vkpatelgroup.com
Open in
urlscan Pro
85.93.89.219
Malicious Activity!
Public Scan
Effective URL: https://vkpatelgroup.com/auto/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95...
Submission: On June 17 via manual from AU
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 8th 2020. Valid for: 3 months.
This is the only time vkpatelgroup.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 4 | 85.93.89.219 85.93.89.219 | 8972 (GD-EMEA-D...) (GD-EMEA-DC-SXB1) | |
1 | 2606:4700::68... 2606:4700::6810:85e5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2600:3c01::f0... 2600:3c01::f03c:91ff:fe79:43b | 63949 (LINODE-AP...) (LINODE-AP Linode) | |
4 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
vkpatelgroup.com
2 redirects
vkpatelgroup.com |
362 KB |
1 |
jsonip.com
jsonip.com |
454 B |
1 |
cloudflare.com
cdnjs.cloudflare.com |
73 KB |
4 | 3 |
Domain | Requested by | |
---|---|---|
4 | vkpatelgroup.com | 2 redirects |
1 | jsonip.com |
cdnjs.cloudflare.com
|
1 | cdnjs.cloudflare.com |
vkpatelgroup.com
|
4 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
vkpatelgroup.com cPanel, Inc. Certification Authority |
2020-05-08 - 2020-08-06 |
3 months | crt.sh |
cloudflare.com CloudFlare Inc ECC CA-2 |
2020-01-07 - 2020-10-09 |
9 months | crt.sh |
jsonip.com Let's Encrypt Authority X3 |
2020-04-29 - 2020-07-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://vkpatelgroup.com/auto/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478
Frame ID: 755740F01CD1F373962F227B5AB883DC
Requests: 8 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://vkpatelgroup.com/auto/ofc
HTTP 301
https://vkpatelgroup.com/auto/ofc/ HTTP 303
https://vkpatelgroup.com/auto/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185... Page URL
- https://vkpatelgroup.com/auto/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://vkpatelgroup.com/auto/ofc
HTTP 301
https://vkpatelgroup.com/auto/ofc/ HTTP 303
https://vkpatelgroup.com/auto/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478 Page URL
- https://vkpatelgroup.com/auto/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://vkpatelgroup.com/auto/ofc HTTP 301
- https://vkpatelgroup.com/auto/ofc/ HTTP 303
- https://vkpatelgroup.com/auto/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=3819b1fb18819185c7d0ff6bd2efe4b25e96f95dabdec79b774c22e0f88c2f7ffd687478
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
r.php
vkpatelgroup.com/auto/ofc/ Redirect Chain
|
222 B 581 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
vkpatelgroup.com/auto/ofc/s/ |
542 KB 361 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/ |
257 KB 73 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
383 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
jsonip.com/ |
153 B 454 B |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
10 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| getIPAddress string| x2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
vkpatelgroup.com/ | Name: PHPSESSID Value: usfm1aro4skld1lsjb49qgcke0 |
|
vkpatelgroup.com/auto/ofc/s | Name: ip11 Value: 2a01:4f8:121:131a::2 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
jsonip.com
vkpatelgroup.com
2600:3c01::f03c:91ff:fe79:43b
2606:4700::6810:85e5
85.93.89.219
1596be54b20adf4270f09a884ebe3cfda8e0786657bc4931c010785709e58dfd
434659c44f71a6df550efb34632dfbbdc2a1d625810baa0ec349fc6e380226c1
4592ae68bbb5023f3a5041ccb438d47ab7bbd9b20f547378e98bc6c405c3ce5b
5e63122536be887d151a0dd1fa3f7d253fdcfca44c3d474e4d54532c48b58586
72316737801b413f826f0219ba34103e875c9be5690b66b083f3ee8c6e22472e
8eb3cb67ef2f0f1b76167135cef6570a409c79b23f0bc0ede71c9a4018f1408a
939a2f8aec21e5b6877541d619dc97c9ad7803d05a15155e8c7f6e8f185b6ded
fa9e93640c686116af4e9a81682c0cc4cd9d2cb345f054de68c1a525843e2efd