shop.gofortravel.co.uk
Open in
urlscan Pro
162.244.93.71
Malicious Activity!
Public Scan
Effective URL: https://shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/login.php?cm...
Submission: On June 13 via manual from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 8th 2018. Valid for: 3 months.
This is the only time shop.gofortravel.co.uk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Dropbox (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 104.31.14.172 104.31.14.172 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
3 17 | 162.244.93.71 162.244.93.71 | 53667 (PONYNET) (PONYNET - FranTech Solutions) | |
16 | 2 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
is.gd |
ASN53667 (PONYNET - FranTech Solutions, US)
shop.gofortravel.co.uk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
gofortravel.co.uk
3 redirects
shop.gofortravel.co.uk |
172 KB |
1 |
is.gd
1 redirects
is.gd |
332 B |
0 |
googleapis.com
Failed
fonts.googleapis.com Failed |
|
16 | 3 |
Domain | Requested by | |
---|---|---|
17 | shop.gofortravel.co.uk |
3 redirects
shop.gofortravel.co.uk
|
1 | is.gd | 1 redirects |
0 | fonts.googleapis.com Failed |
shop.gofortravel.co.uk
|
16 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
shop.gofortravel.co.uk cPanel, Inc. Certification Authority |
2018-05-08 - 2018-08-06 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/login.php?cmd=login_submit&id=3c59d39a0f32cb8c337eeb37962823543c59d39a0f32cb8c337eeb3796282354&session=3c59d39a0f32cb8c337eeb37962823543c59d39a0f32cb8c337eeb3796282354
Frame ID: 1DD77659A13B513321CEE5E7DFE08F59
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://is.gd/eyVkCN
HTTP 301
https://shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/ HTTP 302
https://shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece... HTTP 301
https://shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece... HTTP 302
https://shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece... Page URL
Detected technologies
LiteSpeed (Web Servers) ExpandDetected patterns
- headers server /^LiteSpeed$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://is.gd/eyVkCN
HTTP 301
https://shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/ HTTP 302
https://shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1 HTTP 301
https://shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/ HTTP 302
https://shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/login.php?cmd=login_submit&id=3c59d39a0f32cb8c337eeb37962823543c59d39a0f32cb8c337eeb3796282354&session=3c59d39a0f32cb8c337eeb37962823543c59d39a0f32cb8c337eeb3796282354 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.php
shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/ Redirect Chain
|
9 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
style.css
shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
reset.css
shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/css/ |
265 B 307 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gcontainer.css
shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/css/ |
3 KB 963 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
em-valid.js
shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/js/java2/ |
259 B 341 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.11.1.min.js
shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/js/java2/ |
567 B 609 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Screenshot_1.png
shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/images/ |
108 KB 108 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.png
shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/images/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
live.png
shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/images/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
off.png
shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
other.png
shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/images/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web.png
shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
work.png
shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/images/ |
26 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e-m-a-i.png
shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/style-images/ |
0 29 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
css
fonts.googleapis.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- shop.gofortravel.co.uk
- URL
- https://shop.gofortravel.co.uk/dropbox/365dropbox/securedview/company/investfiles/be3bd944e033db13e20817ece861acd1/style.css
- Domain
- fonts.googleapis.com
- URL
- http://fonts.googleapis.com/css?family=Yanone+Kaffeesatz
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Dropbox (Consumer)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| validateForm function| ValidateContactForm0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
is.gd
shop.gofortravel.co.uk
fonts.googleapis.com
shop.gofortravel.co.uk
104.31.14.172
162.244.93.71
0daa6430508490437200b512c5a176d1b1df0d60bc7bed373d421875c69f2baf
2601d7e2f5da0a6aa6b9503c99c79ef50cb40d1f91c14278379f86ecfdbc28af
32236e194e73be0d4a7b62e8cc21ea09daa3867c97d4f150d7b8fa916994ac47
3cddc5ea4ff7f1983b5d9d6053ccbfb48a29f57ded969f67ba693ec968e316ae
4583d48494416deed1822b99f8b391cefe5c5429e930010a97a5e7bf3e373d63
4589d223b4c7a29d5328291fef61838747ceeb393fcf2bb33ed8be7ca1f9a2fb
50763d2d5cecbc57718b86478438b2fef9c24aea05c068988fbf9a79d594d436
5e3174864bfb85268c866aedc4d677119dd7a932acc5e2f5bc33e0eece91bc80
5ec1977be773e0ed70e040f4e627818e00ebdaaee36b87264e76aa1c80148c65
7432c805974fb008eabaab6346412e2b74bb1bd7f4e61e9c5d1e1f2d10cf98f2
8e9666cc2f4b1c894acfd975c792b316f6c966a7348088a198fb43f9ec9c51b8
a4342adace3edf284d8181f22a899b8f642f83e80d2553ecab0882812594e988
d1ceea8ad7e9a665d58bae70a59f1d76d3c8d7fe49ea93be8eb2ada6cd00b6ac
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855