urlscan.io logo urlscan.io
SecurityTrails logo

quirkybou.com Open in urlscan Pro
69.49.234.48  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://quirkybou.com/bssa/office
Effective URL: http://quirkybou.com/bssa/office/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd5ffc25f37dfa94af035a...
Submission: On August 24 via manual from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 5 HTTP transactions. The main IP is 69.49.234.48, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is quirkybou.com.
This is the only time quirkybou.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer) Generic (Online)

Domain & IP information

IP Address AS Autonomous System
2 4 69.49.234.48 46606 (UNIFIEDLA...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:3c01::f0... 63949 (LINODE-AP...)
1 151.106.100.244 47583 (AS-HOSTINGER)
5 5
Apex Domain
Subdomains		 Transfer
4 quirkybou.com
quirkybou.com
55 KB
1 shopget24.com
shopget24.com
25 KB
1 jsonip.com
jsonip.com
453 B
1 cloudflare.com
cdnjs.cloudflare.com
64 KB
5 4
Domain Requested by
4 quirkybou.com 2 redirects
1 shopget24.com quirkybou.com
1 jsonip.com cdnjs.cloudflare.com
1 cdnjs.cloudflare.com quirkybou.com
5 4

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-10-21 -
2021-10-20		 a year crt.sh
jsonip.com
R3		 2021-07-26 -
2021-10-24		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://quirkybou.com/bssa/office/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd5ffc25f37dfa94af035a85346a663c3f036eb0a28a58c4bcb1d644b6
Frame ID: 87B98C9CBA258376E4D2F3818AA2F9FC
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in

Page URL History Show full URLs

  1. http://quirkybou.com/bssa/office HTTP 301
    http://quirkybou.com/bssa/office/ HTTP 303
    http://quirkybou.com/bssa/office/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095... Page URL
  2. http://quirkybou.com/bssa/office/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

5
Requests

40 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

144 kB
Transfer

373 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://quirkybou.com/bssa/office HTTP 301
    http://quirkybou.com/bssa/office/ HTTP 303
    http://quirkybou.com/bssa/office/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd5ffc25f37dfa94af035a85346a663c3f036eb0a28a58c4bcb1d644b6 Page URL
  2. http://quirkybou.com/bssa/office/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd5ffc25f37dfa94af035a85346a663c3f036eb0a28a58c4bcb1d644b6 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://quirkybou.com/bssa/office HTTP 301
  • http://quirkybou.com/bssa/office/ HTTP 303
  • http://quirkybou.com/bssa/office/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd5ffc25f37dfa94af035a85346a663c3f036eb0a28a58c4bcb1d644b6

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
r.php
quirkybou.com/bssa/office/
Redirect Chain
  • http://quirkybou.com/bssa/office
  • http://quirkybou.com/bssa/office/
  • http://quirkybou.com/bssa/office/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd5ffc25f37dfa94af035a85346a663c3f036eb0a28a58c4bcb1d644b6
222 B
538 B 		Document
General
Check archive.org
Download Go to
Full URL
http://quirkybou.com/bssa/office/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd5ffc25f37dfa94af035a85346a663c3f036eb0a28a58c4bcb1d644b6
Protocol
HTTP/1.1
Server
69.49.234.48 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
69-49-234-48.unifiedlayer.com
Software
Apache /
Resource Hash
dca5e60579ffd3722b05c9c441cfc7c18005cf107a751d1b2e1234f896d6076c

Request headers

Host
quirkybou.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
PHPSESSID=5c307b2231d75e890de519047d67ecaa
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Tue, 24 Aug 2021 01:36:30 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Keep-Alive
timeout=5, max=98
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Tue, 24 Aug 2021 01:36:30 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Set-Cookie
PHPSESSID=5c307b2231d75e890de519047d67ecaa; path=/
LOCATION
./r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd5ffc25f37dfa94af035a85346a663c3f036eb0a28a58c4bcb1d644b6
Content-Length
0
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Primary Request /
quirkybou.com/bssa/office/s/ 		54 KB
54 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://quirkybou.com/bssa/office/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd5ffc25f37dfa94af035a85346a663c3f036eb0a28a58c4bcb1d644b6
Protocol
HTTP/1.1
Server
69.49.234.48 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
69-49-234-48.unifiedlayer.com
Software
Apache /
Resource Hash
bc151ebda902101b3f6ec05b6f4eb8e40a46e83be1a335265140b8116f2909b0

