousgallops.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Cookie: PHPSESSID=sugcavui85vrm5nfv49ikjlfh6
Connection: keep-alive
Cache-Control: no-cache
Referer: https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 16 Sep 2018 07:59:30 GMT
Last-Modified: Mon, 28 Aug 2017 23:33:54 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3651

GET
H/1.1 200
OK picker_account_msa.svg
gloriousgallops.com/book/Share_doc-file/files/ 379 B
624 B 24ms
24ms Image
image/svg+xml 173.212.217.99
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gloriousgallops.com/book/Share_doc-file/files/picker_account_msa.svg
Requested by: Host: gloriousgallops.com
URL: https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.212.217.99 , Germany, ASN51167 (CONTABO, DE),
Reverse DNS: activeservers.in
Software: Apache /
Resource Hash: 34d8da073f47030ee94b99d84fbe68e3345bd8aaa37ea909ff2da00238447486

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: gloriousgallops.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Cookie: PHPSESSID=sugcavui85vrm5nfv49ikjlfh6
Connection: keep-alive
Cache-Control: no-cache
Referer: https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 16 Sep 2018 07:59:30 GMT
Last-Modified: Mon, 28 Aug 2017 23:33:54 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 379

GET
H/1.1 404
Not Found prefetch.html Show response
gloriousgallops.com/book/Share_doc-file/files/ Frame 5EF2 2 KB
3 KB 1134ms
1134ms Document
text/html 173.212.217.99
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html
Requested by: Host: gloriousgallops.com
URL: https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.212.217.99 , Germany, ASN51167 (CONTABO, DE),
Reverse DNS: activeservers.in
Software: Apache /
Resource Hash: af496505f9e45b2c6567cfc3f31bbb4ab9938b1b89e2eca094df1484302ed76a

Request headers

Host: gloriousgallops.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=sugcavui85vrm5nfv49ikjlfh6
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: CFCDD20FA94108C093E069621E12AEF1
Referer: https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd

Response headers

Date: Sun, 16 Sep 2018 07:59:30 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-UA-Compatible: IE=edge
Retry-After: 86400
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK 0.jpg
auth.gfx.ms/16.000.27457.4/images/Backgrounds/ 291 KB
291 KB 20ms
6ms Image
image/jpeg 2a02:26f0:6c00:29f::34ef
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://auth.gfx.ms/16.000.27457.4/images/Backgrounds/0.jpg?x=f5a9a9531b8f4bcc86eabb19472d15d5
Requested by: Host: gloriousgallops.com
URL: https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:29f::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Microsoft-IIS/8.5 /
Resource Hash: 62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214

Request headers

Referer: https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 16 Sep 2018 07:59:30 GMT
Last-Modified: Sat, 01 Jul 2017 02:01:48 GMT
PPServer: PPV: 30 H: BAYIDSPRTS3G003 V: 0
ETag: "0ce5dffdf2d21:0"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=348132
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 298105
Server: Microsoft-IIS/8.5

GET
H/1.1 200
OK 0-small.jpg
auth.gfx.ms/16.000.27457.4/images/Backgrounds/ 1 KB
1 KB 19ms
6ms Image
image/jpeg 2a02:26f0:6c00:29f::34ef
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://auth.gfx.ms/16.000.27457.4/images/Backgrounds/0-small.jpg?x=12f4b8b543125cc986c79cd85320812f
Requested by: Host: gloriousgallops.com
URL: https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:29f::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Microsoft-IIS/8.5 /
Resource Hash: c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b

Request headers

Referer: https://gloriousgallops.com/book/Share_doc-file/verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 16 Sep 2018 07:59:30 GMT
Last-Modified: Sat, 01 Jul 2017 02:01:48 GMT
PPServer: PPV: 30 H: BAYIDSPRTS3G004 V: 0
ETag: "0ce5dffdf2d21:0"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=74075
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1029
Server: Microsoft-IIS/8.5

GET
S 200 css
fonts.googleapis.com/ Frame 5EF2 4 KB
743 B 25ms
24ms Stylesheet
text/css 2a00:1450:4001:820::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,900

Requested by

Host: gloriousgallops.com
URL: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:820::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

36718ac7c7365b49b980904a0d4c402e903376485b9f7ab076d890eb8b42dbc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=86400
content-encoding: gzip
last-modified: Sun, 16 Sep 2018 07:59:31 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
date: Sun, 16 Sep 2018 07:59:31 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
x-xss-protection: 1; mode=block
expires: Sun, 16 Sep 2018 07:59:31 GMT

GET
H/1.1 200
OK bootstrap.min.css
www.gloriousgallops.com/wp-content/plugins/under-construction-page/themes/css/ Frame 5EF2 118 KB
119 KB 54ms
12ms Stylesheet
text/css 173.212.217.99
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gloriousgallops.com/wp-content/plugins/under-construction-page/themes/css/bootstrap.min.css?v=3.05
Requested by: Host: gloriousgallops.com
URL: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.212.217.99 , Germany, ASN51167 (CONTABO, DE),
Reverse DNS: activeservers.in
Software: Apache /
Resource Hash: f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.gloriousgallops.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html
Connection: keep-alive
Cache-Control: no-cache
Referer: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 16 Sep 2018 07:59:31 GMT
Last-Modified: Wed, 06 Jun 2018 06:11:53 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 121200

