urlscan.io logo urlscan.io
SecurityTrails logo

holly.hollybraelynn.cfd Open in urlscan Pro
5.104.107.248  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://abajorh.com/xfpozjvbcy
Effective URL: https://holly.hollybraelynn.cfd/s/de5851ef674bb
Submission: On November 11 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 8 HTTP transactions. The main IP is 5.104.107.248, located in Düsseldorf, Germany and belongs to MYLOC-AS IP Backbone of WIIT AG formerly myLoc managed IT AG, DE. The main domain is holly.hollybraelynn.cfd.
TLS certificate: Issued by R10 on November 9th 2024. Valid for: 3 months.
This is the only time holly.hollybraelynn.cfd was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

IP Address AS Autonomous System
1 94.159.97.239 49531 (NETCOM-R-AS)
6 5.104.107.248 24961 (MYLOC-AS ...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
8 3
Apex Domain
Subdomains		 Transfer
6 hollybraelynn.cfd
holly.hollybraelynn.cfd
391 KB
1 bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3270
7 KB
1 abajorh.com
abajorh.com
4 KB
8 3
Domain Requested by
6 holly.hollybraelynn.cfd holly.hollybraelynn.cfd
1 stackpath.bootstrapcdn.com holly.hollybraelynn.cfd
1 abajorh.com
8 3

This site contains no links.

Subject Issuer Validity Valid
abajorh.com
R11		 2024-11-09 -
2025-02-07		 3 months crt.sh
holly.hollybraelynn.cfd
R10		 2024-11-09 -
2025-02-07		 3 months crt.sh
bootstrapcdn.com
WE1		 2024-09-20 -
2024-12-19		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://holly.hollybraelynn.cfd/s/de5851ef674bb
Frame ID: BD6281FE432A3E4151824ABEBA594E01
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

der Internet-Anschluss

Page URL History Show full URLs

  1. http://abajorh.com/xfpozjvbcy HTTP 307
    https://abajorh.com/xfpozjvbcy Page URL
  2. https://holly.hollybraelynn.cfd/s/de5851ef674bb Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

402 kB
Transfer

512 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://abajorh.com/xfpozjvbcy HTTP 307
    https://abajorh.com/xfpozjvbcy Page URL
  2. https://holly.hollybraelynn.cfd/s/de5851ef674bb Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://abajorh.com/xfpozjvbcy HTTP 307
  • https://abajorh.com/xfpozjvbcy

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
xfpozjvbcy
abajorh.com/
Redirect Chain
  • http://abajorh.com/xfpozjvbcy
  • https://abajorh.com/xfpozjvbcy
8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://abajorh.com/xfpozjvbcy
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
94.159.97.239 , Russian Federation, ASN49531 (NETCOM-R-AS, RU),
Reverse DNS
72993.h2.nexus
Software
openresty / PHP/7.2.30
Resource Hash
dae8516a83d45bbdf91ed78bd135ea0930178b28a18f6be71d303ff164dc3d4f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 11 Nov 2024 03:37:34 GMT
Server
openresty
Transfer-Encoding
chunked
X-Powered-By
PHP/7.2.30

Redirect headers

Location
https://abajorh.com/xfpozjvbcy
Non-Authoritative-Reason
HttpsUpgrades
Primary Request de5851ef674bb
holly.hollybraelynn.cfd/s/ 		47 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://holly.hollybraelynn.cfd/s/de5851ef674bb
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.104.107.248 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of WIIT AG formerly myLoc managed IT AG, DE),
Reverse DNS
srv11409.dus4.dedicated.server-hosting.expert
Software
openresty /
Resource Hash
5c0f479408e0a8f84986ea7c8ac1cbdc799686088f723078a21d6e70273f39bd

