urlscan.io logo urlscan.io
SecurityTrails logo

letsqwerk.com Open in urlscan Pro
158.69.37.116  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://tinyurl.com/y3q4gtwb
Effective URL: http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
Submission: On June 27 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 6 countries across 10 domains to perform 16 HTTP transactions. The main IP is 158.69.37.116, located in Montreal, Canada and belongs to OVH, FR. The main domain is letsqwerk.com.
This is the only time letsqwerk.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
6 9 158.69.37.116 16276 (OVH)
5 5 194.9.70.19 201094 (GMHOST)
5 5 85.25.252.199 8972 (GD-EMEA-D...)
5 79.110.23.130 202023 (LLHOST //...)
1 2a00:1450:400... 15169 (GOOGLE)
3 159.182.122.37 29016 (PEARSON-AS)
2 209.197.3.15 20446 (HIGHWINDS3)
1 151.101.2.110 54113 (FASTLY)
1 162.247.242.18 23467 (NEWRELIC-...)
16 7
1    2606:4700:10::6814:db2a (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
tinyurl.com
9    158.69.37.116 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: vanilla.websavers.ca
letsqwerk.com
5    194.9.70.19 (Khmelnytskyi, Ukraine)

ASN201094 (GMHOST, UA)
PTR: 301919-vds-francisco.dawn.gmhost.pp.ua
thoughtaboutwhat.tk
5    85.25.252.199 (Germany)

ASN8972 (GD-EMEA-DC-SXB1, DE)
PTR: static-ip-85-25-252-199.inaddr.ip-pool.com
talonserinme.icu
5    79.110.23.130 (Romania)

ASN202023 (LLHOST // M247, RO)
play6624.hardmonday28.agency
1    2a00:1450:4001:821::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
fonts.googleapis.com
3    159.182.122.37 (London, United Kingdom)

ASN29016 (PEARSON-AS, GB)
PTR: mycloud-login.pearson.com
mycloud-login.pearson.com
2    209.197.3.15 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net
maxcdn.bootstrapcdn.com
1    151.101.2.110 (United States)

ASN54113 (FASTLY - Fastly, US)
js-agent.newrelic.com
1    162.247.242.18 (United States)

ASN23467 (NEWRELIC-AS-1 - New Relic, US)
PTR: bam-6.nr-data.net
bam.nr-data.net
Domain Requested by
9 letsqwerk.com 6 redirects letsqwerk.com
5 play6624.hardmonday28.agency letsqwerk.com
5 talonserinme.icu 5 redirects
5 thoughtaboutwhat.tk 5 redirects
3 mycloud-login.pearson.com letsqwerk.com
2 maxcdn.bootstrapcdn.com letsqwerk.com
1 bam.nr-data.net js-agent.newrelic.com
1 js-agent.newrelic.com letsqwerk.com
1 fonts.googleapis.com letsqwerk.com
1 tinyurl.com 1 redirects
16 10

This site contains no links.

Subject Issuer Validity Valid

1970-01-01 -
1970-01-01		 a few seconds crt.sh
*.googleapis.com
Google Internet Authority G3		 2019-06-11 -
2019-09-03		 3 months crt.sh
mycloud.pearson.com
COMODO RSA Organization Validation Secure Server CA		 2018-12-17 -
2020-12-16		 2 years crt.sh
*.bootstrapcdn.com
COMODO RSA Domain Validation Secure Server CA		 2018-10-03 -
2019-10-12		 a year crt.sh
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2019-04-10 -
2020-03-21		 a year crt.sh
*.nr-data.net
GeoTrust RSA CA 2018		 2018-01-11 -
2020-03-17		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
Frame ID: 2690D95FB9A4CB6FD48FDF12C7E2A48F
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://tinyurl.com/y3q4gtwb HTTP 301
    http://letsqwerk.com/uscbb/cloud365/ HTTP 302
    http://letsqwerk.com/uscbb/cloud365/Getuser/index.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

