urlscan.io logo urlscan.io
SecurityTrails logo

microgreen.no Open in urlscan Pro
164.132.160.172  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://microgreen.no/wp-content/uploads/files/googlephotos/album/
Submission: On January 11 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 4 HTTP transactions. The main IP is 164.132.160.172, located in France and belongs to OVH, FR. The main domain is microgreen.no.
This is the only time microgreen.no was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

IP Address AS Autonomous System
1 164.132.160.172 16276 (OVH)
1 151.101.122.2 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
4 4
Apex Domain
Subdomains		 Transfer
2 gstatic.com
fonts.gstatic.com
25 KB
1 giphy.com
media.giphy.com
261 KB
1 microgreen.no
microgreen.no
162 KB
4 3
Domain Requested by
2 fonts.gstatic.com microgreen.no
1 media.giphy.com microgreen.no
1 microgreen.no
4 3

This site contains links to these domains. Also see Links.

Domain
support.google.com
accounts.google.com
Subject Issuer Validity Valid
f2.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2018-12-03 -
2019-09-07		 9 months crt.sh

This page contains 1 frames:

Primary Page: http://microgreen.no/wp-content/uploads/files/googlephotos/album/
Frame ID: 3C95FC013DF45B80D596B80B472314A9
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

4
Requests

25 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

449 kB
Transfer

448 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
microgreen.no/wp-content/uploads/files/googlephotos/album/ 		162 KB
162 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://microgreen.no/wp-content/uploads/files/googlephotos/album/
Protocol
HTTP/1.1
Server
164.132.160.172 , France, ASN16276 (OVH, FR),
Reverse DNS
vhost4.aleo.no
Software
Apache / PleskLin
Resource Hash
48e715cc6c9613fb50e0c295b09e39e458db0d3e5303d8dcb0959f908cf83156

Request headers

Host
microgreen.no
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 11 Jan 2019 17:18:08 GMT
Server
Apache
Last-Modified
Wed, 22 Aug 2018 22:29:24 GMT
ETag
"2886e-5740dacad7900"
Accept-Ranges
bytes
Content-Length
165998
X-Powered-By
PleskLin
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
giphy.gif
media.giphy.com/media/TK4yMeRswlKWA/ 		261 KB
261 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.giphy.com/media/TK4yMeRswlKWA/giphy.gif
Requested by
Host: microgreen.no
URL: http://microgreen.no/wp-content/uploads/files/googlephotos/album/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.122.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
7511854b79d597712df17b8212a6f9ed9b1f8fcd5c6b0cbc9519b425ff01c643

Request headers

Referer
http://microgreen.no/wp-content/uploads/files/googlephotos/album/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 11 Jan 2019 17:18:14 GMT
via
1.1 varnish, 1.1 varnish
last-modified
Tue, 01 Sep 2015 16:04:48 GMT
age
3714418
etag
"730969a26d71184a84c5ffc78440a4bc"
x-cache
HIT, HIT
content-type
image/gif
status
200
cache-control
max-age=86400
x-cache-hits
1, 1
accept-ranges
bytes
x-timer
S1547227095.957351,VS0,VE1
access-control-allow-origin
*
content-length
267247
x-served-by
cache-iad2133-IAD, cache-cdg20739-CDG
truncated
/ 		356 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bbb22484b6ac90a9bcddc4158e5b530c078c475b78ceab0a9873719ec7e87eb9

Request headers

Response headers

Content-Type
image/png
CWB0XYA8bzo0kSThX0UTuA.woff2
fonts.gstatic.com/s/roboto/v15/ 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/roboto/v15/CWB0XYA8bzo0kSThX0UTuA.woff2
Requested by
Host: microgreen.no
URL: http://microgreen.no/wp-content/uploads/files/googlephotos/album/
Protocol
HTTP/1.1
Server
2a00:1450:4001:819::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
f7bbc8461b2f4cc870743729ee5d44ce0466ca67618f89a8942b655f8a644e68
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://microgreen.no/wp-content/uploads/files/googlephotos/album/
Origin
http://microgreen.no

Response headers

Date
Thu, 20 Dec 2018 18:32:39 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 14 Jan 2015 22:47:37 GMT
Server
sffe
Age
1896335
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
14584
X-XSS-Protection
1; mode=block
Expires
Fri, 20 Dec 2019 18:32:39 GMT
truncated
/ 		267 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548

Request headers

Response headers

Content-Type
image/svg+xml;charset=UTF-8
mErvLBYg_cXG3rLvUsKT_fesZW2xOQ-xsNqO47m55DA.woff2
fonts.gstatic.com/s/roboto/v15/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/roboto/v15/mErvLBYg_cXG3rLvUsKT_fesZW2xOQ-xsNqO47m55DA.woff2
Protocol
HTTP/1.1
Server
2a00:1450:4001:819::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
fb0297aa7c51fb762a9690871bf3a202a70d1f170c1392a5af06db9f2e314507
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://microgreen.no/wp-content/uploads/files/googlephotos/album/
Origin
http://microgreen.no

Response headers

Date
Thu, 03 Jan 2019 09:46:37 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 14 Jan 2015 22:49:02 GMT
Server
sffe
Age
718301
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
9996
X-XSS-Protection
1; mode=block
Expires
Fri, 03 Jan 2020 09:46:37 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| WIZ_global_data string| viewPathPrefix number| myVar function| preloader function| showPage

0 Cookies