accountuserservices.com
Open in
urlscan Pro
192.99.252.232
Malicious Activity!
Public Scan
Effective URL: https://accountuserservices.com/delivery/?cep=PFV1SFpE0UbUZE91GqffO7ZIn4El9pKyqxjxtYg3sWX8ik-qpNWTLAtrgoTopPeXxJ4hjGJ9zF5A8Vi-3l...
Submission: On April 03 via manual from SG
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 7th 2019. Valid for: a year.
This is the only time accountuserservices.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Apple (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 93.90.117.117 93.90.117.117 | 28717 (ZENSYSTEM...) (ZENSYSTEMS-AS) | |
1 1 | 18.197.208.17 18.197.208.17 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
13 | 192.99.252.232 192.99.252.232 | 16276 (OVH) (OVH) | |
2 | 2606:4700::68... 2606:4700::6810:cea5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
15 | 3 |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-197-208-17.eu-central-1.compute.amazonaws.com
track.skinnylenks.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.onesignal.com | |
onesignal.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
accountuserservices.com
accountuserservices.com |
697 KB |
2 |
onesignal.com
cdn.onesignal.com onesignal.com |
54 KB |
1 |
skinnylenks.com
1 redirects
track.skinnylenks.com |
1 KB |
1 |
euro.email
1 redirects
mw0.euro.email |
612 B |
15 | 4 |
Domain | Requested by | |
---|---|---|
13 | accountuserservices.com |
accountuserservices.com
|
1 | onesignal.com |
cdn.onesignal.com
|
1 | cdn.onesignal.com |
accountuserservices.com
|
1 | track.skinnylenks.com | 1 redirects |
1 | mw0.euro.email | 1 redirects |
15 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
track.skinnylenks.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
accountuserservices.com Sectigo RSA Domain Validation Secure Server CA |
2019-03-07 - 2020-03-06 |
a year | crt.sh |
ssl473492.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-01-22 - 2019-07-31 |
6 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://accountuserservices.com/delivery/?cep=PFV1SFpE0UbUZE91GqffO7ZIn4El9pKyqxjxtYg3sWX8ik-qpNWTLAtrgoTopPeXxJ4hjGJ9zF5A8Vi-3lzIkb0l1qZH3uFS7TPrwmv401ZWXSfodEuSAt5wnhB3aJY5wkXODpetN9o31n2XXx7LnyRzRnzV4ngWLazF7UYq4etCljPM7isENPtPEsCANqTlo1K-tDnWHY0j7WnHd5wwTc9Cwt_yV75uLdRC2y7BLFs&email=thamsw@ocbc.com
Frame ID: A3FA90982B17C16E92BECDCDF2443C94
Requests: 16 HTTP requests in this frame
Frame:
https://accountuserservices.com/delivery/Apple%20-%20iPhone%20X_files/webPushAnalytics.html
Frame ID: F546C87AEFCDE2F9D65A50EDACEEE8E6
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://mw0.euro.email/index.php/campaigns/oy7270k89x153/track-url/xe597lm56h8c8/372a4abe3385f8800b...
