mortgageletter.org
Open in
urlscan Pro
94.100.31.218
Malicious Activity!
Public Scan
URL:
http://mortgageletter.org/prequal/admk/doc27/home/file/d/0B7S3TklbfPcjRTZ2M2xHaDhla2c/pre/qual/eview/edocs1/
Submission: On December 01 via api from CA
Submission: On December 01 via api from CA
Summary
This website contacted 4 IPs
in 3 countries
across 3 domains to perform 15 HTTP transactions.
The main IP is 94.100.31.218, located in
Netherlands and
belongs to SWIFTWAY-AS Netherlands, GB.
The main domain is mortgageletter.org.
This is the only time mortgageletter.org was scanned on urlscan.io!
This is the only time mortgageletter.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online) GDrive and other (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 10 | 94.100.31.218 94.100.31.218 | 35017 (SWIFTWAY-...) (SWIFTWAY-AS Netherlands) | |
| 1 | 178.32.30.35 178.32.30.35 | 16276 (OVH) (OVH) | |
| 4 | 172.217.16.163 172.217.16.163 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 15 | 4 |
10
94.100.31.218
(Netherlands)
ASN35017 (SWIFTWAY-AS Netherlands, GB)
PTR: host3.azaronline.com
ASN35017 (SWIFTWAY-AS Netherlands, GB)
PTR: host3.azaronline.com
| mortgageletter.org |
4
172.217.16.163
(Mountain View, United States)
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s11-in-f163.1e100.net
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s11-in-f163.1e100.net
| ssl.gstatic.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 10 |
mortgageletter.org
mortgageletter.org |
190 KB |
| 4 |
gstatic.com
ssl.gstatic.com |
8 KB |
| 1 |
phishingscripts.com
phishingscripts.com |
|
| 15 | 3 |
| Domain | Requested by | |
|---|---|---|
| 10 | mortgageletter.org |
mortgageletter.org
|
| 4 | ssl.gstatic.com |
mortgageletter.org
|
| 1 | phishingscripts.com |
mortgageletter.org
|
| 15 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.google.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.google.com Google Internet Authority G2 |
2017-11-01 - 2018-01-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://mortgageletter.org/prequal/admk/doc27/home/file/d/0B7S3TklbfPcjRTZ2M2xHaDhla2c/pre/qual/eview/edocs1/
Frame ID: 24202.1
Requests: 16 HTTP requests in this frame
2 Outgoing links
These are links going to different origins than the main page.
URL: https://www.google.com/intl/en/about
Title: About Google
Title: About Google
Search URL Search Domain Scan URL
URL: http://www.google.com/support/accounts?hl=en
Title: Help
Title: Help
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
mortgageletter.org/prequal/admk/doc27/home/file/d/0B7S3TklbfPcjRTZ2M2xHaDhla2c/pre/qual/eview/edocs1/ |
55 KB 55 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.min.js
mortgageletter.org/prequal/admk/doc27/home/file/d/0B7S3TklbfPcjRTZ2M2xHaDhla2c/pre/qual/eview/edocs1/Google_docs_files/ |
93 KB 93 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.ddslick.min.js
mortgageletter.org/prequal/admk/doc27/home/file/d/0B7S3TklbfPcjRTZ2M2xHaDhla2c/pre/qual/eview/edocs1/Google_docs_files/ |
7 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo_strip.png
mortgageletter.org/prequal/admk/doc27/home/file/d/0B7S3TklbfPcjRTZ2M2xHaDhla2c/pre/qual/eview/edocs1/index_files/ |
26 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
universal_language_settings-21.png
mortgageletter.org/prequal/admk/doc27/home/file/d/0B7S3TklbfPcjRTZ2M2xHaDhla2c/pre/qual/eview/edocs1/Sign%20in%20-%20Google%20Accounts_files/ |
199 B 199 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
 Cookie set
style.php
phishingscripts.com/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo_1x.png
ssl.gstatic.com/accounts/ui/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
avatar_2x.png
ssl.gstatic.com/accounts/ui/ |
626 B 635 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
checkmark.png
ssl.gstatic.com/ui/v1/menu/ |
239 B 248 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
284 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
wlogostrip_230x17_1x.png
ssl.gstatic.com/accounts/ui/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mail_gmail.png
mortgageletter.org/prequal/admk/doc27/home/file/d/0B7S3TklbfPcjRTZ2M2xHaDhla2c/pre/qual/eview/edocs1/Google_docs_files/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
yahoo.png
mortgageletter.org/prequal/admk/doc27/home/file/d/0B7S3TklbfPcjRTZ2M2xHaDhla2c/pre/qual/eview/edocs1/Google_docs_files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
live_hotmail.png
mortgageletter.org/prequal/admk/doc27/home/file/d/0B7S3TklbfPcjRTZ2M2xHaDhla2c/pre/qual/eview/edocs1/Google_docs_files/ |
517 B 517 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
aol.png
mortgageletter.org/prequal/admk/doc27/home/file/d/0B7S3TklbfPcjRTZ2M2xHaDhla2c/pre/qual/eview/edocs1/Google_docs_files/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
email.png
mortgageletter.org/prequal/admk/doc27/home/file/d/0B7S3TklbfPcjRTZ2M2xHaDhla2c/pre/qual/eview/edocs1/Google_docs_files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online) GDrive and other (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
mortgageletter.org
phishingscripts.com
ssl.gstatic.com
172.217.16.163
178.32.30.35
94.100.31.218
000da3616519f393f1d7450839c1dbda356053087d0191bd2d25a83e5fc63e8c
04486132acc506e6a7b442208732ecaa3f2c1f8c122dd38354651e19c90c5a53
05cdc120325f04f53e3ec7dbba877500d94db5a47e38fb6a2cc96fa3d1d7664c
0b6c1e1b33c085efad5bdc32654ec90b4ddc934eb1c1aca71a439ff89867f468
0e95cbf733f41b43a1e2716643ad7ea8cd5fdfcb2eee2d038f4618c579bcaff7
1b5fe12e21a9d8ff78e007ecf9fa5a819947dc3e6ba7a0ca4951760d1c006adf
2210e36b5b21e54cd4dc2ccdcc06138db8598d704ebf19052e5caa84edb4a675
59404af2d92c53ad1ee9e21b252c07c77dcba810b248a79d6ae989b1ff63c7d6
6a65a240b4678c8a34098d1127abfb36d5e72d6537fe0609e94ab6745d1748a5
73b1ce58fa539aab1d6d1424607c5ff60fc5e2f2c0becd3a776f7f4f8f3664b0
970882d4a7e6a84819f31de8d238cb3ada20bf0a4ea307b45bf44988bbfc4602
c7b07a0440ecfbd1f32110a6a5c7e92ecfe0200a65ba5fdd5660a98cf2294c09
cdcc6d6dcda827a694dce8bfa9a1ab41113b629ef1cc11f886866af9194c81d0
d72fcb8924d1e14dbd4b04aff994c1183ee86c620f0aaac034f75fc508548220
fc6e1e44fce24fcda33dfd0e0a05a77004b3cd1d81018e9616d6e4145145d0b9