Request headers

Host
quirkybou.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://quirkybou.com/bssa/office/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd5ffc25f37dfa94af035a85346a663c3f036eb0a28a58c4bcb1d644b6
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
PHPSESSID=5c307b2231d75e890de519047d67ecaa
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
http://quirkybou.com/bssa/office/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd5ffc25f37dfa94af035a85346a663c3f036eb0a28a58c4bcb1d644b6

Response headers

Date
Tue, 24 Aug 2021 01:36:31 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Keep-Alive
timeout=5, max=97
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
truncated
/ 		17 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a6daa6451369b7ea2c487f9d81cf35721093f016616ad147d2fdf12f91e6075c

Request headers

Referer
http://quirkybou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/ 		257 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/jquery.js
Requested by
Host: quirkybou.com
URL: http://quirkybou.com/bssa/office/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd5ffc25f37dfa94af035a85346a663c3f036eb0a28a58c4bcb1d644b6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8eb3cb67ef2f0f1b76167135cef6570a409c79b23f0bc0ede71c9a4018f1408a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
http://quirkybou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 01:36:32 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
5794658
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
64997
cf-request-id
0abe02e6650000dfc74d27b000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-40464"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gvOz6G4gQn8p2%2BITMvFnshfSEVH5DV%2BxG3FTmtC8c6Hky%2By2TZOlsOF0UUTiYDvKMdnpcq9Ax1yFiVyF7FsTI%2B36%2BqcgLpNAqT2qb19uCLGSzfSybUo%2FrdHTrAh8%2FchWJ9xlwOJfcWzmqiV8gC08zWKR"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6838d9a9a8384e7a-FRA
expires
Sun, 14 Aug 2022 01:36:32 GMT
/
jsonip.com/ 		152 B
453 B 		Script
General
Check archive.org
Download Go to
Full URL
https://jsonip.com/?callback=jQuery30004064944959964374_1629768992293&_=1629768992294
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/jquery.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:3c01::f03c:91ff:fe79:43b Fremont, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
09a3e424a2ed91e65bed9b71f28b6af86840c36449b8cc142dcaaebfad933dc4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
http://quirkybou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Tue, 24 Aug 2021 01:36:32 GMT
Server
nginx/1.20.1
Strict-Transport-Security
max-age=31536000;
Access-Control-Allow-Methods
GET
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Connection
keep-alive
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0747b43e4bc62271d2031a8a6c77765b949d3076f92045268f83217ef6bae448

Request headers

Referer
http://quirkybou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		10 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2298b8a6d4ca72834fde9bb8d7dec2672fd421bb97d92944f3b35561ec251c9

Request headers

Referer
http://quirkybou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
hack-run.png
shopget24.com/images/sampledata/ 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://shopget24.com/images/sampledata/hack-run.png
Requested by
Host: quirkybou.com
URL: http://quirkybou.com/bssa/office/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=26639b2386095edd5ffc25f37dfa94af035a85346a663c3f036eb0a28a58c4bcb1d644b6
Protocol
HTTP/1.1
Server
151.106.100.244 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
sco.boxsecured.com
Software
LiteSpeed / PHP/7.3.28
Resource Hash
6903fa3a18aa5c61b38ad74e21a448658c1a6958c26621b01589de6d8cedf907

Request headers

Referer
http://quirkybou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 01:36:33 GMT
server
LiteSpeed
x-powered-by
PHP/7.3.28
transfer-encoding
chunked
content-type
image/png
cache-control
public, max-age=604800
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
expires
Tue, 31 Aug 2021 01:36:33 GMT
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
954c2bcf0a554bc17a93c2177e14d71c479674999a640143b89aa737eab3562f

Request headers

Referer
http://quirkybou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer) Generic (Online)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| getIPAddress string| x

2 Cookies

Domain/Path Name / Value
quirkybou.com/ Name: PHPSESSID
Value: 5c307b2231d75e890de519047d67ecaa
quirkybou.com/bssa/office/s Name: ip11
Value: 2a01:4f8:121:131a::2