vkpatelgroup.com Open in urlscan Pro
85.93.89.219 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://vkpatelgroup.com/auto/ofc
Effective URL:
https://vkpatelgroup.com/auto/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95...
Submission: On June 17 via manual (June 17th 2020, 2:26:07 am UTC) from AU

Summary HTTP 4 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 4 HTTP transactions. The main IP is 85.93.89.219, located in Germany and belongs to GD-EMEA-DC-SXB1, DE. The main domain is vkpatelgroup.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 8th 2020. Valid for: 3 months.

This is the only time vkpatelgroup.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2 4	85.93.89.219 85.93.89.219	8972 (GD-EMEA-D...) (GD-EMEA-DC-SXB1)
1	2606:4700::68... 2606:4700::6810:85e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:3c01::f0... 2600:3c01::f03c:91ff:fe79:43b	63949 (LINODE-AP...) (LINODE-AP Linode)
4	4

4 85.93.89.219 (Germany) 2 redirects

ASN8972 (GD-EMEA-DC-SXB1, DE)
PTR: ant.dnsincloud.com

vkpatelgroup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:85e5 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:3c01::f03c:91ff:fe79:43b (United States)

ASN63949 (LINODE-AP Linode, LLC, US)

jsonip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	vkpatelgroup.com 2 redirects vkpatelgroup.com	362 KB
1	jsonip.com jsonip.com	454 B
1	cloudflare.com cdnjs.cloudflare.com	73 KB
4	3

	Domain	Requested by
4	vkpatelgroup.com	2 redirects
1	jsonip.com	cdnjs.cloudflare.com
1	cdnjs.cloudflare.com	vkpatelgroup.com
4	3

This site contains no links.

Subject Issuer	Validity	Valid
vkpatelgroup.com cPanel, Inc. Certification Authority	`2020-05-08` - `2020-08-06`	3 months	crt.sh
cloudflare.com CloudFlare Inc ECC CA-2	`2020-01-07` - `2020-10-09`	9 months	crt.sh
jsonip.com Let's Encrypt Authority X3	`2020-04-29` - `2020-07-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://vkpatelgroup.com/auto/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478
Frame ID: 755740F01CD1F373962F227B5AB883DC
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://vkpatelgroup.com/auto/ofc HTTP 301
https://vkpatelgroup.com/auto/ofc/ HTTP 303
https://vkpatelgroup.com/auto/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185... Page URL
https://vkpatelgroup.com/auto/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d... Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

4
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

435 kB
Transfer

1203 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://vkpatelgroup.com/auto/ofc HTTP 301
https://vkpatelgroup.com/auto/ofc/ HTTP 303
https://vkpatelgroup.com/auto/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478 Page URL
https://vkpatelgroup.com/auto/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://vkpatelgroup.com/auto/ofc HTTP 301
https://vkpatelgroup.com/auto/ofc/ HTTP 303
https://vkpatelgroup.com/auto/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478

4 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

r.php Show response
vkpatelgroup.com/auto/ofc/
Redirect Chain

https://vkpatelgroup.com/auto/ofc
https://vkpatelgroup.com/auto/ofc/
https://vkpatelgroup.com/auto/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478

222 B
581 B

77ms
76ms

Document
text/html

85.93.89.219
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL

https://vkpatelgroup.com/auto/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

85.93.89.219 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),

Reverse DNS

ant.dnsincloud.com

Software

nginx / PHP/5.6.40

Resource Hash

434659c44f71a6df550efb34632dfbbdc2a1d625810baa0ec349fc6e380226c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: vkpatelgroup.com
:scheme: https
:path: /auto/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PHPSESSID=usfm1aro4skld1lsjb49qgcke0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
server: nginx
date: Wed, 17 Jun 2020 02:25:49 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache-status: BYPASS
x-server-powered-by: Engintron
content-encoding: gzip

Redirect headers

status: 303
server: nginx
date: Wed, 17 Jun 2020 02:25:49 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/5.6.40
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: PHPSESSID=usfm1aro4skld1lsjb49qgcke0; path=/
location: ./r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache-status: MISS
x-server-powered-by: Engintron

GET
H2 200 Primary Request / Show response
vkpatelgroup.com/auto/ofc/s/ 542 KB
361 KB 80ms
79ms Document
text/html 85.93.89.219
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL

https://vkpatelgroup.com/auto/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