Request headers

Referer
https://abajorh.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Cache-Control
must-revalidate, no-cache, no-store, private
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 11 Nov 2024 03:37:34 GMT
Server
openresty
Transfer-Encoding
chunked
Vary
Accept-Encoding
expires
-1
pragma
no-cache
style.css
holly.hollybraelynn.cfd/bundle/302/assets/css/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://holly.hollybraelynn.cfd/bundle/302/assets/css/style.css
Requested by
Host: holly.hollybraelynn.cfd
URL: https://holly.hollybraelynn.cfd/s/de5851ef674bb
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.104.107.248 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of WIIT AG formerly myLoc managed IT AG, DE),
Reverse DNS
srv11409.dus4.dedicated.server-hosting.expert
Software
openresty /
Resource Hash
bc7da3819f5351addb3853324860e2ba01a074bd8d4bdc61b177403da5a67742

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://holly.hollybraelynn.cfd/s/de5851ef674bb

Response headers

Transfer-Encoding
chunked
Cache-Control
max-age=2592000, private
Content-Encoding
gzip
ETag
W/"6332c5be-790"
Connection
keep-alive
Expires
Wed, 11 Dec 2024 03:37:35 GMT
Date
Mon, 11 Nov 2024 03:37:35 GMT
Last-Modified
Tue, 27 Sep 2022 09:43:26 GMT
Content-Type
text/css
Vary
Accept-Encoding
Server
openresty
font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: holly.hollybraelynn.cfd
URL: https://holly.hollybraelynn.cfd/s/de5851ef674bb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://holly.hollybraelynn.cfd
Referer
https://holly.hollybraelynn.cfd/

Response headers

cdn-status
200
content-encoding
br
cf-cache-status
HIT
etag
"269550530cc127b6aa5a35925a7de6ce"
age
138246
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Mon, 11 Nov 2024 03:37:35 GMT
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cdn-cache
HIT
cdn-cachedat
09/26/2024 11:08:39
cdn-requestpullcode
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
timing-allow-origin
*
cdn-requesttime
0
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
57f8c3d9cc0a9a4aa2294d6c3f45fb1c
cross-origin-resource-policy
cross-origin
cdn-pullzone
252412
cdn-proxyver
1.04
cf-ray
8e0b3e9a894b9279-FRA
access-control-allow-origin
*
cdn-edgestorageid
1109
server
cloudflare
cdn-requestcountrycode
US
jquery.js
holly.hollybraelynn.cfd/bundle/302/assets/js/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://holly.hollybraelynn.cfd/bundle/302/assets/js/jquery.js
Requested by
Host: holly.hollybraelynn.cfd
URL: https://holly.hollybraelynn.cfd/s/de5851ef674bb
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.104.107.248 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of WIIT AG formerly myLoc managed IT AG, DE),
Reverse DNS
srv11409.dus4.dedicated.server-hosting.expert
Software
openresty /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://holly.hollybraelynn.cfd/s/de5851ef674bb

Response headers

Transfer-Encoding
chunked
Cache-Control
max-age=2592000, private
Content-Encoding
gzip
ETag
W/"6332c5bf-14e4a"
Connection
keep-alive
Expires
Wed, 11 Dec 2024 03:37:35 GMT
Date
Mon, 11 Nov 2024 03:37:35 GMT
Last-Modified
Tue, 27 Sep 2022 09:43:27 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
Server
openresty
functions.js
holly.hollybraelynn.cfd/bundle/302/assets/js/ 		1 KB
862 B 		Script
General
Check archive.org
Download Go to
Full URL
https://holly.hollybraelynn.cfd/bundle/302/assets/js/functions.js
Requested by
Host: holly.hollybraelynn.cfd
URL: https://holly.hollybraelynn.cfd/s/de5851ef674bb
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.104.107.248 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of WIIT AG formerly myLoc managed IT AG, DE),
Reverse DNS
srv11409.dus4.dedicated.server-hosting.expert
Software
openresty /
Resource Hash
bcc57d3a442a70e9352320038b7dec514b03520e7b1c6c8645cf2ac8d7578723

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://holly.hollybraelynn.cfd/s/de5851ef674bb

