scancontrol.nl
Open in
urlscan Pro
2a0b:7280:200:0:432:e8ff:fe00:dbf
Malicious Activity!
Public Scan
Effective URL: http://scancontrol.nl/wp-admin/includes/admin/cmd-login=a2a7938099b2075bd8b9b69804524753/ht3xu73oajj386o0qu0vmz34.php?...
Submission: On June 27 via manual from US
Summary
This is the only time scancontrol.nl was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2620:101:2005... 2620:101:2005:11f0::1001 | 16417 (IRONPORT-...) (IRONPORT-SYSTEMS-INC - Cisco Systems Ironport Division) | |
2 | 202.67.10.74 202.67.10.74 | 24195 (DHECYBER-...) (DHECYBER-AS-ID PT. Dhecyber Flow Indonesia) | |
2 11 | 2a0b:7280:200... 2a0b:7280:200:0:432:e8ff:fe00:dbf | 48635 (ASTRALUS) (ASTRALUS) | |
11 | 2 |
ASN16417 (IRONPORT-SYSTEMS-INC - Cisco Systems Ironport Division, US)
secure-web.cisco.com |
ASN24195 (DHECYBER-AS-ID PT. Dhecyber Flow Indonesia, ID)
PTR: dhe-202-67-10-74.static.dhecyber.net.id
sippd.makassar.go.id |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
scancontrol.nl
2 redirects
scancontrol.nl |
321 KB |
2 |
makassar.go.id
sippd.makassar.go.id |
31 KB |
1 |
cisco.com
1 redirects
secure-web.cisco.com |
316 B |
11 | 3 |
Domain | Requested by | |
---|---|---|
11 | scancontrol.nl |
2 redirects
sippd.makassar.go.id
scancontrol.nl |
2 | sippd.makassar.go.id |
sippd.makassar.go.id
|
1 | secure-web.cisco.com | 1 redirects |
11 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh |
This page contains 1 frames:
Primary Page:
http://scancontrol.nl/wp-admin/includes/admin/cmd-login=a2a7938099b2075bd8b9b69804524753/ht3xu73oajj386o0qu0vmz34.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=aalqassabi@deloitte.com&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Frame ID: 5BBA966E62F1FD8F8703061EF01E1D73
Requests: 11 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://secure-web.cisco.com/13HV_aMgxpjk46UACKBPwa1iOA1yfKdRkMqzd0RQhjMs05xRxyHZYtSiI2_pzrJpVMXyNntXPw14...
HTTP 302
http://sippd.makassar.go.id/erk/?alpha1=YWFscWFzc2FiaUBkZWxvaXR0ZS5jb20= Page URL
-
http://scancontrol.nl/wp-admin/includes/admin/?email=YWFscWFzc2FiaUBkZWxvaXR0ZS5jb20=
HTTP 302
http://scancontrol.nl/wp-admin/includes/admin/cmd-login=a2a7938099b2075bd8b9b69804524753/?email=YW... HTTP 302
http://scancontrol.nl/wp-admin/includes/admin/cmd-login=a2a7938099b2075bd8b9b69804524753/ht3xu73oa... Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://secure-web.cisco.com/13HV_aMgxpjk46UACKBPwa1iOA1yfKdRkMqzd0RQhjMs05xRxyHZYtSiI2_pzrJpVMXyNntXPw146yTCPiakb_KRMou749ujW2Ay7vi1xe472f4aplHWeWl2SbZ97z9nB6ocarOUhNC3mljTSVZ72-EpepRJmxtDeeFRRVCV9brPQlQapagfNSqN_Het9T4LOtmLQk3CudgIlOF3lkR40MfDtZDuqYHv1gPlUiXdHUrSsMysAwSaFWsfMzomq9m-5lqEYE7r39NyXT7S5f8t8Nmg9DcXNsMN0008OpdcvqAxvyNO-s5xEnCSJZJkmLTBhLHS2npobiWq9d2Qkp6vrBSb7O0dSnIuM8gpaWSvl3dQwq5mMbRFnhC2Wxj4ZbtNVedLnFYg-31qQVJIrRX8GZb__d3fBwcBCvUVJg08NW2hwxP2LJe43eWyHfRl5pm9WtaWic71OJsTy9Bj6A8GXlc71sLtKeJH3tvtd7jAbaoCMYpZCAlORiW1O-qlSn-N0j1660bfAvUkFC63hMIGCKQ/https%3A%2F%2Ftinyurl.com%2Fyxowtd5z%3Falpha1%3DYWFscWFzc2FiaUBkZWxvaXR0ZS5jb20%3D
HTTP 302
http://sippd.makassar.go.id/erk/?alpha1=YWFscWFzc2FiaUBkZWxvaXR0ZS5jb20= Page URL
-
http://scancontrol.nl/wp-admin/includes/admin/?email=YWFscWFzc2FiaUBkZWxvaXR0ZS5jb20=
HTTP 302
http://scancontrol.nl/wp-admin/includes/admin/cmd-login=a2a7938099b2075bd8b9b69804524753/?email=YWFscWFzc2FiaUBkZWxvaXR0ZS5jb20=&loginpage=&reff=ZTU1MDRkYjhjOTYzMmNhYjA0NzA3OWIxMmMyZWIyZGI= HTTP 302