16
Requests

50 %
HTTPS

20 %
IPv6

10
Domains

10
Subdomains

7
IPs

6
Countries

130 kB
Transfer

364 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://tinyurl.com/y3q4gtwb HTTP 301
    http://letsqwerk.com/uscbb/cloud365/ HTTP 302
    http://letsqwerk.com/uscbb/cloud365/Getuser/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://letsqwerk.com/uscbb/cloud365/Getuser/index_files/a43b474504 HTTP 302
  • http://thoughtaboutwhat.tk/index/?6011555126850 HTTP 302
  • http://talonserinme.icu/?u=h2xkd0x&o=lxkgnum&t=1018 HTTP 302
  • http://play6624.hardmonday28.agency/5760564514/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
Request Chain 1
  • http://letsqwerk.com/uscbb/cloud365/Getuser/index_files/nr-1118.min.js.t%C3%A9l%C3%A9chargement HTTP 302
  • http://thoughtaboutwhat.tk/index/?6011555126850 HTTP 302
  • http://talonserinme.icu/?u=h2xkd0x&o=lxkgnum&t=1018 HTTP 302
  • http://play6624.hardmonday28.agency/7607138236/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
Request Chain 7
  • http://letsqwerk.com/uscbb/cloud365/Getuser/index_files/ga.scripts HTTP 302
  • http://thoughtaboutwhat.tk/index/?6011555126850 HTTP 302
  • http://talonserinme.icu/?u=h2xkd0x&o=lxkgnum&t=1018 HTTP 302
  • http://play6624.hardmonday28.agency/2045776113/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
Request Chain 8
  • http://letsqwerk.com/uscbb/cloud365/Getuser/index_files/react.scripts HTTP 302
  • http://thoughtaboutwhat.tk/index/?6011555126850 HTTP 302
  • http://talonserinme.icu/?u=h2xkd0x&o=lxkgnum&t=1018 HTTP 302
  • http://play6624.hardmonday28.agency/0017716347/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
Request Chain 9
  • http://letsqwerk.com/uscbb/cloud365/Getuser/index_files/login.scripts HTTP 302
  • http://thoughtaboutwhat.tk/index/?6011555126850 HTTP 302
  • http://talonserinme.icu/?u=h2xkd0x&o=lxkgnum&t=1018 HTTP 302
  • http://play6624.hardmonday28.agency/8571655486/?u=h2xkd0x&o=lxkgnum&t=1018&f=1

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.php
letsqwerk.com/uscbb/cloud365/Getuser/
Redirect Chain
  • https://tinyurl.com/y3q4gtwb
  • http://letsqwerk.com/uscbb/cloud365/
  • http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
19 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
Protocol
HTTP/1.1
Server
158.69.37.116 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
vanilla.websavers.ca
Software
nginx / PHP/7.0.33 PleskLin
Resource Hash
c10936583398d47dbaac2210fa9b648cb26c3a321cc158c30f8224b904a671a6

Request headers

Host
letsqwerk.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx
Date
Thu, 27 Jun 2019 10:41:16 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-Powered-By
PHP/7.0.33 PleskLin
X-Cache-PHP-Bypass
No
X-Cache-Nginx-Reason
No caching plugin used
X-Cache-Nginx-File
/var/www/vhosts/ellepique.com/letsqwerk.com//wp-content/cache/letsqwerk.com/uscbb/cloud365/Getuser/index.php.html
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Thu, 27 Jun 2019 10:41:15 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
0
Connection
keep-alive
X-Powered-By
PHP/7.0.33 PleskLin
Location
Getuser/index.php
X-Cache-PHP-Bypass
No
X-Cache-Nginx-Reason
No caching plugin used
X-Cache-Nginx-File
/var/www/vhosts/ellepique.com/letsqwerk.com//wp-content/cache/letsqwerk.com/uscbb/cloud365/.html
/
play6624.hardmonday28.agency/5760564514/
Redirect Chain
  • http://letsqwerk.com/uscbb/cloud365/Getuser/index_files/a43b474504
  • http://thoughtaboutwhat.tk/index/?6011555126850
  • http://talonserinme.icu/?u=h2xkd0x&o=lxkgnum&t=1018
  • http://play6624.hardmonday28.agency/5760564514/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://play6624.hardmonday28.agency/5760564514/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
Requested by
Host: letsqwerk.com
URL: http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
Protocol
HTTP/1.1
Security
, ,
Server
79.110.23.130 , Romania, ASN202023 (LLHOST // M247, RO),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

