![](/screenshots/08894b7c-01d9-4654-b8ee-5d6dacca8e59.png)
quirkybou.com
Open in
urlscan Pro
69.49.234.48
Malicious Activity!
Public Scan
Effective URL: http://quirkybou.com/bssa/office/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd5ffc25f37dfa94af035a...
Submission: On August 24 via manual from AU
Summary
This is the only time quirkybou.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer) Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 4 | 69.49.234.48 69.49.234.48 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 2606:4700::68... 2606:4700::6810:135e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2600:3c01::f0... 2600:3c01::f03c:91ff:fe79:43b | 63949 (LINODE-AP...) (LINODE-AP Linode) | |
1 | 151.106.100.244 151.106.100.244 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
5 | 5 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 69-49-234-48.unifiedlayer.com
quirkybou.com |
ASN63949 (LINODE-AP Linode, LLC, US)
jsonip.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
quirkybou.com
2 redirects
quirkybou.com |
55 KB |
1 |
shopget24.com
shopget24.com |
25 KB |
1 |
jsonip.com
jsonip.com |
453 B |
1 |
cloudflare.com
cdnjs.cloudflare.com |
64 KB |
5 | 4 |
Domain | Requested by | |
---|---|---|
4 | quirkybou.com | 2 redirects |
1 | shopget24.com |
quirkybou.com
|
1 | jsonip.com |
cdnjs.cloudflare.com
|
1 | cdnjs.cloudflare.com |
quirkybou.com
|
5 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-21 - 2021-10-20 |
a year | crt.sh |
jsonip.com R3 |
2021-07-26 - 2021-10-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://quirkybou.com/bssa/office/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd5ffc25f37dfa94af035a85346a663c3f036eb0a28a58c4bcb1d644b6
Frame ID: 87B98C9CBA258376E4D2F3818AA2F9FC
Requests: 9 HTTP requests in this frame
Screenshot
![](/screenshots/08894b7c-01d9-4654-b8ee-5d6dacca8e59.png)
Page Title
Sign inPage URL History Show full URLs
-
http://quirkybou.com/bssa/office
HTTP 301
http://quirkybou.com/bssa/office/ HTTP 303
http://quirkybou.com/bssa/office/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095... Page URL
- http://quirkybou.com/bssa/office/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd... Page URL
Detected technologies
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://quirkybou.com/bssa/office
HTTP 301
http://quirkybou.com/bssa/office/ HTTP 303
http://quirkybou.com/bssa/office/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd5ffc25f37dfa94af035a85346a663c3f036eb0a28a58c4bcb1d644b6 Page URL
- http://quirkybou.com/bssa/office/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd5ffc25f37dfa94af035a85346a663c3f036eb0a28a58c4bcb1d644b6 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://quirkybou.com/bssa/office HTTP 301
- http://quirkybou.com/bssa/office/ HTTP 303
- http://quirkybou.com/bssa/office/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd5ffc25f37dfa94af035a85346a663c3f036eb0a28a58c4bcb1d644b6
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
r.php
quirkybou.com/bssa/office/ Redirect Chain
|
222 B 538 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
quirkybou.com/bssa/office/s/ |
54 KB 54 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
17 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/ |
257 KB 64 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
jsonip.com/ |
152 B 453 B |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
10 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hack-run.png
shopget24.com/images/sampledata/ |
24 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer) Generic (Online)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| getIPAddress string| x2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
quirkybou.com/ | Name: PHPSESSID Value: 5c307b2231d75e890de519047d67ecaa |
|
quirkybou.com/bssa/office/s | Name: ip11 Value: 2a01:4f8:121:131a::2 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
jsonip.com
quirkybou.com
shopget24.com
151.106.100.244
2600:3c01::f03c:91ff:fe79:43b
2606:4700::6810:135e
69.49.234.48
0747b43e4bc62271d2031a8a6c77765b949d3076f92045268f83217ef6bae448
09a3e424a2ed91e65bed9b71f28b6af86840c36449b8cc142dcaaebfad933dc4
6903fa3a18aa5c61b38ad74e21a448658c1a6958c26621b01589de6d8cedf907
8eb3cb67ef2f0f1b76167135cef6570a409c79b23f0bc0ede71c9a4018f1408a
954c2bcf0a554bc17a93c2177e14d71c479674999a640143b89aa737eab3562f
a6daa6451369b7ea2c487f9d81cf35721093f016616ad147d2fdf12f91e6075c
bc151ebda902101b3f6ec05b6f4eb8e40a46e83be1a335265140b8116f2909b0
d2298b8a6d4ca72834fde9bb8d7dec2672fd421bb97d92944f3b35561ec251c9
dca5e60579ffd3722b05c9c441cfc7c18005cf107a751d1b2e1234f896d6076c