HTTP 301
http://track.skinnylenks.com/b168f0b4-7440-4b98-9a5d-5f101efd707d?email=thamsw@ocbc.com HTTP 302
https://accountuserservices.com/delivery/?cep=PFV1SFpE0UbUZE91GqffO7ZIn4El9pKyqxjxtYg3sWX8ik-qpNWTLAtrgoTopP... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- headers server /php\/?([\d.]+)?/i
CentOS (Operating Systems) Expand
Detected patterns
- headers server /CentOS/i
OpenSSL (Web Server Extensions) Expand
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: CONTINUE
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://mw0.euro.email/index.php/campaigns/oy7270k89x153/track-url/xe597lm56h8c8/372a4abe3385f8800b80874adfeb7d8e474cdf48
HTTP 301
http://track.skinnylenks.com/b168f0b4-7440-4b98-9a5d-5f101efd707d?email=thamsw@ocbc.com HTTP 302
https://accountuserservices.com/delivery/?cep=PFV1SFpE0UbUZE91GqffO7ZIn4El9pKyqxjxtYg3sWX8ik-qpNWTLAtrgoTopPeXxJ4hjGJ9zF5A8Vi-3lzIkb0l1qZH3uFS7TPrwmv401ZWXSfodEuSAt5wnhB3aJY5wkXODpetN9o31n2XXx7LnyRzRnzV4ngWLazF7UYq4etCljPM7isENPtPEsCANqTlo1K-tDnWHY0j7WnHd5wwTc9Cwt_yV75uLdRC2y7BLFs&email=thamsw@ocbc.com Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
accountuserservices.com/delivery/ Redirect Chain
|
14 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
OneSignalSDK.js.download
accountuserservices.com/delivery/Apple%20-%20iPhone%20X_files/ |
17 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ios.css
accountuserservices.com/delivery/Apple%20-%20iPhone%20X_files/ |
6 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js.download
accountuserservices.com/delivery/Apple%20-%20iPhone%20X_files/ |
94 KB 94 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
OneSignalPageSDKES6.js.download
accountuserservices.com/delivery/Apple%20-%20iPhone%20X_files/ |
212 KB 212 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iphonex_main.png
accountuserservices.com/delivery/Apple%20-%20iPhone%20X_files/ |
44 KB 44 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading.gif
accountuserservices.com/delivery/Apple%20-%20iPhone%20X_files/ |
36 KB 36 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iphonexend.png
accountuserservices.com/delivery/Apple%20-%20iPhone%20X_files/ |
87 KB 87 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
item1.png
accountuserservices.com/delivery/Apple%20-%20iPhone%20X_files/ |
48 KB 49 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
item2.png
accountuserservices.com/delivery/Apple%20-%20iPhone%20X_files/ |
70 KB 71 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
item3.png
accountuserservices.com/delivery/Apple%20-%20iPhone%20X_files/ |
62 KB 63 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OneSignalPageSDKES6.js
cdn.onesignal.com/sdks/ |
212 KB 52 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
accountuserservices.com/delivery/Apple%20-%20iPhone%20X_files/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
671 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webPushAnalytics.html
accountuserservices.com/delivery/Apple%20-%20iPhone%20X_files/ Frame F546 |
2 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web
onesignal.com/api/v1/sync/a2ff8a2e-33b2-4ec7-a536-81205c8b2db3/ |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Apple (Online)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| getURLParameter string| dom string| email string| emaildec string| realemail string| link function| OneSignal function| $ function| jQuery object| dayNames object| monthNames object| now string| today function| get_date function| total_likes number| __oneSignalSdkLoadCount function| __jp00 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accountuserservices.com
cdn.onesignal.com
mw0.euro.email
onesignal.com
track.skinnylenks.com
18.197.208.17
192.99.252.232
2606:4700::6810:cea5
93.90.117.117
0e10b6e9c0b5b9586c6cdf307466474b438989e57732c2b41ec69b03b363533b
3bf8126fed5b1750b0fa0fd822ee841768a907d15213f61eb5a519c56b765740
3dfebea695e74f95113339686c6167ecd8e05afb20d69e3fd74d2acc8689e39b
53b0b4420375d315620eae8f8adc880434296878751fa40ee5976dc6f919a951
63a23cb228a3b6e6a33e3a12e6c5bcdf13fe0b28346ccdadca36097a4b13ac50
91fe649ce15e62a5e7cf11b69d72bf13cfef8296f1282a42361d381e43e96c92
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
b47b201c65f1e13068b9fb6dd8abaca26425332805f7e6254c57bec88f2e1c23
bba5708b5f78afd251d0700f717ae47228cc2b0fc391656f5fd04dd72db58135
d13e8e2d457c3fb3e57d9f119f46b500f0d32dac257c3bcf5a654cd161cfa18f
d1e6a46ee31ae3b0c66128b0ff372c08f38ca2505faad568abd28248e8127e4f
d916196d48d790f6668b22b3832aab2f878993f32f861344c07b8cebe14df347
e595145e8799907be60ef2a2463747d15a240c07027fe47081fea86a7df3eec4
f51baf7c1a16a3339b59e03ecd181f16f2b8ea4e0dbd25d982d97ab1d0b667a8
f820ed2666b3580d837f3c3ff9747499c83eb14c9bc2968f908d64efbad1afc7