Location
http://play6624.hardmonday28.agency/5760564514/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
Date
Thu, 27 Jun 2019 10:41:18 GMT
Cache-Control
private
Server
nginx/1.12.0
Connection
keep-alive
X-Powered-By
ASP.NET
Content-Length
207
/
play6624.hardmonday28.agency/7607138236/
Redirect Chain
  • http://letsqwerk.com/uscbb/cloud365/Getuser/index_files/nr-1118.min.js.t%C3%A9l%C3%A9chargement
  • http://thoughtaboutwhat.tk/index/?6011555126850
  • http://talonserinme.icu/?u=h2xkd0x&o=lxkgnum&t=1018
  • http://play6624.hardmonday28.agency/7607138236/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://play6624.hardmonday28.agency/7607138236/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
Requested by
Host: letsqwerk.com
URL: http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
Protocol
HTTP/1.1
Security
, ,
Server
79.110.23.130 , Romania, ASN202023 (LLHOST // M247, RO),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

Location
http://play6624.hardmonday28.agency/7607138236/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
Date
Thu, 27 Jun 2019 10:41:17 GMT
Cache-Control
private
Server
nginx/1.12.0
Connection
keep-alive
X-Powered-By
ASP.NET
Content-Length
207
css
fonts.googleapis.com/ 		2 KB
609 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans
Requested by
Host: letsqwerk.com
URL: http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
44c4d4c588aa7b984e0ee91d211845cb588b0d17dbcd1f17bf01aa3f16f291a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 27 Jun 2019 10:41:16 GMT
server
ESF
access-control-allow-origin
*
date
Thu, 27 Jun 2019 10:41:16 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Thu, 27 Jun 2019 10:41:16 GMT
auth.styles
mycloud-login.pearson.com/ 		128 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mycloud-login.pearson.com/auth.styles?v=Uk5frXY9M6_AhH9-WQOo98wWNJbPtTuORHRJez8QlU81
Requested by
Host: letsqwerk.com
URL: http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.182.122.37 London, United Kingdom, ASN29016 (PEARSON-AS, GB),
Reverse DNS
mycloud-login.pearson.com
Software
/
Resource Hash
603d64c25281f36332bad91add7a4e0b618ab404406265bc63d633872facc845

Request headers

Referer
http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jun 2019 10:41:16 GMT
Content-Encoding
gzip
Vary
Content-Encoding
Content-Type
text/css; charset=utf-8
Cache-Control
no-cache
X-UA-Compatible
IE=edge
Content-Length
21803
Expires
-1
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 		118 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Requested by
Host: letsqwerk.com
URL: http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip0x00f.map2.ssl.hwcdn.net
Software
/
Resource Hash
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
Origin
http://letsqwerk.com

Response headers

date
Thu, 27 Jun 2019 10:41:16 GMT
content-encoding
gzip
last-modified
Wed, 12 Dec 2018 18:34:07 GMT
access-control-allow-origin
*
etag
"1544639647"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
status
200
cache-control
public, max-age=31536000
x-hello-human
Say hello back! @getBootstrapCDN on Twitter
accept-ranges
bytes
timing-allow-origin
*
content-length
19740
authentication-layout-main.min.css
letsqwerk.com/uscbb/cloud365/Getuser/index_files/ 		45 B
552 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://letsqwerk.com/uscbb/cloud365/Getuser/index_files/authentication-layout-main.min.css
Requested by
Host: letsqwerk.com
URL: http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
Protocol
HTTP/1.1
Security
, ,
Server
158.69.37.116 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
vanilla.websavers.ca
Software
nginx / PleskLin
Resource Hash
28d6e81282c7cb254232f24659416ce7d6a28003015b39aa8471f854cdb2d381

Request headers

Referer
http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Cache-PHP-Bypass
No
Date
Thu, 27 Jun 2019 10:41:16 GMT
X-Cache-Nginx-File
/var/www/vhosts/ellepique.com/letsqwerk.com//wp-content/cache/letsqwerk.com/uscbb/cloud365/Getuser/index_files/authentication-layout-main.min.css.html
Last-Modified
Wed, 26 Jun 2019 15:49:52 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"12632b9-2d-58c3bfef5b0d4"
Content-Type
text/css
X-Cache-Nginx-Reason
No caching plugin used
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
45
auth.login.styles
mycloud-login.pearson.com/ 		3 KB
1021 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mycloud-login.pearson.com/auth.login.styles?v=eBvSKpDSpsoiuEtNokr5V5fvd-EKTCeU6kBleF4Jb8s1
Requested by
Host: letsqwerk.com
URL: http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.182.122.37 London, United Kingdom, ASN29016 (PEARSON-AS, GB),
Reverse DNS
mycloud-login.pearson.com
Software
/
Resource Hash
f726115b63d8e2596f3e9e51f40d6ef0015a678a19a2a99db3ee171fdd201ef4

