iplabs.cf
Open in
urlscan Pro
195.201.241.182
Malicious Activity!
Public Scan
Submission: On February 08 via manual from US
Summary
This is the only time iplabs.cf was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer) Generic (Online) Tech Support Scam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 195.201.241.182 195.201.241.182 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 2a00:1450:400... 2a00:1450:4001:81a::2008 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 205.185.208.52 205.185.208.52 | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
1 | 46.105.201.240 46.105.201.240 | 16276 (OVH) (OVH) | |
1 | 2a00:1450:400... 2a00:1450:4001:808::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 2 | 2a00:1450:400... 2a00:1450:4001:824::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 1 | 2a00:1450:400... 2a00:1450:400c:c04::9b | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 1 | 2a00:1450:400... 2a00:1450:4005:800::2004 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:808::2003 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 192.99.0.18 192.99.0.18 | 16276 (OVH) (OVH) | |
17 | 9 |
ASN24940 (HETZNER-AS, DE)
PTR: server79.hostblast.net
iplabs.cf |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net
code.jquery.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
iplabs.cf
iplabs.cf |
80 KB |
2 |
google-analytics.com
1 redirects
www.google-analytics.com |
17 KB |
2 |
histats.com
s10.histats.com s4.histats.com |
5 KB |
2 |
jquery.com
code.jquery.com |
60 KB |
1 |
google.de
www.google.de |
109 B |
1 |
google.com
1 redirects
www.google.com |
178 B |
1 |
doubleclick.net
1 redirects
stats.g.doubleclick.net |
163 B |
1 |
googleapis.com
fonts.googleapis.com |
2 KB |
1 |
googletagmanager.com
www.googletagmanager.com |
32 KB |
17 | 9 |
Domain | Requested by | |
---|---|---|
9 | iplabs.cf |
iplabs.cf
|
2 | www.google-analytics.com |
1 redirects
www.googletagmanager.com
|
2 | code.jquery.com |
iplabs.cf
|
1 | s4.histats.com |
s10.histats.com
|
1 | www.google.de |
iplabs.cf
|
1 | www.google.com | 1 redirects |
1 | stats.g.doubleclick.net | 1 redirects |
1 | fonts.googleapis.com |
iplabs.cf
|
1 | s10.histats.com |
iplabs.cf
|
1 | www.googletagmanager.com |
iplabs.cf
|
17 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.google-analytics.com Google Internet Authority G3 |
2019-01-23 - 2019-04-17 |
3 months | crt.sh |
jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
*.googleapis.com Google Internet Authority G3 |
2019-01-23 - 2019-04-17 |
3 months | crt.sh |
www.google.de Google Internet Authority G3 |
2019-01-23 - 2019-04-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://iplabs.cf/mstech1/
Frame ID: A9E377378774ACFF6551FAA9C1FDD499
Requests: 18 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
- env /^gaGlobal$/i
Google Tag Manager (Tag Managers) Expand
Detected patterns
- env /^google_tag_manager$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 15- https://www.google-analytics.com/r/collect?v=1&_v=j73&a=399792999&t=pageview&_s=1&dl=http%3A%2F%2Fiplabs.cf%2Fmstech1%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1913003124&gjid=1032622512&cid=1895933221.1549667909&tid=UA-113968233-1&_gid=1436969639.1549667909&_r=1>m=2ou1r0&z=500807 HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-113968233-1&cid=1895933221.1549667909&jid=1913003124&_gid=1436969639.1549667909&gjid=1032622512&_v=j73&z=500807 HTTP 302
- https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-113968233-1&cid=1895933221.1549667909&jid=1913003124&_v=j73&z=500807 HTTP 302
- https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-113968233-1&cid=1895933221.1549667909&jid=1913003124&_v=j73&z=500807&slf_rd=1&random=809307246
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
iplabs.cf/mstech1/ |
24 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
91 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
iplabs.cf/mstech1/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap-theme.min.css
