arfeche.com Open in urlscan Pro
107.175.91.61 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://arfeche.com/wp-admin/producation/shareproduct/index.shtml
Effective URL:
https://arfeche.com/wp-admin/producation/shareproduct/index.shtml
Submission: On March 14 via api (March 14th 2024, 9:05:52 pm UTC) from US — Scanned from US

Summary HTTP 6 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 6 HTTP transactions. The main IP is 107.175.91.61, located in Dallas, United States and belongs to AS-COLOCROSSING, CA. The main domain is arfeche.com.
TLS certificate: Issued by R3 on March 11th 2024. Valid for: 3 months.

This is the only time arfeche.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Dropbox (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 5	107.175.91.61 107.175.91.61	36352 (AS-COLOCR...) (AS-COLOCROSSING)
1	2606:4700:303... 2606:4700:3036::ac43:be4c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:141b:1c0... 2600:141b:1c00:26::17ce:acb6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	4

5 107.175.91.61 (Dallas, United States) 1 redirects

ASN36352 (AS-COLOCROSSING, CA)
PTR: chola05.licensebrightafraid.com

arfeche.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::ac43:be4c (United States)

ASN13335 (CLOUDFLARENET, US)

seeklogo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:1c00:26::17ce:acb6 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

res.cdn.office.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	arfeche.com 1 redirects arfeche.com	2 MB
1	office.net res.cdn.office.net — Cisco Umbrella Rank: 141	9 KB
1	seeklogo.com seeklogo.com — Cisco Umbrella Rank: 101578	6 KB
6	3

	Domain	Requested by
5	arfeche.com	1 redirects arfeche.com
1	res.cdn.office.net	arfeche.com
1	seeklogo.com	arfeche.com
6	3

This site contains no links.

Subject Issuer	Validity	Valid
arfeche.com R3	`2024-03-11` - `2024-06-09`	3 months	crt.sh
seeklogo.com E1	`2024-02-01` - `2024-05-01`	3 months	crt.sh
*.res.outlook.com DigiCert SHA2 Secure Server CA	`2024-02-20` - `2025-02-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://arfeche.com/wp-admin/producation/shareproduct/index.shtml
Frame ID: 66A2182ED8F724923A24E5881D272B8B
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Transfer - Dropbox

Page URL History Show full URLs

http://arfeche.com/wp-admin/producation/shareproduct/index.shtml HTTP 301
https://arfeche.com/wp-admin/producation/shareproduct/index.shtml Page URL

Page Statistics

6
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

1985 kB
Transfer

2971 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://arfeche.com/wp-admin/producation/shareproduct/index.shtml HTTP 301
https://arfeche.com/wp-admin/producation/shareproduct/index.shtml Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request index.shtml Show response
arfeche.com/wp-admin/producation/shareproduct/
Redirect Chain

http://arfeche.com/wp-admin/producation/shareproduct/index.shtml
https://arfeche.com/wp-admin/producation/shareproduct/index.shtml

1 MB
575 KB

273ms
133ms

Document
text/html

107.175.91.61
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://arfeche.com/wp-admin/producation/shareproduct/index.shtml
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 107.175.91.61 Dallas, United States, ASN36352 (AS-COLOCROSSING, CA),
Reverse DNS: chola05.licensebrightafraid.com
Software: nginx / PleskLin
Resource Hash: b58dca7cd1ce39510943bed0aacdd1d138374b949c6f4c0aa84a411d3aa2b1c9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

content-encoding: br
content-type: text/html
date: Thu, 14 Mar 2024 21:05:45 GMT
last-modified: Mon, 11 Mar 2024 19:43:03 GMT
server: nginx
x-accel-version: 0.01
x-powered-by: PleskLin

Redirect headers

Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Date: Thu, 14 Mar 2024 21:05:45 GMT
Location: https://arfeche.com/wp-admin/producation/shareproduct/index.shtml
Server: nginx