http://scancontrol.nl/wp-admin/includes/admin/cmd-login=a2a7938099b2075bd8b9b69804524753/ht3xu73oajj386o0qu0vmz34.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=aalqassabi@deloitte.com&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://secure-web.cisco.com/13HV_aMgxpjk46UACKBPwa1iOA1yfKdRkMqzd0RQhjMs05xRxyHZYtSiI2_pzrJpVMXyNntXPw146yTCPiakb_KRMou749ujW2Ay7vi1xe472f4aplHWeWl2SbZ97z9nB6ocarOUhNC3mljTSVZ72-EpepRJmxtDeeFRRVCV9brPQlQapagfNSqN_Het9T4LOtmLQk3CudgIlOF3lkR40MfDtZDuqYHv1gPlUiXdHUrSsMysAwSaFWsfMzomq9m-5lqEYE7r39NyXT7S5f8t8Nmg9DcXNsMN0008OpdcvqAxvyNO-s5xEnCSJZJkmLTBhLHS2npobiWq9d2Qkp6vrBSb7O0dSnIuM8gpaWSvl3dQwq5mMbRFnhC2Wxj4ZbtNVedLnFYg-31qQVJIrRX8GZb__d3fBwcBCvUVJg08NW2hwxP2LJe43eWyHfRl5pm9WtaWic71OJsTy9Bj6A8GXlc71sLtKeJH3tvtd7jAbaoCMYpZCAlORiW1O-qlSn-N0j1660bfAvUkFC63hMIGCKQ/https%3A%2F%2Ftinyurl.com%2Fyxowtd5z%3Falpha1%3DYWFscWFzc2FiaUBkZWxvaXR0ZS5jb20%3D HTTP 302
- http://sippd.makassar.go.id/erk/?alpha1=YWFscWFzc2FiaUBkZWxvaXR0ZS5jb20=
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
sippd.makassar.go.id/erk/ Redirect Chain
|
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
sippd.makassar.go.id/erk/js/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
ht3xu73oajj386o0qu0vmz34.php
scancontrol.nl/wp-admin/includes/admin/cmd-login=a2a7938099b2075bd8b9b69804524753/ Redirect Chain
|
24 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
converged.login.min.css
scancontrol.nl/wp-admin/includes/admin/cmd-login=a2a7938099b2075bd8b9b69804524753/files/ |
84 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
convergedlogin_pcore.min.js
scancontrol.nl/wp-admin/includes/admin/cmd-login=a2a7938099b2075bd8b9b69804524753/files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
convergedloginpaginatedstrings-en-gb.min.js
scancontrol.nl/wp-admin/includes/admin/cmd-login=a2a7938099b2075bd8b9b69804524753/files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.svg
scancontrol.nl/wp-admin/includes/admin/cmd-login=a2a7938099b2075bd8b9b69804524753/files/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
picker_account_aad.svg
scancontrol.nl/wp-admin/includes/admin/cmd-login=a2a7938099b2075bd8b9b69804524753/files/ |
756 B 760 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
convergedloginpaginatedstrings-en-gb.min.js
scancontrol.nl/wp-admin/includes/admin/cmd-login=a2a7938099b2075bd8b9b69804524753/files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0-small.jpg
scancontrol.nl/wp-admin/includes/admin/cmd-login=a2a7938099b2075bd8b9b69804524753/files/ |
1 KB 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0.jpg
scancontrol.nl/wp-admin/includes/admin/cmd-login=a2a7938099b2075bd8b9b69804524753/files/ |
291 KB 291 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| $Debug object| $Do undefined| g_iSRSFailed undefined| g_sSRSSuccess1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
scancontrol.nl/ | Name: PHPSESSID Value: 7v61eg6kb90gin3jnsvr0d5il5 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
scancontrol.nl
secure-web.cisco.com
sippd.makassar.go.id
202.67.10.74
2620:101:2005:11f0::1001
2a0b:7280:200:0:432:e8ff:fe00:dbf
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
4f962ec8ae085492d496fcbbd74185ab1c8e377438dbcb5ec4f8517b7bd9293f
5d3357bd875b7335ace42e8ee3a64578e4253bed1a4e279109de403eedae3a69
62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214
84fb07ced54e90e245787d3bd3b32811908cebcc3ca083b4462d62a2c8a02152
c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b
db3d4769075e578c46dbb24053a028a6bae34410ef0cd50e31e35b47b3bf1a3f