iplabs.cf/mstech1/ |
23 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
iplabs.cf/mstech1/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
support.svg
iplabs.cf/mstech1/ |
16 KB 16 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
335158-windows-8-window.png
iplabs.cf/mstech1/ |
28 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.3.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.3.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.js
iplabs.cf/mstech1/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js15_as.js
s10.histats.com/ |
11 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
33 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
43 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background.png
iplabs.cf/mstech1/ |
339 B 339 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
239 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sound.mp3
iplabs.cf/mstech1/ |
68 KB 0 |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ Redirect Chain
|
42 B 109 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0.php
s4.histats.com/stats/ |
49 B 320 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer) Generic (Online) Tech Support Scam (Consumer)43 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| gtag object| dataLayer object| _Hasync object| google_tag_manager string| GoogleAnalyticsObject function| ga boolean| isOpera boolean| isFirefox boolean| isSafari boolean| isChrome boolean| isIE object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| $ function| jQuery function| chfh function| chfh2 string| _HST_cntval object| Histats function| fillForm function| closeCode function| getCode function| modalClose function| getModal function| _toggleFullScreen function| open1 function| isPlaying function| forceDownload function| catchControlKeys function| prevent boolean| state function| confirmExit function| get_browser boolean| InternetEx boolean| isIEedge object| browser undefined| msg_ff object| _HistatsCounterGraphics_0_setValues10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
iplabs.cf/ | Name: HstCns3743648 Value: 1 |
|
iplabs.cf/ | Name: HstPt3743648 Value: 1 |
|
iplabs.cf/ | Name: HstCnv3743648 Value: 1 |
|
iplabs.cf/ | Name: HstCla3743648 Value: 1549667909523 |
|
iplabs.cf/ | Name: HstCmu3743648 Value: 1549667909523 |
|
iplabs.cf/ | Name: HstCfa3743648 Value: 1549667909523 |
|
iplabs.cf/ | Name: HstPn3743648 Value: 1 |
|
.iplabs.cf/ | Name: _ga Value: GA1.2.1895933221.1549667909 |
|
.iplabs.cf/ | Name: _gat_gtag_UA_113968233_1 Value: 1 |
|
.iplabs.cf/ | Name: _gid Value: GA1.2.1436969639.1549667909 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
fonts.googleapis.com
iplabs.cf
s10.histats.com
s4.histats.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
192.99.0.18
195.201.241.182
205.185.208.52
2a00:1450:4001:808::2003
2a00:1450:4001:808::200a
2a00:1450:4001:81a::2008
2a00:1450:4001:824::200e
2a00:1450:4005:800::2004
2a00:1450:400c:c04::9b
46.105.201.240
10998ee9ec39ddd992b77f010a09c3312a646219a59d7f3bc2b3717a6bf02729
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1f730c8b78091c3479abc2fb805b9093138f05acd0de421b8da96389cbbb9668
312c6606235f1ba63b2141b812fef5398536390a76c85f5ab8bcc35a7aa8737e
38d779f1251e75f224c215b990a644317cc6cf2c480b048901f58eb5987b1653
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
40a88251083b5e6a914044af1980b50744290555314c1ceb3cf80169c085df8b
4ac2980bc9e19d2e8d86d2c569157e306603602fc5afb706327f4d1062b63d36
558cf3f73cab42cde0dc5a1492616628e72d29f0f6f063984aa7be9f3585663b
653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e
bd08b9849632e73574f62ca80572a17f9bbd9bb1010fe8c6380e641460abd96c
dcd61e64ff188be4bbed72c5e1f7e0af7fca0f34a214c68774f2406cb0347447
ea2cefd1f0e8aaac01aa58121d8e5e763b42965325b97f11ba504bf8e1ed8081
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4788932ad63054757ffcba66a09958e9f3de1f04d8bb58ef4b4d4d1bd55164b
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c