GET
H2 404 main.css
arfeche.com/wp-admin/producation/shareproduct/ 0
0 82ms
81ms Stylesheet
text/html 107.175.91.61
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://arfeche.com/wp-admin/producation/shareproduct/main.css
Requested by: Host: arfeche.com
URL: https://arfeche.com/wp-admin/producation/shareproduct/index.shtml
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 107.175.91.61 Dallas, United States, ASN36352 (AS-COLOCROSSING, CA),
Reverse DNS: chola05.licensebrightafraid.com
Software: nginx /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://arfeche.com/wp-admin/producation/shareproduct/index.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 14 Mar 2024 21:05:46 GMT
content-encoding: br
last-modified: Mon, 11 Mar 2024 15:54:09 GMT
server: nginx
etag: W/"328-613648d5bef0e"
content-type: text/html

GET
H2 404 ionicons.css
arfeche.com/wp-admin/producation/shareproduct/ 0
0 81ms
81ms Stylesheet
text/html 107.175.91.61
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://arfeche.com/wp-admin/producation/shareproduct/ionicons.css
Requested by: Host: arfeche.com
URL: https://arfeche.com/wp-admin/producation/shareproduct/index.shtml
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 107.175.91.61 Dallas, United States, ASN36352 (AS-COLOCROSSING, CA),
Reverse DNS: chola05.licensebrightafraid.com
Software: nginx /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://arfeche.com/wp-admin/producation/shareproduct/index.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 14 Mar 2024 21:05:46 GMT
content-encoding: br
last-modified: Mon, 11 Mar 2024 15:54:09 GMT
server: nginx
etag: W/"328-613648d5bef0e"
content-type: text/html

GET
DATA 200
OK truncated
/ 80 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 05eb745176d79ec27d52d544582483fc4d0f6378c7ed2060be24dfc4e8990668

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 outlook-logo-7117D18788-seeklogo.com.png
seeklogo.com/images/O/ 5 KB
6 KB 134ms
50ms Image
image/png 2606:4700:3036::ac43:be4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seeklogo.com/images/O/outlook-logo-7117D18788-seeklogo.com.png

Requested by

Host: arfeche.com
URL: https://arfeche.com/wp-admin/producation/shareproduct/index.shtml

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::ac43:be4c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b108a825b2162911fe44f91f2666401e426dbfa60f6bbc2f9d88f154f4d7e7a6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://arfeche.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 14 Mar 2024 21:05:46 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1375620
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 5170
x-xss-protection: 1; mode=block
last-modified: Sat, 26 Nov 2022 11:30:39 GMT
server: cloudflare
etag: "1d9018a82758db2"
x-download-options: noopen
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T2settPqsANyaio82fjQR8r3Mw%2F07pmdQfxVhRCXvFGGvJmQCLKgvZ7LrlLDVZSZ1%2BJUZ5Pv%2FqitQNDz0nRGsTIyj8gS4kcjYCORayhrM3jGTI3d%2BCxXDPHzSg4pKGGeystvRukgBkyDA1s%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
cf-ray: 86473947091e6c88-MIA

GET
H2 200 favicon-8f211ea639.ico
res.cdn.office.net/officehub/images/content/images/ 8 KB
9 KB 433ms
69ms Image
image/x-icon 2600:141b:1c00:26::17ce:acb6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://res.cdn.office.net/officehub/images/content/images/favicon-8f211ea639.ico

Requested by

Host: arfeche.com
URL: https://arfeche.com/wp-admin/producation/shareproduct/index.shtml

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:26::17ce:acb6 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e588bde3eb80b349b069bcbb10520e49f9aa6f38001ce651f396269de3499549