Request headers

Referer
http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jun 2019 10:41:16 GMT
Content-Encoding
gzip
Vary
Content-Encoding
Content-Type
text/css; charset=utf-8
Cache-Control
no-cache
X-UA-Compatible
IE=edge
Content-Length
775
Expires
-1
/
play6624.hardmonday28.agency/2045776113/
Redirect Chain
  • http://letsqwerk.com/uscbb/cloud365/Getuser/index_files/ga.scripts
  • http://thoughtaboutwhat.tk/index/?6011555126850
  • http://talonserinme.icu/?u=h2xkd0x&o=lxkgnum&t=1018
  • http://play6624.hardmonday28.agency/2045776113/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://play6624.hardmonday28.agency/2045776113/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
Requested by
Host: letsqwerk.com
URL: http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
Protocol
HTTP/1.1
Security
, ,
Server
79.110.23.130 , Romania, ASN202023 (LLHOST // M247, RO),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

Location
http://play6624.hardmonday28.agency/2045776113/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
Date
Thu, 27 Jun 2019 10:41:17 GMT
Cache-Control
private
Server
nginx/1.12.0
Connection
keep-alive
X-Powered-By
ASP.NET
Content-Length
207
/
play6624.hardmonday28.agency/0017716347/
Redirect Chain
  • http://letsqwerk.com/uscbb/cloud365/Getuser/index_files/react.scripts
  • http://thoughtaboutwhat.tk/index/?6011555126850
  • http://talonserinme.icu/?u=h2xkd0x&o=lxkgnum&t=1018
  • http://play6624.hardmonday28.agency/0017716347/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://play6624.hardmonday28.agency/0017716347/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
Requested by
Host: letsqwerk.com
URL: http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
Protocol
HTTP/1.1
Security
, ,
Server
79.110.23.130 , Romania, ASN202023 (LLHOST // M247, RO),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

Location
http://play6624.hardmonday28.agency/0017716347/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
Date
Thu, 27 Jun 2019 10:41:17 GMT
Cache-Control
private
Server
nginx/1.12.0
Connection
keep-alive
X-Powered-By
ASP.NET
Content-Length
207
/
play6624.hardmonday28.agency/8571655486/
Redirect Chain
  • http://letsqwerk.com/uscbb/cloud365/Getuser/index_files/login.scripts
  • http://thoughtaboutwhat.tk/index/?6011555126850
  • http://talonserinme.icu/?u=h2xkd0x&o=lxkgnum&t=1018
  • http://play6624.hardmonday28.agency/8571655486/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://play6624.hardmonday28.agency/8571655486/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
Requested by
Host: letsqwerk.com
URL: http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
Protocol
HTTP/1.1
Security
, ,
Server
79.110.23.130 , Romania, ASN202023 (LLHOST // M247, RO),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

Location
http://play6624.hardmonday28.agency/8571655486/?u=h2xkd0x&o=lxkgnum&t=1018&f=1
Date
Thu, 27 Jun 2019 10:41:17 GMT
Cache-Control
private
Server
nginx/1.12.0
Connection
keep-alive
X-Powered-By
ASP.NET
Content-Length
207
logo365.png
letsqwerk.com/uscbb/cloud365/ 		51 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://letsqwerk.com/uscbb/cloud365/logo365.png
Requested by
Host: letsqwerk.com
URL: http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
Protocol
HTTP/1.1
Security
, ,
Server
158.69.37.116 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
vanilla.websavers.ca
Software
nginx / PleskLin
Resource Hash
3ee60acac71318bf540421571015768cbbfdb1b09b05de90d7bff43e33104f70

