yourfaztrw.com - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 69.55.55.84, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN - DigitalOcean, LLC, US. The main domain is yourfaztrw.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 7th 2019. Valid for: 3 months.

This is the only time yourfaztrw.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: OneDrive (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	45.252.248.10 45.252.248.10	63760 (AZDIGI-AS...) (AZDIGI-AS-VN AZDIGI Corporation)
1 7	69.55.55.84 69.55.55.84	14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean)
7	2

1 45.252.248.10 (Binh Duong, Viet Nam) 1 redirects

ASN63760 (AZDIGI-AS-VN AZDIGI Corporation, VN)
PTR: h6.azdigi.com

suckhoevang24h.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 69.55.55.84 (North Bergen, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)

yourfaztrw.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	yourfaztrw.com 1 redirects yourfaztrw.com	201 KB
1	suckhoevang24h.org 1 redirects suckhoevang24h.org	345 B
7	2

	Domain	Requested by
7	yourfaztrw.com	1 redirects yourfaztrw.com
1	suckhoevang24h.org	1 redirects
7	2

This site contains no links.

Subject Issuer	Validity	Valid
yourfaztrw.com cPanel, Inc. Certification Authority	`2019-02-07` - `2019-05-08`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://yourfaztrw.com/One/login.php?email=carol.palmer@vtmednet.org
Frame ID: 07A1B6623B2710EE5672DFE03CB1A23E
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://suckhoevang24h.org/wp-content/plugins/related-posts-by-taxonomy/includes/assets//?email=carol.p... HTTP 302
https://yourfaztrw.com/One/?email=carol.palmer@vtmednet.org HTTP 302
https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.17... Page URL
https://yourfaztrw.com/One/login.php?email=carol.palmer@vtmednet.org Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

