www.agrizelpro.com.ec
Open in
urlscan Pro
162.222.226.195
Malicious Activity!
Public Scan
URL:
https://www.agrizelpro.com.ec/wp-content/upgrade/www/saml/authSynacor/en/?85.159.237.68-85.159.237.68-85.159.237.68
Submission: On January 29 via manual from US
Submission: On January 29 via manual from US
Summary
This website contacted 4 IPs
in 2 countries
across 4 domains to perform 11 HTTP transactions.
The main IP is 162.222.226.195, located in
Burlington, United States and
belongs to PUBLIC-DOMAIN-REGISTRY, US.
The main domain is www.agrizelpro.com.ec.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 11th 2020. Valid for: 3 months.
This is the only time www.agrizelpro.com.ec was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on January 11th 2020. Valid for: 3 months.
This is the only time www.agrizelpro.com.ec was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 162.222.226.195 162.222.226.195 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY) | |
| 8 | 64.8.70.75 64.8.70.75 | 36271 (SYNACOR-C...) (SYNACOR-CLUSTER) | |
| 1 | 2600:9000:215... 2600:9000:2156:e600:12:2f25:e340:21 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 2 | 108.128.130.224 108.128.130.224 | 16509 (AMAZON-02) (AMAZON-02) | |
| 11 | 4 |
1
162.222.226.195
(Burlington, United States)
ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
PTR: cp-39.webhostbox.net
ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
PTR: cp-39.webhostbox.net
| www.agrizelpro.com.ec |
8
64.8.70.75
(United States)
ASN36271 (SYNACOR-CLUSTER, US)
PTR: auth-gateway.net
ASN36271 (SYNACOR-CLUSTER, US)
PTR: auth-gateway.net
| windstream.auth-gateway.net |
1
2600:9000:2156:e600:12:2f25:e340:21
(United States)
ASN16509 (AMAZON-02, US)
ASN16509 (AMAZON-02, US)
| da4pli3l5vc0d.cloudfront.net |
2
108.128.130.224
(Dublin, Ireland)
ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-130-224.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-130-224.eu-west-1.compute.amazonaws.com
| synacor.112.2o7.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 8 |
auth-gateway.net
windstream.auth-gateway.net |
87 KB |
| 2 |
2o7.net
1 redirects
synacor.112.2o7.net |
882 B |
| 1 |
cloudfront.net
da4pli3l5vc0d.cloudfront.net |
9 KB |
| 1 |
agrizelpro.com.ec
www.agrizelpro.com.ec |
4 KB |
| 11 | 4 |
| Domain | Requested by | |
|---|---|---|
| 8 | windstream.auth-gateway.net |
www.agrizelpro.com.ec
|
| 2 | synacor.112.2o7.net |
1 redirects
www.agrizelpro.com.ec
|
| 1 | da4pli3l5vc0d.cloudfront.net |
www.agrizelpro.com.ec
|
| 1 | www.agrizelpro.com.ec | |
| 11 | 4 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| sam.windstream.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| agrizelpro.com.ec Let's Encrypt Authority X3 |
2020-01-11 - 2020-04-10 |
3 months | crt.sh |
| *.auth-gateway.net DigiCert SHA2 High Assurance Server CA |
2019-09-26 - 2021-10-12 |
2 years | crt.sh |
| *.cloudfront.net DigiCert Global CA G2 |
2019-07-17 - 2020-07-05 |
a year | crt.sh |
| *.112.2o7.net DigiCert SHA2 High Assurance Server CA |
2019-04-23 - 2021-04-27 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.agrizelpro.com.ec/wp-content/upgrade/www/saml/authSynacor/en/?85.159.237.68-85.159.237.68-85.159.237.68
Frame ID: 2A9DBED137CE2DBC6218FD86646D6E07
Requests: 11 HTTP requests in this frame
Screenshot
Detected technologies
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
- script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
OpenSSL
(Web Server Extensions)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Modernizr
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i
SiteCatalyst
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/s[_-]code.*\.js/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
reCAPTCHA
(Captchas)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<div[^>]+class="g-recaptcha"/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
URL: https://sam.windstream.com/selfcare/selfcare/SelfCareMain.jsp
Title: Trouble Logging In?
