localtesting.info
Open in
urlscan Pro
35.231.182.221
Malicious Activity!
Public Scan
Effective URL: http://localtesting.info/update/login.php?cmd=login_submit&id=32f77930f99676da0259676a0ced3a6532f77930f99676da0259676a0ce...
Submission: On December 06 via api from US
Summary
This is the only time localtesting.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 7 | 35.231.182.221 35.231.182.221 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:81c::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 69.89.31.230 69.89.31.230 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
8 | 3 |
ASN15169 (GOOGLE - Google LLC, US)
PTR: 221.182.231.35.bc.googleusercontent.com
localtesting.info |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: box430.bluehost.com
smallenvelop.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
localtesting.info
1 redirects
localtesting.info |
104 KB |
1 |
smallenvelop.com
smallenvelop.com |
214 B |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
8 | 3 |
Domain | Requested by | |
---|---|---|
7 | localtesting.info |
1 redirects
localtesting.info
|
1 | smallenvelop.com |
localtesting.info
|
1 | ajax.googleapis.com |
localtesting.info
|
8 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.googleapis.com Google Internet Authority G3 |
2018-11-07 - 2019-01-30 |
3 months | crt.sh |
smallenvelop.com Let's Encrypt Authority X3 |
2018-09-24 - 2018-12-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://localtesting.info/update/login.php?cmd=login_submit&id=32f77930f99676da0259676a0ced3a6532f77930f99676da0259676a0ced3a65&session=32f77930f99676da0259676a0ced3a6532f77930f99676da0259676a0ced3a65
Frame ID: 02055A27B5E28C7BDA2475633F3BEF46
Requests: 8 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://localtesting.info/update/index.php
HTTP 302
http://localtesting.info/update/login.php?cmd=login_submit&id=32f77930f99676da0259676a0ced3a6532f7793... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://localtesting.info/update/index.php
HTTP 302
http://localtesting.info/update/login.php?cmd=login_submit&id=32f77930f99676da0259676a0ced3a6532f77930f99676da0259676a0ced3a65&session=32f77930f99676da0259676a0ced3a6532f77930f99676da0259676a0ced3a65 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
localtesting.info/update/ Redirect Chain
|
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c1.png
localtesting.info/update/images/ |
36 KB 36 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c2.png
localtesting.info/update/images/ |
30 KB 31 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c3.png
localtesting.info/update/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c4.png
localtesting.info/update/images/ |
30 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cg.png
localtesting.info/update/images/ |
945 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
Preloader_11.gif
smallenvelop.com/wp-content/uploads/2014/08/ |
214 B 214 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
localtesting.info
smallenvelop.com
2a00:1450:4001:81c::200a
35.231.182.221
69.89.31.230
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
07860251b5d681bb77cc0781533cd42d1adf299131c50210c1c3355e2c9b8f89
115fc8cd36960dae458007d1436b7a66409921d5f9d1c7f68e48fe0274429db3
652a1a3d3b5289819558c92bab795c6b14b6fc67da9dc3bc15315e602c689b7b
801129d24cccdf93f9149a5a279865f81cda0328674be0adf4973b1b68014eac
8ed1ed38467cc418ca3948607afc328c44b3c4b1fcc2f0230ef38240c1f66524
c09fc74321d66664b27a836c3fadd2d59ffaa7d5dfac9d76a6cd11327ab8bdff
ebcd6f8fc0ff4bd02f526a5d343dd52092cfd19394b88f849f4bad51f9a5152d