forchallenge.ro
Open in
urlscan Pro
89.42.218.231
Malicious Activity!
Public Scan
Submission: On December 05 via manual from RO — Scanned from DE
Summary
TLS certificate: Issued by R3 on October 7th 2022. Valid for: 3 months.
This is the only time forchallenge.ro was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 89.42.218.231 89.42.218.231 | 205275 (ROMARG HO...) (ROMARG HOSTING) | |
9 | 1 |
ASN205275 (ROMARG HOSTING, RO)
PTR: server-0337.whmpanels.com
forchallenge.ro |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
forchallenge.ro
forchallenge.ro |
122 KB |
9 | 1 |
Domain | Requested by | |
---|---|---|
9 | forchallenge.ro |
forchallenge.ro
|
9 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
prodgsm.eu R3 |
2022-10-07 - 2023-01-05 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://forchallenge.ro/us_gate/authentication.php
Frame ID: 4D4F1E8882374C8171DB394052176B8C
Requests: 9 HTTP requests in this frame
Screenshot
Page Title
Amazon Sign-InDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
authentication.php
forchallenge.ro/us_gate/ |
17 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
forchallenge.ro/us_gate/css/ |
3 KB 941 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amazonUI.css
forchallenge.ro/us_gate/css/ |
162 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
onPortalAssets.css
forchallenge.ro/us_gate/css/ |
45 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
forchallenge.ro/us_gate/js/ |
85 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
forchallenge.ro/us_gate/js/ |
967 B 337 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
mPGmT0r6IeTyIee.png
forchallenge.ro/us_gate/images/ |
27 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pDxWAF1pBB0dzGB.woff2
forchallenge.ro/us_gate/fonts/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
KFPk-9IF4FqAqY-.woff2
forchallenge.ro/us_gate/fonts/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery function| onlyLettersAndNumbers0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
forchallenge.ro
89.42.218.231
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
4065b43ba3db8da5390ba0708555889f78e86483fe0226ef79ea22d07c306b89
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5
8b880d1a1fa08d71593330353b236bd8acb1a8837d9a72bdf1551931fed4f5d8
955015eaa8deba2d6a3652482092163edf3180da9f83c881d682ae8d9fa1b747
9d76fadd246f9de1b9512378f7fac117657df42a7b7a6d3b3c9ce36305be50a0
bb8dd7d5847694a72a775f58b6485f7d3f542bd15a61ad8357da61acead8cb31
cded49f94fc16dc0a14923975e159fbf4b14844593e612c1342c9e34e2f96821
f88e9f6145e11b66fdf699cb8c4eb58f3a329acd800f7297f9c9324c2f5ef4ae