cuteparrots.com Open in urlscan Pro
2606:4700:3034::6812:3ed3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://achmedtj.space/81a1e36d1d8c565e1554959779ce2aad?usw=Z2lvcmdpby5yb2xhbmRvQGl0LmFiYi5jb20=
Effective URL:
https://cuteparrots.com/kulo/jayak/fun//tonin.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=100&id=9453713840&e...
Submission: On March 16 via manual (March 16th 2020, 10:28:09 am UTC) from IN

Summary HTTP 65 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 6 countries across 11 domains to perform 65 HTTP transactions. The main IP is 2606:4700:3034::6812:3ed3, located in United States and belongs to CLOUDFLARENET, US. The main domain is cuteparrots.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 4th 2020. Valid for: 8 months.

This is the only time cuteparrots.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	172.245.14.10 172.245.14.10	36352 (AS-COLOCR...) (AS-COLOCROSSING)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:3b	20446 (HIGHWINDS3) (HIGHWINDS3)
2 56	2606:4700:303... 2606:4700:3034::6812:3ed3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a02:26f0:10c... 2a02:26f0:10c:38c::35c1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	2a00:1450:400... 2a00:1450:4001:818::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:2b	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:820::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
65	9

1 172.245.14.10 (Buffalo, United States)

ASN36352 (AS-COLOCROSSING, US)
PTR: wgh19.whogohost.com

achmedtj.space	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

56 2606:4700:3034::6812:3ed3 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

cuteparrots.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:10c:38c::35c1 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

secure.aadcdn.microsoftonline-p.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:818::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:2b (Netherlands)

ASN20446 (HIGHWINDS3, US)

netdna.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
56	cuteparrots.com 2 redirects cuteparrots.com	325 KB
3	microsoftonline-p.com secure.aadcdn.microsoftonline-p.com	294 KB
2	facebook.net connect.facebook.net	113 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
1	google.de www.google.de	109 B
1	google.com 1 redirects www.google.com	201 B
1	doubleclick.net 1 redirects stats.g.doubleclick.net	454 B
1	googleapis.com fonts.googleapis.com	1 KB
1	bootstrapcdn.com netdna.bootstrapcdn.com	7 KB
1	jquery.com code.jquery.com	24 KB
1	achmedtj.space achmedtj.space	4 KB
65	11

	Domain	Requested by
56	cuteparrots.com	2 redirects achmedtj.space cuteparrots.com
3	secure.aadcdn.microsoftonline-p.com	cuteparrots.com
2	connect.facebook.net	cuteparrots.com connect.facebook.net
2	www.google-analytics.com	1 redirects cuteparrots.com
1	www.google.de	cuteparrots.com
1	www.google.com	1 redirects
1	stats.g.doubleclick.net	1 redirects
1	fonts.googleapis.com	cuteparrots.com
1	netdna.bootstrapcdn.com	cuteparrots.com
1	code.jquery.com	achmedtj.space
1	achmedtj.space
65	11

This site contains no links.

Subject Issuer	Validity	Valid
achmedtj.space Let's Encrypt Authority X3	`2020-03-15` - `2020-06-13`	3 months	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2020-02-04` - `2020-10-09`	8 months	crt.sh
secure.aadcdn.microsoftonline-p.com Microsoft IT TLS CA 4	`2019-07-17` - `2021-07-17`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-02-25` - `2020-05-19`	3 months	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-09-14` - `2020-10-13`	a year	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2020-02-25` - `2020-05-19`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-02-25` - `2020-05-19`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-03-01` - `2020-05-30`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://cuteparrots.com/kulo/jayak/fun//tonin.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=100&id=9453713840&email=giorgio.rolando@it.abb.com
Frame ID: E5359BA7E07D114950CCE9C1B82EA517
Requests: 11 HTTP requests in this frame

