victoriadunford.com
Open in
urlscan Pro
192.185.37.231
Malicious Activity!
Public Scan
Submitted URL: https://phishtank.com/view_phish_redirect.php?phish_id=6481212
Effective URL: https://victoriadunford.com/ee.co.ssl/login9dc526564edf
Submission: On April 09 via manual from GB
Effective URL: https://victoriadunford.com/ee.co.ssl/login9dc526564edf
Submission: On April 09 via manual from GB
Summary
This website contacted 3 IPs
in 3 countries
across 5 domains to perform 19 HTTP transactions.
The main IP is 192.185.37.231, located in
Houston, United States and
belongs to UNIFIEDLAYER-AS-1, US.
The main domain is victoriadunford.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 2nd 2020. Valid for: 3 months.
This is the only time victoriadunford.com was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on April 2nd 2020. Valid for: 3 months.
This is the only time victoriadunford.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: EE (Telecommunication)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 2606:4700::68... 2606:4700::6811:b155 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 1 | 203.170.129.18 203.170.129.18 | 9891 (CSLOX-IDC...) (CSLOX-IDC-AS-AP CS LOXINFO Public Company Limited.) | |
| 12 | 192.185.37.231 192.185.37.231 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:824::200a | 15169 (GOOGLE) (GOOGLE) | |
| 19 | 3 |
1
203.170.129.18
(Thailand)
ASN9891 (CSLOX-IDC-AS-AP CS LOXINFO Public Company Limited., TH)
PTR: thsv18.hostatom.com
ASN9891 (CSLOX-IDC-AS-AP CS LOXINFO Public Company Limited., TH)
PTR: thsv18.hostatom.com
| firstfertility.co.th |
12
192.185.37.231
(Houston, United States)
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-37-231.unifiedlayer.com
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-37-231.unifiedlayer.com
| victoriadunford.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 12 |
victoriadunford.com
victoriadunford.com |
352 KB |
| 1 |
googleapis.com
ajax.googleapis.com |
30 KB |
| 1 |
firstfertility.co.th
1 redirects
firstfertility.co.th |
285 B |
| 1 |
phishtank.com
1 redirects
phishtank.com |
585 B |
| 0 |
Failed
function sub() { [native code] }. Failed |
|
| 19 | 5 |
| Domain | Requested by | |
|---|---|---|
| 12 | victoriadunford.com |
victoriadunford.com
|
| 1 | ajax.googleapis.com |
victoriadunford.com
|
| 1 | firstfertility.co.th | 1 redirects |
| 1 | phishtank.com | 1 redirects |
| 0 | scrapbook Failed |
victoriadunford.com
|
| 19 | 5 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| yourhomeaccount.orange.co.uk |
| accessories.ee.co.uk |
| community.ee.co.uk |
| newsroom.ee.co.uk |
| recycle.ee.co.uk |
| jobs.ee.co.uk |
| twitter.com |
| www.facebook.com |
| www.youtube.com |
| www.linkedin.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| victoriadunford.com Let's Encrypt Authority X3 |
2020-04-02 - 2020-07-01 |
3 months | crt.sh |
| upload.video.google.com GTS CA 1O1 |
2020-03-24 - 2020-06-16 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://victoriadunford.com/ee.co.ssl/login9dc526564edf
Frame ID: EFBBA336208E711F894AD91860D0CC8B
Requests: 19 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://phishtank.com/view_phish_redirect.php?phish_id=6481212
HTTP 302
https://firstfertility.co.th/visitus/ HTTP 302
https://victoriadunford.com/ee.co.ssl/login9dc526564edf Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- url /\.php(?:$|\?)/i
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
13 Outgoing links
These are links going to different origins than the main page.