Response headers

Transfer-Encoding
chunked
Cache-Control
max-age=2592000, private
Content-Encoding
gzip
ETag
W/"6332c5bf-43d"
Connection
keep-alive
Expires
Wed, 11 Dec 2024 03:37:35 GMT
Date
Mon, 11 Nov 2024 03:37:35 GMT
Last-Modified
Tue, 27 Sep 2022 09:43:27 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
Server
openresty
body.jpg
holly.hollybraelynn.cfd/bundle/302/assets/img/ 		338 KB
338 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://holly.hollybraelynn.cfd/bundle/302/assets/img/body.jpg
Requested by
Host: holly.hollybraelynn.cfd
URL: https://holly.hollybraelynn.cfd/bundle/302/assets/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.104.107.248 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of WIIT AG formerly myLoc managed IT AG, DE),
Reverse DNS
srv11409.dus4.dedicated.server-hosting.expert
Software
openresty /
Resource Hash
a97b3a6a51a87af2cf849ac895c62960a6a15e0c41e6b9a4b4316aac4a3f7d24

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://holly.hollybraelynn.cfd/bundle/302/assets/css/style.css

Response headers

Cache-Control
max-age=2592000, private
ETag
"6332c5be-54747"
Connection
keep-alive
Expires
Wed, 11 Dec 2024 03:37:35 GMT
Content-Length
345927
Date
Mon, 11 Nov 2024 03:37:35 GMT
Content-Type
image/jpeg
Last-Modified
Tue, 27 Sep 2022 09:43:26 GMT
Server
openresty
favicon.png
holly.hollybraelynn.cfd/bundle/302/assets/img/ 		2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://holly.hollybraelynn.cfd/bundle/302/assets/img/favicon.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.104.107.248 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of WIIT AG formerly myLoc managed IT AG, DE),
Reverse DNS
srv11409.dus4.dedicated.server-hosting.expert
Software
openresty /
Resource Hash
d939f4e0922bf8c52dea5946e5b72af59230babbf06aa740646218be04b0ae6d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://holly.hollybraelynn.cfd/s/de5851ef674bb

Response headers

Cache-Control
max-age=2592000, private
ETag
"6332c5bf-704"
Connection
keep-alive
Expires
Wed, 11 Dec 2024 03:37:35 GMT
Content-Length
1796
Date
Mon, 11 Nov 2024 03:37:35 GMT
Content-Type
image/png
Last-Modified
Tue, 27 Sep 2022 09:43:27 GMT
Server
openresty

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| sendTrack function| Fingerprint2 function| fingerprintGo function| collectTrackParams function| closingConfirm function| handleError function| getParameterByName function| collectParams function| checkRequired function| setLeadInfo function| setCF