Request headers

Referer
http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Cache-PHP-Bypass
No
Date
Thu, 27 Jun 2019 10:41:16 GMT
X-Cache-Nginx-File
/var/www/vhosts/ellepique.com/letsqwerk.com//wp-content/cache/letsqwerk.com/uscbb/cloud365/logo365.png.html
Last-Modified
Wed, 26 Jun 2019 15:49:52 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"12632bf-ccea-58c3bfef5b4bc"
Content-Type
image/png
X-Cache-Nginx-Reason
No caching plugin used
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
52458
signin-logo.png
mycloud-login.pearson.com/public/images/signin/ 		937 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mycloud-login.pearson.com/public/images/signin/signin-logo.png
Requested by
Host: letsqwerk.com
URL: http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.182.122.37 London, United Kingdom, ASN29016 (PEARSON-AS, GB),
Reverse DNS
mycloud-login.pearson.com
Software
/
Resource Hash
77ee378200bd9e2657e267bde40a00eae4f87d05b01fa5cb9bf1a4121abad338

Request headers

Referer
https://mycloud-login.pearson.com/auth.login.styles?v=eBvSKpDSpsoiuEtNokr5V5fvd-EKTCeU6kBleF4Jb8s1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 27 Jun 2019 10:41:17 GMT
Last-Modified
Fri, 07 Jun 2019 06:41:14 GMT
Accept-Ranges
bytes
ETag
"0e1510fc1cd51:0"
Content-Length
937
X-UA-Compatible
IE=edge
Content-Type
image/png
glyphicons-halflings-regular.woff2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2
Requested by
Host: letsqwerk.com
URL: http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip0x00f.map2.ssl.hwcdn.net
Software
/
Resource Hash
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Origin
http://letsqwerk.com

Response headers

date
Thu, 27 Jun 2019 10:41:18 GMT
content-encoding
gzip
last-modified
Wed, 12 Dec 2018 18:36:18 GMT
access-control-allow-origin
*
etag
"1544639778"
vary
Accept-Encoding
x-cache
HIT
content-type
font/woff2
status
200
cache-control
public, max-age=31536000
x-hello-human
Say hello back! @getBootstrapCDN on Twitter
accept-ranges
bytes
timing-allow-origin
*
content-length
18056
nr-1118.min.js
js-agent.newrelic.com/ 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1118.min.js
Requested by
Host: letsqwerk.com
URL: http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.110 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3622d2041fd2390dd10eb9832096e4b89d1b925565650f004aea76adbd54f5f0

Request headers

Referer
http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 27 Jun 2019 10:41:18 GMT
content-encoding
gzip
x-amz-request-id
C64472D71FBF9A1C
x-cache
HIT
status
200
content-length
9288
x-amz-id-2
Y948sdkgurhWL5tsEK+nLIRAGrSBHnA03KjmysesuMVTaIhiIt5S6hlPtkvFAWs6DVLrL24Pzjw=
x-served-by
cache-hhn4068-HHN
last-modified
Wed, 02 Jan 2019 18:42:29 GMT
server
AmazonS3
x-timer
S1561632078.416743,VS0,VE0
etag
"bc81ced41f6342ffafc5ff34bc0fc8f7"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
650
a43b474504
bam.nr-data.net/1/ 		57 B
261 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/1/a43b474504?a=12208014&v=1118.0c07c19&to=YwFQbRFYXURQAkFaXlpLf28gFntYXAR2XF9AFl1VD1xBGHgPUVZJ&rst=3250&ref=http://letsqwerk.com/uscbb/cloud365/Getuser/index.php&ap=20&be=3137&fe=3229&dc=3162&tt=747C7461706DA96C&perf=%7B%22timing%22:%7B%22of%22:1561632075182,%22n%22:0,%22f%22:1185,%22dn%22:1185,%22dne%22:1185,%22c%22:1185,%22ce%22:1185,%22rq%22:1188,%22rp%22:1292,%22rpe%22:1304,%22dl%22:1310,%22di%22:3162,%22ds%22:3162,%22de%22:3162,%22dc%22:3229,%22l%22:3229,%22le%22:3231%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1118.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.18 , United States, ASN23467 (NEWRELIC-AS-1 - New Relic, US),
Reverse DNS
bam-6.nr-data.net
Software
/
Resource Hash
33c3bf91a25c2b7a355ab82043af5b30efd739892586c6fef51a740c1429265d

Request headers

Referer
http://letsqwerk.com/uscbb/cloud365/Getuser/index.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
text/javascript;charset=ISO-8859-1
Content-Length
57
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| NREUM object| newrelic function| __nr_require function| addPolyFills object| _gaq string| themeRendered string| isRedirect function| icjp object| theBody object| expiryDate function| isPageExpired number| PAGE_EXPIRY

0 Cookies