85.93.89.219 , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE),

Reverse DNS

ant.dnsincloud.com

Software

nginx / PHP/5.6.40

Resource Hash

fa9e93640c686116af4e9a81682c0cc4cd9d2cb345f054de68c1a525843e2efd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: vkpatelgroup.com
:scheme: https
:path: /auto/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://vkpatelgroup.com/auto/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PHPSESSID=usfm1aro4skld1lsjb49qgcke0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://vkpatelgroup.com/auto/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478

Response headers

status: 200
server: nginx
date: Wed, 17 Jun 2020 02:25:49 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache-status: BYPASS
x-server-powered-by: Engintron
content-encoding: gzip

GET
H2 200 jquery.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/ 257 KB
73 KB 20ms
20ms Script
application/javascript 2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/jquery.js

Requested by

Host: vkpatelgroup.com
URL: https://vkpatelgroup.com/auto/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8eb3cb67ef2f0f1b76167135cef6570a409c79b23f0bc0ede71c9a4018f1408a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://vkpatelgroup.com/auto/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 02:25:49 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 6321682
status: 200
alt-svc: h3-27=":443"; ma=86400
cf-request-id: 0361b1e1ea00000c65833e0200000001
served-in-seconds: 0.004
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:21:00 GMT
server: cloudflare
etag: W/"5afd497c-40464"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 5a49527cad110c65-AMS
expires: Mon, 07 Jun 2021 02:25:49 GMT

GET
DATA 200
OK truncated
/ 383 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4592ae68bbb5023f3a5041ccb438d47ab7bbd9b20f547378e98bc6c405c3ce5b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK / Show response
jsonip.com/ 153 B
454 B 465ms
154ms Script
application/json 2600:3c01::f03c:91ff:fe79:43b
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL

https://jsonip.com/?callback=jQuery300034062170696309235_1592360749592&_=1592360749593

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/jquery.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:3c01::f03c:91ff:fe79:43b , United States, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx/1.16.1 /

Resource Hash

72316737801b413f826f0219ba34103e875c9be5690b66b083f3ee8c6e22472e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Referer: https://vkpatelgroup.com/auto/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Jun 2020 02:25:49 GMT
Server: nginx/1.16.1
Strict-Transport-Security: max-age=31536000;
Access-Control-Allow-Methods: GET
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Connection: keep-alive

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1596be54b20adf4270f09a884ebe3cfda8e0786657bc4931c010785709e58dfd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 10 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5e63122536be887d151a0dd1fa3f7d253fdcfca44c3d474e4d54532c48b58586

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 939a2f8aec21e5b6877541d619dc97c9ad7803d05a15155e8c7f6e8f185b6ded

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			vkpatelgroup.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: usfm1aro4skld1lsjb49qgcke0
			vkpatelgroup.com/auto/ofc/s	1969-12-31 23:59:59	Name: ip11 Value: 2a01:4f8:121:131a::2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
jsonip.com
vkpatelgroup.com
2600:3c01::f03c:91ff:fe79:43b
2606:4700::6810:85e5
85.93.89.219
1596be54b20adf4270f09a884ebe3cfda8e0786657bc4931c010785709e58dfd
434659c44f71a6df550efb34632dfbbdc2a1d625810baa0ec349fc6e380226c1
4592ae68bbb5023f3a5041ccb438d47ab7bbd9b20f547378e98bc6c405c3ce5b
5e63122536be887d151a0dd1fa3f7d253fdcfca44c3d474e4d54532c48b58586
72316737801b413f826f0219ba34103e875c9be5690b66b083f3ee8c6e22472e
8eb3cb67ef2f0f1b76167135cef6570a409c79b23f0bc0ede71c9a4018f1408a
939a2f8aec21e5b6877541d619dc97c9ad7803d05a15155e8c7f6e8f185b6ded
fa9e93640c686116af4e9a81682c0cc4cd9d2cb345f054de68c1a525843e2efd

vkpatelgroup.com Open in urlscan Pro 85.93.89.219 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

4 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

435 kBTransfer

1203 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

vkpatelgroup.com Open in urlscan Pro
85.93.89.219 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

435 kB
Transfer

1203 kB
Size

2
Cookies

4 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!