1 Cookies

Domain/Path Name / Value
.hollybraelynn.cfd/ Name: s
Value: f3WaCx3BEVRqbcPUI8md%2F2K0otFqFcN04nEuqJzhEc3GKIUH7L%2Bv0jx2V%2FFz%2BZ%2FSiHnm18G04U855KbuiHd6FiB%2BLvaRPqtb%2FRxQ5mRbDM5xjP7axYs5pYXo2B9y%2FN896dITqleiKcEGNvqyZGp0ANXp%2Bv9l%2BC9RXy4K6EMWlG0N2IYvVZVoS3FGaweril5ZtWwp4%2F4lZXCP8r9QciylA5vY%2BcKasRzHbsUg4QKp%2Fru4yJDh%2FzZ%2BlCy30d94x4x%2FkCaxI%2BF%2FA9%2B1nVheZKApWf4BU5IocZGSrzIfIAncKuLhr4zJEU5NLdq3XlBHaY7Ekp3J7pB3A3B%2F3XnpVZSchhreakepnLYrJ4qvWcPUedEazu7XqrpQQTzdjQ%2B3BEHmaDzClYhGg5OvLrESGJCjvOvEkWKMR%2BtuktjuYJ5nEPqmysxhQG1GnLQtaeSnj9bVlzediSX0duwdS6La8Xq6T7ubVKWiZZopNwTzOrio46LvpvhhzNFr20PXwmoXc2%2B%2FcJpGD8ygITw3VfaP8%2Fw5ixEXQv15XvGwFhKB91Bq3yIehHOXlqrEwx3hgquv0w7nbXwaeWmePv1iz%2FcSc1p%2FuEHN6wpXGEAfgIhRmQSXhgErrolrqgigTtfOcnhuctLzOmd6dNgXbdqXXylFXAEk9g4xjnuhdMY6xUflF%2BcXfsnUXsTYPVPMAIWNgSX%2BIAbr0vS4c6j1GkzdSavqrhQif8UdIk5mcGXFwqCIeu7yTUj%2BjytGD9VIYF%2BLabDhDykxnTAxEsdTg5YNWhZNC7G8gUG15zeP3j8D2lNF3YDosFsUhAD037HhVPQVUt5MEaD5GzrW7fVM2UJjsheKL8jD0waAsCGiDnnBgMkx%2FYxjwSESmS7WsWt6hrCXP%2BYr2bzLfWjfMz9FnmGJ8VYFdtzyhe7YkxN%2B%2FEOf0IhHdWvQvOXOZwFu%2Bv3eHmmVgxhohAEpvC0RVGBSe2rm5QFMm2S%2B08rInYlSxpUU419fL%2FI7xjgLeitUQl%2Fv4r2XEdBhsjhsTzL8vR3fDsDVHNJpyLzN%2FkY0YQCaXYm0gKfUkxM8Sj8KwslaiJiDbVxqnLxPhUhNffAPCtL9vX%2BpMa8HgQ%2BiSgZPxQJBpN%2BvubXTD0oKclxh9VrCH4SRtvUnB9NKHJ0N389d2iwGVvmhFHE5igeCvRJQ4gdB%2BQHr7%2FfHb8GG%2B7h2WeW9tUUsm75OQKlt6CQqwB%2Ba%2FV9YJsukRCjyQDl7UJMpDhOKaHYThGu2bhskOU6LfQb24AuRAv4XucwYf8WZPU%2B6QzjPzOzyDQ9B7Wwqj97iUAHv1WuAATrA1RDwdxM6m1Yu5LjGQZysbhy4QTinzBbHkbeLj3XdaDz8OaLP0balGEQU9ObJwu%2FHpq%2BLZqP9b793I4pgakjOQC%2F%2BPXQ8wyc6trK4xL9XcjFVLpbYoyw0pkIr3%2Ba%2F6i6Fiw7ESEPAQ3OomlbCIQDB0qW%2Fhp0cfVJjzgmJBrJnrS8VLjdo3CnhCeWY13nJbZoNeUVkRExTe1eKx3GL8YvTq6qCs3IR5TaXA6J1Eg79TW9kn2Yn%2BU8%2B7ig67Wu%2BDRu3LyG5%2FAV4jWBmMlyBxc9sMbkMsH9kev6J0w9FZY%2FOymllnFfhVyOuYT4uKD3cjvdW96UXcwqmSeCfm1foRTcj5hBQ0Nziwq7IWWcDREiUUALEAQl0E9bECIqyy3asZq9rSVryfKDyTgzZAT95CUd%2BAhGRpvGTUer7CnOsu0Bhcc1atzDSVzBmQWe9UpiZOz6h8d668UYqN5vlJo7gZTclXDclmJ3tTeG%2BhurKwEmleRpHh%2B0D7RttQLbST%2BtydNfhWzAv4GxuLq83R5b5KiW8dYeVm1D7xMkmvdsCdkQdCF7Zty0ILUoD%2BU0uT0cPwNKPmBiKRsRK%2F4jN3EJAKqXi

1 Console Messages

Source Level URL
Text
rendering warning URL: https://holly.hollybraelynn.cfd/s/de5851ef674bb(Line 6)
Message:
The value "false" for key "user-scalable" is invalid, and has been ignored.