GET
H/1.1 200
OK common.css
www.gloriousgallops.com/wp-content/plugins/under-construction-page/themes/css/ Frame 5EF2 879 B
1 KB 64ms
20ms Stylesheet
text/css 173.212.217.99
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gloriousgallops.com/wp-content/plugins/under-construction-page/themes/css/common.css?v=3.05
Requested by: Host: gloriousgallops.com
URL: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.212.217.99 , Germany, ASN51167 (CONTABO, DE),
Reverse DNS: activeservers.in
Software: Apache /
Resource Hash: a27b620b42371fc4b1aec7d174311cfaf90b78e6c063abf4ad538d71e990e9b7

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.gloriousgallops.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html
Connection: keep-alive
Cache-Control: no-cache
Referer: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 16 Sep 2018 07:59:31 GMT
Last-Modified: Wed, 06 Jun 2018 06:11:53 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 879

GET
H/1.1 200
OK style.css
www.gloriousgallops.com/wp-content/plugins/under-construction-page/themes/windmill/ Frame 5EF2 1 KB
1 KB 66ms
18ms Stylesheet
text/css 173.212.217.99
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gloriousgallops.com/wp-content/plugins/under-construction-page/themes/windmill/style.css?v=3.05
Requested by: Host: gloriousgallops.com
URL: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.212.217.99 , Germany, ASN51167 (CONTABO, DE),
Reverse DNS: activeservers.in
Software: Apache /
Resource Hash: cf7bee71b7d2b59a0066745357af3af054aa58826b2fc3bb288f582365527309

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.gloriousgallops.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html
Connection: keep-alive
Cache-Control: no-cache
Referer: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 16 Sep 2018 07:59:31 GMT
Last-Modified: Wed, 06 Jun 2018 06:11:53 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1164

GET
H/1.1 200
OK font-awesome.min.css
www.gloriousgallops.com/wp-content/plugins/under-construction-page/themes/css/ Frame 5EF2 30 KB
31 KB 82ms
15ms Stylesheet
text/css 173.212.217.99
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gloriousgallops.com/wp-content/plugins/under-construction-page/themes/css/font-awesome.min.css?v=3.05
Requested by: Host: gloriousgallops.com
URL: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.212.217.99 , Germany, ASN51167 (CONTABO, DE),
Reverse DNS: activeservers.in
Software: Apache /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.gloriousgallops.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html
Connection: keep-alive
Cache-Control: no-cache
Referer: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 16 Sep 2018 07:59:31 GMT
Last-Modified: Wed, 06 Jun 2018 06:11:53 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 31000

GET
H/1.1 200
OK windmill.png
www.gloriousgallops.com/wp-content/plugins/under-construction-page/themes/windmill/ Frame 5EF2 92 KB
92 KB 82ms
16ms Image
image/png 173.212.217.99
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gloriousgallops.com/wp-content/plugins/under-construction-page/themes/windmill/windmill.png
Requested by: Host: gloriousgallops.com
URL: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.212.217.99 , Germany, ASN51167 (CONTABO, DE),
Reverse DNS: activeservers.in
Software: Apache /
Resource Hash: ed8cc118b21508aca29e95eb071716ccc74c109d71418db2f0887cb0a5d5615b

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.gloriousgallops.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html
Connection: keep-alive
Cache-Control: no-cache
Referer: https://gloriousgallops.com/book/Share_doc-file/files/prefetch.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 16 Sep 2018 07:59:31 GMT
Last-Modified: Wed, 06 Jun 2018 06:11:53 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 93924

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| empty

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			gloriousgallops.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: sugcavui85vrm5nfv49ikjlfh6

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.gfx.ms
fonts.googleapis.com
gloriousgallops.com
www.gloriousgallops.com
173.212.217.99
2a00:1450:4001:820::200a
2a02:26f0:6c00:29f::34ef
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0df34b37d2d23a2a5056ac368248444c36789c9f71b7e15c13e056b722f335ff
2558ad9f798025d5031e64884415493d46f29d5ffaafac8db7b77fb6ce53dc8b
34d8da073f47030ee94b99d84fbe68e3345bd8aaa37ea909ff2da00238447486
36718ac7c7365b49b980904a0d4c402e903376485b9f7ab076d890eb8b42dbc6
62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
a27b620b42371fc4b1aec7d174311cfaf90b78e6c063abf4ad538d71e990e9b7
af496505f9e45b2c6567cfc3f31bbb4ab9938b1b89e2eca094df1484302ed76a
c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b
cf7bee71b7d2b59a0066745357af3af054aa58826b2fc3bb288f582365527309
ed8cc118b21508aca29e95eb071716ccc74c109d71418db2f0887cb0a5d5615b
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

gloriousgallops.com Open in urlscan Pro 173.212.217.99 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

67 %IPv6

3 Domains

4 Subdomains

3 IPs

3 Countries

640 kBTransfer

640 kBSize

1 Cookies

4 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

Indicators

gloriousgallops.com Open in urlscan Pro
173.212.217.99 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

640 kB
Transfer

640 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!