![](/screenshots/300b3d2d-ffb5-4f99-9132-d7111cb1e424.png)
onlyfoam.com
Open in
urlscan Pro
72.167.2.150
Malicious Activity!
Public Scan
Effective URL: http://onlyfoam.com/mai/altra/road.php?cmd=login_submit&id=9600705448982ac5cdbe4d16153d18709600705448982ac5cdbe4d161...
Submission: On December 13 via manual from US
Summary
This is the only time onlyfoam.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 14 | 72.167.2.150 72.167.2.150 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
1 | 2620:0:862:ed... 2620:0:862:ed1a::2:b | 14907 (WIKIMEDIA) (WIKIMEDIA - Wikimedia Foundation Inc.) | |
1 | 137.44.1.7 137.44.1.7 | 786 (JANET Jis...) (JANET Jisc Services Limited) | |
15 | 4 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-72-167-2-150.ip.secureserver.net
onlyfoam.com |
ASN14907 (WIKIMEDIA - Wikimedia Foundation Inc., US)
upload.wikimedia.org |
ASN786 (JANET Jisc Services Limited, GB)
PTR: web.swan.ac.uk
www.swansea.ac.uk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
onlyfoam.com
3 redirects
onlyfoam.com |
64 KB |
1 |
swansea.ac.uk
www.swansea.ac.uk |
44 KB |
1 |
wikimedia.org
upload.wikimedia.org |
13 KB |
15 | 3 |
Domain | Requested by | |
---|---|---|
14 | onlyfoam.com |
3 redirects
onlyfoam.com
|
1 | www.swansea.ac.uk |
onlyfoam.com
|
1 | upload.wikimedia.org |
onlyfoam.com
|
15 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.wikipedia.org DigiCert SHA2 High Assurance Server CA |
2016-12-19 - 2018-01-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://onlyfoam.com/mai/altra/road.php?cmd=login_submit&id=9600705448982ac5cdbe4d16153d18709600705448982ac5cdbe4d16153d1870&session=9600705448982ac5cdbe4d16153d18709600705448982ac5cdbe4d16153d1870
Frame ID: (3CD6E6BA96B2C60DC4CE68071176762)
Requests: 15 HTTP requests in this frame
Screenshot
![](/screenshots/300b3d2d-ffb5-4f99-9132-d7111cb1e424.png)
Page URL History Show full URLs
-
http://onlyfoam.com/mai
HTTP 301
http://onlyfoam.com/mai/ HTTP 302
http://onlyfoam.com/mai/apart.php?cmd=login_submit&id=62fede41944871374d40c284a909a65662fede4194... Page URL
-
http://onlyfoam.com/mai/altra/
HTTP 302
http://onlyfoam.com/mai/altra/road.php?cmd=login_submit&id=9600705448982ac5cdbe4d16153d187096007... Page URL
Detected technologies
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Twitter Bootstrap () Expand
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://onlyfoam.com/mai
HTTP 301
http://onlyfoam.com/mai/ HTTP 302
http://onlyfoam.com/mai/apart.php?cmd=login_submit&id=62fede41944871374d40c284a909a65662fede41944871374d40c284a909a656&session=62fede41944871374d40c284a909a65662fede41944871374d40c284a909a656 Page URL
-
http://onlyfoam.com/mai/altra/
HTTP 302
http://onlyfoam.com/mai/altra/road.php?cmd=login_submit&id=9600705448982ac5cdbe4d16153d18709600705448982ac5cdbe4d16153d1870&session=9600705448982ac5cdbe4d16153d18709600705448982ac5cdbe4d16153d1870 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://onlyfoam.com/mai HTTP 301
- http://onlyfoam.com/mai/ HTTP 302
- http://onlyfoam.com/mai/apart.php?cmd=login_submit&id=62fede41944871374d40c284a909a65662fede41944871374d40c284a909a656&session=62fede41944871374d40c284a909a65662fede41944871374d40c284a909a656
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
apart.php
onlyfoam.com/mai/ Redirect Chain
|
2 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
road.php
onlyfoam.com/mai/altra/ Redirect Chain
|
4 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font.css
onlyfoam.com/mai/altra/telm_files/ |
509 B 247 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
onlyfoam.com/mai/altra/telm_files/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
input.css
onlyfoam.com/mai/altra/telm_files/ |
5 KB 955 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stander.css
onlyfoam.com/mai/altra/telm_files/ |
405 B 189 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.css
onlyfoam.com/mai/altra/telm_files/ |
101 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap-responsive.css
onlyfoam.com/mai/altra/telm_files/ |
16 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap-select.css
onlyfoam.com/mai/altra/telm_files/ |
4 KB 972 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
responsive.css
onlyfoam.com/mai/altra/telm_files/ |
1023 B 418 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1024px-DHL_Logo.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/a/ac/DHL_Logo.svg/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
office-2.png
www.swansea.ac.uk/it-services/software-enquiry/office-365/ |
44 KB 44 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading_ajax.gif
onlyfoam.com/mai/altra/telm_files/ |
39 KB 39 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
robot.jpg
onlyfoam.com/mai/img/robot/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
open-sans.light-webfont.woff
onlyfoam.com/mai/altra/font/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- onlyfoam.com
- URL
- http://onlyfoam.com/mai/img/robot/robot.jpg
- Domain
- onlyfoam.com
- URL
- http://onlyfoam.com/mai/altra/font/open-sans.light-webfont.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onafterprint object| onbeforeprint0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
onlyfoam.com
upload.wikimedia.org
www.swansea.ac.uk
onlyfoam.com
137.44.1.7
2620:0:862:ed1a::2:b
72.167.2.150
1dbf9f0ae4697fe453c8bc4d75aa88a6c3bf92518ab46b8240f29322717c9b6e
43bdd7b311c1bbf61b833bdece51e14b34aa392f5a93ed8845d6b30787045f74
71633d747b508f0a38ee40b41a372faeec604ca1070d511fd5b8cbcb453cf3b2
7f87de48adfa878b20a6e1ba12f7409d99b0a450fca3903d64630085da53377f
86387aadf87c0faad0757b8ebf65aed18819bf285ccbcd06fdf0bfd797cd85a5
a0a14531e911c75acc5fc8819d1c1554c02b87cfecbc0da2a31ed3da106ddca5
b45b58a62c06651bd1a1bd21cc20281dbe1d1a6e587c6385b0a99511067a8c19
cc161144760ae41a24180099d28ea76f12e6225e3559966aa7b11668306585ae
d657f5f4559dc7ca2114aa5c0b19d4da699bbcc7590e497a01f52b9967d4423d
dd2e0da64d0a5863b018d28eae05ffd255224bfed8a551dddbb3d0b27c351dba
e5dc908c683f9fedd0183d4dc8a844f0c1053575301b069852f17afd4fc082bd
ef70a526888d55ed811c3254b91ae48509cc1746f3efe1051e7350077d1440ab
fd8c01a6295285efee8395ea61e944ae56116d19e157a251bc19b3fabd32aabc