ameyengrs.com
Open in
urlscan Pro
198.154.227.80
Malicious Activity!
Public Scan
Submission: On March 22 via api from CA
Summary
This is the only time ameyengrs.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Adobe (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 198.154.227.80 198.154.227.80 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
6 | 104.238.110.68 104.238.110.68 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
1 | 181.224.157.105 181.224.157.105 | 36351 (SOFTLAYER) (SOFTLAYER - SoftLayer Technologies Inc.) | |
10 | 4 |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 198-154-227-80.unifiedlayer.com
ameyengrs.com |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-104-238-110-68.ip.secureserver.net
xloveback.com |
ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: ip-181-224-157-105.siteground.com
metrometalworks.com.au |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
xloveback.com
xloveback.com Failed |
156 KB |
2 |
ameyengrs.com
ameyengrs.com |
557 B |
1 |
metrometalworks.com.au
metrometalworks.com.au |
51 KB |
10 | 3 |
Domain | Requested by | |
---|---|---|
6 | xloveback.com |
xloveback.com
|
2 | ameyengrs.com | |
1 | metrometalworks.com.au | |
10 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
xloveback.com cPanel, Inc. Certification Authority |
2017-02-25 - 2017-05-26 |
3 months | crt.sh |
www.metrometalworks.com.au Let's Encrypt Authority X3 |
2017-03-15 - 2017-06-13 |
3 months | crt.sh |
This page contains 2 frames:
Frame:
https://xloveback.com/Adobe/Sign%20in%20-%20Adobe%20File.htm
Frame ID: 3322.1
Requests: 3 HTTP requests in this frame
Frame:
https://xloveback.com/Adobe/Sign%20in%20-%20Adobe%20File.htm
Frame ID: 3342.1
Requests: 8 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request 9- https://www.metrometalworks.com.au/a/adobe/Sign%20in%20-%20Adobe%20File_files/images.png
- https://metrometalworks.com.au/a/adobe/Sign%20in%20-%20Adobe%20File_files/images.png
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
securedpdfdoc.php
ameyengrs.com/ |
106 B 112 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Sign%20in%20-%20Adobe%20File.htm
xloveback.com/Adobe/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
ameyengrs.com/ |
445 B 445 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Sign%20in%20-%20Adobe%20File.htm
xloveback.com/Adobe/ Frame 3342 |
6 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gen_validatorv4.js
xloveback.com/Adobe/Sign%20in%20-%20Adobe%20File_files/ Frame 3342 |
31 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
adb.css
xloveback.com/Adobe/Sign%20in%20-%20Adobe%20File_files/ Frame 3342 |
86 KB 86 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ath5djs.js
xloveback.com/Adobe/Sign%20in%20-%20Adobe%20File_files/ Frame 3342 |
23 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d.htm
xloveback.com/Adobe/Sign%20in%20-%20Adobe%20File_files/ Frame 3342 |
2 KB 2 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-adobe-pdf.jpg
xloveback.com/Adobe/Sign%20in%20-%20Adobe%20File_files/ Frame 3342 |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 3342 |
11 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
images.png
metrometalworks.com.au/a/adobe/Sign%20in%20-%20Adobe%20File_files/ Frame 3342 Redirect Chain
|
51 KB 51 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- xloveback.com
- URL
- https://xloveback.com/Adobe/Sign%20in%20-%20Adobe%20File.htm
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Adobe (Consumer)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ameyengrs.com
metrometalworks.com.au
xloveback.com
xloveback.com
104.238.110.68
181.224.157.105
198.154.227.80
0f592b90785367f15f66f1c3cd343683c966e7a42c95c9e985d46187f9dbca35
0f7ca77a8ac88efd0254763ffd1e11bb301f729c71988b7abb7f2e32d58126dc
1d49a37615722fadc339ad346c7ee44976498b93d3575e866ee478dfe20d34f4
2b36374e3d2368cdb9a2f20a82d69c3b0e98bbab175d4cc6f26a61fd5ea370ed
4393fab38759185449916c42b851e8645ca439a0ce10b008a9289dfcf869b5a3
668916340e80385c95076075a3e8924d44b5d873f0082aeb546ddfd3e654c168
897cb1ce972440b4c48c71e957bc11d9bf383cbf8e7c4826c5abeff83d53f51b
8ba72ac7e1740504bb358abe9a97600be21226a811411b47fb8e72ea5076dd1c
ba301c5ae0d795e133519ac0d2891d8f9cf3820c487e029dbfef86cf61a0c5d2
e7b5ed83fcf9bac2aefaaa7b959f01e8e6841a4d7f8a09dd0ac0d327bc5e5c1a