towertheme.com
Open in
urlscan Pro
107.180.4.213
Malicious Activity!
Public Scan
Effective URL: https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d320...
Submission Tags: phishing malicious Search All
Submission: On June 09 via api from US
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on June 8th 2020. Valid for: 2 years.
This is the only time towertheme.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 194.59.164.52 194.59.164.52 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
1 6 | 107.180.4.213 107.180.4.213 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:81b::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 69.89.31.230 69.89.31.230 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
8 | 4 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-107-180-4-213.ip.secureserver.net
towertheme.com |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box430.bluehost.com
smallenvelop.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
towertheme.com
1 redirects
towertheme.com |
15 KB |
2 |
krazykids.in
1 redirects
www.krazykids.in |
464 B |
1 |
smallenvelop.com
smallenvelop.com |
|
1 |
googleapis.com
ajax.googleapis.com |
29 KB |
8 | 4 |
Domain | Requested by | |
---|---|---|
6 | towertheme.com |
1 redirects
towertheme.com
|
2 | www.krazykids.in | 1 redirects |
1 | smallenvelop.com |
towertheme.com
|
1 | ajax.googleapis.com |
towertheme.com
|
8 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
krazykids.in Let's Encrypt Authority X3 |
2020-04-17 - 2020-07-16 |
3 months | crt.sh |
towertheme.com Go Daddy Secure Certificate Authority - G2 |
2020-06-08 - 2022-06-08 |
2 years | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-05-26 - 2020-08-18 |
3 months | crt.sh |
smallenvelop.com Let's Encrypt Authority X3 |
2020-04-24 - 2020-07-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73
Frame ID: 92801FC0029CAA6396BEDCCC355DFAB2
Requests: 8 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://www.krazykids.in/uu
HTTP 301
https://www.krazykids.in/uu/ Page URL
-
https://towertheme.com/store/index.php
HTTP 302
https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a9... Page URL
Detected technologies
LiteSpeed (Web Servers) ExpandDetected patterns
- headers server /^LiteSpeed$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.krazykids.in/uu
HTTP 301
https://www.krazykids.in/uu/ Page URL
-
https://towertheme.com/store/index.php
HTTP 302
https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://www.krazykids.in/uu HTTP 301
- https://www.krazykids.in/uu/
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
www.krazykids.in/uu/ Redirect Chain
|
141 B 237 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
login.php
towertheme.com/store/ Redirect Chain
|
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d1.png
towertheme.com/store/images/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d2.png
towertheme.com/store/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d3.png
towertheme.com/store/images/ |
830 B 908 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dp.png
towertheme.com/store/images/ |
703 B 779 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Preloader_11.gif
smallenvelop.com/wp-content/uploads/2014/08/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
smallenvelop.com
towertheme.com
www.krazykids.in
107.180.4.213
194.59.164.52
2a00:1450:4001:81b::200a
69.89.31.230
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1271eadc692db3f13cd86986fa975c973a3dcac697b546b5ac99e9982b7e26bd
44cf23393e4d1422077689ae965b69cc05d6e6bfa14f6986727dda0f06eb6508
4faa6ff29d282b602f04f8c990554ef81237ae22fd19900e8f57b0839a8e5d13
5494138eea46fa8250b78c689e7b3dff1669feb31d98a55dac6b8bf614fa8dc4
7c5a2bf7d3aa4ee5bf88d59425f2ac2087cfefd70f55ac299b399df3ed5330af
c8f9f70c7db53f34a107fd4fd2eb09f1083f26b9428dc8cf50dc4eec449d45da
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855