Frame: https://cuteparrots.com/kulo/jayak/fun/data_files/Prefetch.html
Frame ID: AAD91BE374772AA61ACC647A96896395
Requests: 54 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://achmedtj.space/81a1e36d1d8c565e1554959779ce2aad?usw=Z2lvcmdpby5yb2xhbmRvQGl0LmFiYi5jb20= Page URL
https://cuteparrots.com/kulo/jayak/fun//?email=Z2lvcmdpby5yb2xhbmRvQGl0LmFiYi5jb20= HTTP 302
https://cuteparrots.com/kulo/jayak/fun//tonin.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

65
Requests

100 %
HTTPS

91 %
IPv6

11
Domains

11
Subdomains

9
IPs

6
Countries

785 kB
Transfer

1935 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://achmedtj.space/81a1e36d1d8c565e1554959779ce2aad?usw=Z2lvcmdpby5yb2xhbmRvQGl0LmFiYi5jb20= Page URL
https://cuteparrots.com/kulo/jayak/fun//?email=Z2lvcmdpby5yb2xhbmRvQGl0LmFiYi5jb20= HTTP 302
https://cuteparrots.com/kulo/jayak/fun//tonin.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=100&id=9453713840&email=giorgio.rolando@it.abb.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

https://cuteparrots.com/kulo/jayak/fun//data_files/Prefetch.html HTTP 301
https://cuteparrots.com/kulo/jayak/fun/data_files/Prefetch.html

Request Chain 60

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1244790160&t=pageview&_s=1&dl=https%3A%2F%2Fcuteparrots.com%2Fkulo%2Fjayak%2Ffun%2Fdata_files%2FPrefetch.html&ul=en-us&de=UTF-8&dt=Nothing%20found%20for%20Kulo%20Jayak%20Fun%20Data_Files%20Prefetch&sd=24-bit&sr=1600x1200&vp=&je=0&_u=IEBAAEAB~&jid=118679975&gjid=177888399&cid=377118900.1584354479&tid=UA-33182628-9&_gid=342100276.1584354479&_r=1&z=1725537213 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-33182628-9&cid=377118900.1584354479&jid=118679975&_gid=342100276.1584354479&gjid=177888399&_v=j81&z=1725537213 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33182628-9&cid=377118900.1584354479&jid=118679975&_v=j81&z=1725537213 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33182628-9&cid=377118900.1584354479&jid=118679975&_v=j81&z=1725537213&slf_rd=1&random=4279346852

65 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK 81a1e36d1d8c565e1554959779ce2aad Show response
achmedtj.space/ 4 KB
4 KB 440ms
168ms Document
text/html 172.245.14.10
AS-COLOCROSSING

General

Domain/Path	Expires	Name / Value
.cuteparrots.com/	1970-01-19 08:05:54	Name: _gat Value: 1
.cuteparrots.com/	1970-01-19 08:07:20	Name: _gid Value: GA1.2.342100276.1584354479
.cuteparrots.com/	1970-01-20 01:37:06	Name: _ga Value: GA1.2.377118900.1584354479
cuteparrots.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: fc9ecab65070a7c29df4462021c04fd3
.cuteparrots.com/	1970-01-19 08:49:06	Name: __cfduid Value: d2802ffbacf8d1d988275313c41be9bd51584354478

Source	Level	URL Text
console-api	log	URL: https://cuteparrots.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	log	URL: https://cuteparrots.com/wp-content/plugins/q2w3-fixed-widget/js/q2w3-fixed-widget.min.js?ver=5.1.9(Line 1) Message: q2w3_sidebar_options not found!

cuteparrots.com Open in urlscan Pro 2606:4700:3034::6812:3ed3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

65 Requests

100 %HTTPS

91 %IPv6

11 Domains

11 Subdomains

9 IPs

6 Countries

785 kBTransfer

1935 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

65 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

cuteparrots.com Open in urlscan Pro
2606:4700:3034::6812:3ed3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

65
Requests

100 %
HTTPS

91 %
IPv6

11
Domains

11
Subdomains

9
IPs

6
Countries

785 kB
Transfer

1935 kB
Size

5
Cookies

65 HTTP transactions
0 data transactions