7
Requests

86 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

201 kB
Transfer

200 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://suckhoevang24h.org/wp-content/plugins/related-posts-by-taxonomy/includes/assets//?email=carol.palmer@vtmednet.org HTTP 302
https://yourfaztrw.com/One/?email=carol.palmer@vtmednet.org HTTP 302
https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org Page URL
https://yourfaztrw.com/One/login.php?email=carol.palmer@vtmednet.org Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://suckhoevang24h.org/wp-content/plugins/related-posts-by-taxonomy/includes/assets//?email=carol.palmer@vtmednet.org HTTP 302
https://yourfaztrw.com/One/?email=carol.palmer@vtmednet.org HTTP 302
https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	index1.php Show response yourfaztrw.com/One/ Redirect Chain http://suckhoevang24h.org/wp-content/plugins/related-posts-by-taxonomy/includes/assets//?email=carol.palmer@vtmednet.org https://yourfaztrw.com/One/?email=carol.palmer@vtmednet.org https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org	6 KB 6 KB	104ms 103ms	Document text/html	69.55.55.84 DigitalOcean
General Check archive.org Show headers Download Go to Full URL https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 69.55.55.84 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software Apache / Resource Hash `36cb3b74eab05dfb9cfe8ee2e74e498d87b80033f6c251f4150cd0eb9433ebbd` Request headers Host yourfaztrw.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 07 Feb 2019 14:12:30 GMT Server Apache Keep-Alive timeout=5, max=99 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Date Thu, 07 Feb 2019 14:12:30 GMT Server Apache Location index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org Content-Length 0 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	404 Not Found	point.gif yourfaztrw.com/One/:abstract.simplenet.com/	354 B 354 B	110ms 107ms	Image text/html	69.55.55.84 DigitalOcean
General Check archive.org Show headers Download Go to Show image Full URL https://yourfaztrw.com/One/:abstract.simplenet.com/point.gif Requested by Host: yourfaztrw.com URL: https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 69.55.55.84 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software Apache / Resource Hash `723b72b501627fdd6029f39e99e87433f0c365b3e99759800e00f1e5fbd99f4f` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host yourfaztrw.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org Connection keep-alive Cache-Control no-cache Referer https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 07 Feb 2019 14:12:30 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 354 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	point2.html yourfaztrw.com/One/abstract.simplenet.com/	355 B 355 B	212ms 102ms	Image text/html	69.55.55.84 DigitalOcean
General Check archive.org Show headers Download Go to Show image Full URL https://yourfaztrw.com/One/abstract.simplenet.com/point2.html Requested by Host: yourfaztrw.com URL: https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 69.55.55.84 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software Apache / Resource Hash `824fe77300dde85ab948d8dddf0664a0f77d8e5d79edcde87e23755009218024` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host yourfaztrw.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org Connection keep-alive Cache-Control no-cache Referer https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 07 Feb 2019 14:12:30 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=97 Content-Length 355 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	logo.jpg yourfaztrw.com/One/files/	82 KB 83 KB	305ms 103ms	Image image/jpeg	69.55.55.84 DigitalOcean
General Check archive.org Show headers Download Go to Show image Full URL https://yourfaztrw.com/One/files/logo.jpg Requested by Host: yourfaztrw.com URL: https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 69.55.55.84 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software Apache / Resource Hash `21307da7adc5e8938405ce5202b788a129e90a226bc75e51afa8e9d1e55ef04e` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host yourfaztrw.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org Connection keep-alive Cache-Control no-cache Referer https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 07 Feb 2019 14:12:30 GMT Last-Modified Tue, 13 Nov 2018 20:34:52 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 84348
GET H/1.1	200 OK	loader.gif yourfaztrw.com/One/files/	101 KB 101 KB	343ms 102ms	Image image/gif	69.55.55.84 DigitalOcean
General Check archive.org Show headers Download Go to Show image Full URL https://yourfaztrw.com/One/files/loader.gif Requested by Host: yourfaztrw.com URL: https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 69.55.55.84 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software Apache / Resource Hash `3bfed2833f76afe747cd3ea2f0dd04dd00420e418706de65d9449b9dbf036e78` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host yourfaztrw.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org Connection keep-alive Cache-Control no-cache Referer https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 07 Feb 2019 14:12:30 GMT Last-Modified Tue, 13 Nov 2018 20:35:26 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 103415
GET H/1.1	200 OK	Primary Request login.php Show response yourfaztrw.com/One/	10 KB 10 KB	106ms 106ms	Document text/html	69.55.55.84 DigitalOcean
General Check archive.org Show headers Download Go to Full URL https://yourfaztrw.com/One/login.php?email=carol.palmer@vtmednet.org Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 69.55.55.84 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software Apache / Resource Hash `b2a37ae2c53c03d48836e073941338c7a69a18f5f905fb701df7174f6dfd3b1e` Request headers Host yourfaztrw.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://yourfaztrw.com/One/index1.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=carol.palmer@vtmednet.org Response headers Date Thu, 07 Feb 2019 14:12:41 GMT Server Apache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET		logo.jpg yourfaztrw.com/One/files/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: yourfaztrw.com
URL: https://yourfaztrw.com/One/files/logo.jpg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OneDrive (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| login

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

suckhoevang24h.org
yourfaztrw.com
yourfaztrw.com
45.252.248.10
69.55.55.84
21307da7adc5e8938405ce5202b788a129e90a226bc75e51afa8e9d1e55ef04e
36cb3b74eab05dfb9cfe8ee2e74e498d87b80033f6c251f4150cd0eb9433ebbd
3bfed2833f76afe747cd3ea2f0dd04dd00420e418706de65d9449b9dbf036e78
723b72b501627fdd6029f39e99e87433f0c365b3e99759800e00f1e5fbd99f4f
824fe77300dde85ab948d8dddf0664a0f77d8e5d79edcde87e23755009218024
b2a37ae2c53c03d48836e073941338c7a69a18f5f905fb701df7174f6dfd3b1e

yourfaztrw.com Open in urlscan Pro 69.55.55.84 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

86 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

201 kBTransfer

200 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

yourfaztrw.com Open in urlscan Pro
69.55.55.84 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

86 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

201 kB
Transfer

200 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!