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://arfeche.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 14 Mar 2024 21:05:46 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains
nel: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
server-timing: clientrtt; dur=65, clienttt; dur=, origin; dur=0 , cdntime; dur=0
alt-svc: h3=":443"; ma=93600
content-length: 7886
last-modified: Thu, 28 Oct 2021 21:10:50 GMT
x-cdn-provider: Akamai
report-to: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=SECAUCUS&ASN=20940&Country=US&Region=NJ&RequestIdentifier=0.b6593a17.1710450346.1a00228c&TotalRTCDNTime=65&CompressionType=&FileSize=7886"}],"include_subdomains ":true}
content-type: image/x-icon
access-control-allow-origin: *
x-ms-request-id: 84bb271b-001e-005f-6258-bc763e000000
access-control-expose-headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id
cache-control: max-age=630720000
akamai-request-bc: [a=23.58.89.182,b=436216460,c=g,n=US_NJ_SECAUCUS,o=20940]
timing-allow-origin: *

GET
DATA 200
OK truncated
/ 350 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 73257fb51b4e9c849a46820ae181173030b1a15d1c5a597f5840e353b438b33a

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 535 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 270ce3b89f3c614388bc9a4c5436545ade6c956b3293d26119ad845151a4671d

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 643 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 66c75014faca4eda0db16522016d196153ae3fc9d6777b3a3749c204809ada77

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 16 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 39dac3fb49bc3d00e09f472afc2b4865805529f95bdd59349027bb5accfcb57b

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 69781a00446d6c91465b82421046286d44ee79ddb4149175dfdbd62056efcfaf

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 206 background.mp4
arfeche.com/wp-admin/producation/shareproduct/video/ 1 MB
1 MB 80ms
80ms Media
video/mp4 107.175.91.61
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://arfeche.com/wp-admin/producation/shareproduct/video/background.mp4
Requested by: Host: arfeche.com
URL: https://arfeche.com/wp-admin/producation/shareproduct/index.shtml
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 107.175.91.61 Dallas, United States, ASN36352 (AS-COLOCROSSING, CA),
Reverse DNS: chola05.licensebrightafraid.com
Software: nginx / PleskLin
Resource Hash: 405cd7a882bc711b34ba0dd875e8adcd7c1b099e38b250d7359cf6efda7c3b25

Request headers

Referer: https://arfeche.com/wp-admin/producation/shareproduct/index.shtml
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 14 Mar 2024 21:05:46 GMT
last-modified: Wed, 06 Mar 2024 11:07:58 GMT
server: nginx
etag: "65e84e8e-15c626"
x-powered-by: PleskLin
content-type: video/mp4
Content-Range: bytes 0-1426981/1426982
Content-Length: 1426982

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Dropbox (Consumer)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://arfeche.com/wp-admin/producation/shareproduct/ionicons.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://arfeche.com/wp-admin/producation/shareproduct/main.css Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

arfeche.com
res.cdn.office.net
seeklogo.com
107.175.91.61
2600:141b:1c00:26::17ce:acb6
2606:4700:3036::ac43:be4c
05eb745176d79ec27d52d544582483fc4d0f6378c7ed2060be24dfc4e8990668
270ce3b89f3c614388bc9a4c5436545ade6c956b3293d26119ad845151a4671d
39dac3fb49bc3d00e09f472afc2b4865805529f95bdd59349027bb5accfcb57b
405cd7a882bc711b34ba0dd875e8adcd7c1b099e38b250d7359cf6efda7c3b25
66c75014faca4eda0db16522016d196153ae3fc9d6777b3a3749c204809ada77
69781a00446d6c91465b82421046286d44ee79ddb4149175dfdbd62056efcfaf
73257fb51b4e9c849a46820ae181173030b1a15d1c5a597f5840e353b438b33a
b108a825b2162911fe44f91f2666401e426dbfa60f6bbc2f9d88f154f4d7e7a6
b58dca7cd1ce39510943bed0aacdd1d138374b949c6f4c0aa84a411d3aa2b1c9
e588bde3eb80b349b069bcbb10520e49f9aa6f38001ce651f396269de3499549

arfeche.com Open in urlscan Pro 107.175.91.61 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

6 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

4 IPs

1 Countries

1985 kBTransfer

2971 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

arfeche.com Open in urlscan Pro
107.175.91.61 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

1985 kB
Transfer

2971 kB
Size

0
Cookies

6 HTTP transactions
6 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!