URL: https://yourhomeaccount.orange.co.uk/
Title: My EE Broadband
Title: My EE Broadband
Search URL Search Domain Scan URL
URL: https://yourhomeaccount.orange.co.uk/b2cselfcare/b2c/your-bills
Title: Bills
Title: Bills
Search URL Search Domain Scan URL
URL: https://yourhomeaccount.orange.co.uk/b2cselfcare/b2c/makepayment
Title: Payments
Title: Payments
Search URL Search Domain Scan URL
URL: https://yourhomeaccount.orange.co.uk/b2cselfcare/b2c/viewaccountdetails
Title: Manage account
Title: Manage account
Search URL Search Domain Scan URL
URL: https://accessories.ee.co.uk/
Title: Accessories
Title: Accessories
Search URL Search Domain Scan URL
URL: https://community.ee.co.uk/
Title: EE Community
Title: EE Community
Search URL Search Domain Scan URL
URL: https://newsroom.ee.co.uk/
Title: Newsroom
Title: Newsroom
Search URL Search Domain Scan URL
URL: https://recycle.ee.co.uk/
Title: Trade In
Title: Trade In
Search URL Search Domain Scan URL
URL: https://jobs.ee.co.uk/
Title: Careers
Title: Careers
Search URL Search Domain Scan URL
URL: https://twitter.com/EE
Title: EE on Twitter
Title: EE on Twitter
Search URL Search Domain Scan URL
URL: http://www.facebook.com/ee
Title: EE on Facebook
Title: EE on Facebook
Search URL Search Domain Scan URL
URL: http://www.youtube.com/ee
Title: EE on YouTube
Title: EE on YouTube
Search URL Search Domain Scan URL
URL: http://www.linkedin.com/company/ee-uk
Title: EE on LinkedIn
Title: EE on LinkedIn
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://phishtank.com/view_phish_redirect.php?phish_id=6481212
HTTP 302
https://firstfertility.co.th/visitus/ HTTP 302
https://victoriadunford.com/ee.co.ssl/login9dc526564edf Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
login9dc526564edf
victoriadunford.com/ee.co.ssl/ Redirect Chain
|
150 KB 28 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
font-awesome.min.css
victoriadunford.com/ee.co.ssl/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.1e1767e.min.css
victoriadunford.com/ee.co.ssl/ |
169 KB 46 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login.1e1767e.min.css
victoriadunford.com/ee.co.ssl/ |
150 KB 28 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clientlibs_myee.min.css
victoriadunford.com/ee.co.ssl/ |
182 KB 42 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clientlibs_meganav.min.css
victoriadunford.com/ee.co.ssl/ |
72 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
spin.gif
victoriadunford.com/ee.co.ssl/ |
11 KB 11 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
28.gif
victoriadunford.com/ee.co.ssl/ |
43 KB 43 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
rubrik_regular.woff
scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
form-error.png
victoriadunford.com/ee.co.ssl/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ee-icons.woff
victoriadunford.com/ee.co.ssl/ |
47 KB 48 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
rubrik_semibold.woff
scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
nobblee_light.woff
victoriadunford.com/ee.co.ssl/ |
32 KB 32 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
nobblee_regular.woff
victoriadunford.com/ee.co.ssl/ |
47 KB 48 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
rubrik_light.woff
scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
fontsrubrik_regular.ttf
scrapbook:download:error:https://ee.uk.bill701.com/account/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
rubrik_semibold.ttf
scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
rubrik_light.ttf
scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- scrapbook
- URL
- urn:scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/rubrik_regular.woff
- Domain
- scrapbook
- URL
- urn:scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/rubrik_semibold.woff
- Domain
- scrapbook
- URL
- urn:scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/rubrik_light.woff
- Domain
- scrapbook
- URL
- urn:scrapbook:download:error:https://ee.uk.bill701.com/account/fontsrubrik_regular.ttf
- Domain
- scrapbook
- URL
- urn:scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/rubrik_semibold.ttf
- Domain
- scrapbook
- URL
- urn:scrapbook:download:error:https://ee.uk.bill701.com/fonts/core/rubrik_light.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: EE (Telecommunication)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery object| a function| b function| j function| k function| m string| n function| o0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
firstfertility.co.th
phishtank.com
scrapbook
victoriadunford.com
scrapbook
192.185.37.231
203.170.129.18
2606:4700::6811:b155
2a00:1450:4001:824::200a
0103c260b2bef6646967cc2f502793cba050f15e4f51c5ebb1acf66243042f7a
0330e4f88f34dbcd74406ddc78d8800d21f72da50113b870d9fb7ca76c0a1e17
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
38d71efaddb28ca95081c6251060b2a8b3e52918e9973c18d0bdb5b8d6ae8004
59a88d64e191e0adfd848a14cd3be24ac3dbbc4c2d888bb20c6e768d7ae59514
59b889ed38cf85192f0911e4b5f492fc21319e1daa3350c27db90b33aa01483f
8d191ce84f73c45404d4064d7ecd95b774cd19dc011082cec404f93b791dd81c
95e7c3f67f71662cbc0eecc434cf763d56e39efa455089c895ac633ac63a894f
a2b35cb11e44fb935099d43e70a5a61c3e4af9769b48c3ff27778c359052ab78
a68db4b2f9124c363603ae9b19631468c8c0b006b5ae1223d2772b26874c776e
da4cc80a79084aaf4e6edd60228913b0244dec63332d25b36c076632619b19ed
dc75908d189d63652a5b6dae39cab3ab35e743bf422eb557bc74ab4b06eb1c1b