Title: Trouble Logging In?
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s66388693317449?AQB=1&ndh=1&t=29%2F0%2F2020%2019%3A16%3A25%203%20-60&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fwww.agrizelpro.com.ec%2Fwp-content%2Fupgrade%2Fwww%2Fsaml%2FauthSynacor%2Fen%2F%3F85.159.237.68-85.159.237.68-85.159.237.68&cc=USD&c1=Windstream&c6=Federated%20Login&c7=ac380d5275bfe45a9c98dfee9a824530&s=1600x1200&c=24&j=1.6&v=N&k=N&bw=1600&bh=1200&AQE=1 HTTP 302
- https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s66388693317449?AQB=1&pccr=true&vidn=2F18E5FC8515C60A-40000BE722B5C3E4&ndh=1&t=29%2F0%2F2020%2019%3A16%3A25%203%20-60&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fwww.agrizelpro.com.ec%2Fwp-content%2Fupgrade%2Fwww%2Fsaml%2FauthSynacor%2Fen%2F%3F85.159.237.68-85.159.237.68-85.159.237.68&cc=USD&c1=Windstream&c6=Federated%20Login&c7=ac380d5275bfe45a9c98dfee9a824530&s=1600x1200&c=24&j=1.6&v=N&k=N&bw=1600&bh=1200&AQE=1
11 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
www.agrizelpro.com.ec/wp-content/upgrade/www/saml/authSynacor/en/ |
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
modernizr.js
windstream.auth-gateway.net/js/ |
12 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-1.11.1.min.js
windstream.auth-gateway.net/js/ |
94 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.min.css
windstream.auth-gateway.net/bootstrap/3.3.5/css/ |
120 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.min.js
windstream.auth-gateway.net/bootstrap/3.3.5/js/ |
36 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
base.css
windstream.auth-gateway.net/css/default/ |
15 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
base.js
windstream.auth-gateway.net/js/default/ |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
federated_login.css
windstream.auth-gateway.net/css/client/69248/ |
429 B 652 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
103e18120cef932f2d236263c11f1ea0b1cec3ff
da4pli3l5vc0d.cloudfront.net/10/3e/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
s_code.js
windstream.auth-gateway.net/saml/resources/omniture/ |
30 KB 12 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
s66388693317449
synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/ Redirect Chain
|
43 B 271 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)38 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| html5 object| Modernizr function| yepnope function| $ function| jQuery object| jQuery1111005282534608639389 string| handler object| now number| can_submit_by boolean| completed_captcha function| enableSubmit function| toggleShowPassword function| showElement function| hideElement function| mouseOverToPopupRememberMe function| escapeHTML function| parseUri function| makeAjaxCall string| s_account object| s string| s_code string| s_objectID function| s_gi function| s_giqf string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq object| s_i_synacor0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
da4pli3l5vc0d.cloudfront.net
synacor.112.2o7.net
windstream.auth-gateway.net
www.agrizelpro.com.ec
108.128.130.224
162.222.226.195
2600:9000:2156:e600:12:2f25:e340:21
64.8.70.75
2f7eab63258fcd0d4fb4dac9c5f5a878ee5d5d877066b7de572a074cdd0c80a7
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87
4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
6b15ca565feb1b03c28e0596d15ad8999f6da88a05d359f2327dfda7f7aa7857
872f1d4c925f4649b3e1fe0854fb6947f7d1af43dc47a4495806f7dc8a8c86d9
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
c88ed6737ceaa447d0836432947fb7201e386b4541b7e31ff039a91d0f6cface
cb7f7021668cfddfc0bbd9df21f751bc62c0b36436c5617c5d02b7008c80caa4
f8e673c25be39d8531277d87b18ac3cf91def3c21ca9c171625e6c2aaa796bbd
fd413a60f3084fd9f633f1fcdf7ba4cb0a53f5eadc42ec0272d9a0fb9c439a50