urlscan.io logo urlscan.io
SecurityTrails logo

towertheme.com Open in urlscan Pro
107.180.4.213  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.krazykids.in/uu
Effective URL: https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d320...
Submission Tags: phishing malicious Search All
Submission: On June 09 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 8 HTTP transactions. The main IP is 107.180.4.213, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is towertheme.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on June 8th 2020. Valid for: 2 years.
This is the only time towertheme.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
1 2 194.59.164.52 47583 (AS-HOSTINGER)
1 6 107.180.4.213 26496 (AS-26496-...)
1 2a00:1450:400... 15169 (GOOGLE)
1 69.89.31.230 46606 (UNIFIEDLA...)
8 4
Apex Domain
Subdomains		 Transfer
6 towertheme.com
towertheme.com
15 KB
2 krazykids.in
www.krazykids.in
464 B
1 smallenvelop.com
smallenvelop.com
1 googleapis.com
ajax.googleapis.com
29 KB
8 4
Domain Requested by
6 towertheme.com 1 redirects towertheme.com
2 www.krazykids.in 1 redirects
1 smallenvelop.com towertheme.com
1 ajax.googleapis.com towertheme.com
8 4

This site contains no links.

Subject Issuer Validity Valid
krazykids.in
Let's Encrypt Authority X3		 2020-04-17 -
2020-07-16		 3 months crt.sh
towertheme.com
Go Daddy Secure Certificate Authority - G2		 2020-06-08 -
2022-06-08		 2 years crt.sh
upload.video.google.com
GTS CA 1O1		 2020-05-26 -
2020-08-18		 3 months crt.sh
smallenvelop.com
Let's Encrypt Authority X3		 2020-04-24 -
2020-07-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73
Frame ID: 92801FC0029CAA6396BEDCCC355DFAB2
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www.krazykids.in/uu HTTP 301
    https://www.krazykids.in/uu/ Page URL
  2. https://towertheme.com/store/index.php HTTP 302
    https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a9... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

8
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

45 kB
Transfer

100 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.krazykids.in/uu HTTP 301
    https://www.krazykids.in/uu/ Page URL
  2. https://towertheme.com/store/index.php HTTP 302
    https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://www.krazykids.in/uu HTTP 301
  • https://www.krazykids.in/uu/

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www.krazykids.in/uu/
Redirect Chain
  • https://www.krazykids.in/uu
  • https://www.krazykids.in/uu/
141 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.krazykids.in/uu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
194.59.164.52 , Singapore, ASN47583 (AS-HOSTINGER, LT),
Reverse DNS
Software
LiteSpeed / PHP/7.0.33
Resource Hash
44cf23393e4d1422077689ae965b69cc05d6e6bfa14f6986727dda0f06eb6508

Request headers

:method
GET
:authority
www.krazykids.in
:scheme
https
:path
/uu/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
x-powered-by
PHP/7.0.33
content-type
text/html; charset=UTF-8
content-length
145
content-encoding
br
vary
Accept-Encoding
date
Tue, 09 Jun 2020 01:04:08 GMT
server
LiteSpeed

Redirect headers

status
301
content-type
text/html
content-length
706
date
Tue, 09 Jun 2020 01:04:08 GMT
server
LiteSpeed
location
https://www.krazykids.in/uu/
alt-svc
quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
Primary Request login.php
towertheme.com/store/
Redirect Chain
  • https://towertheme.com/store/index.php
  • https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73
3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.180.4.213 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-107-180-4-213.ip.secureserver.net
Software
Apache / PHP/7.3.17
Resource Hash
5494138eea46fa8250b78c689e7b3dff1669feb31d98a55dac6b8bf614fa8dc4

Request headers

:method
GET
:authority
towertheme.com
:scheme
https
:path
/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://www.krazykids.in/uu/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.krazykids.in/uu/

Response headers

status
200
date
Tue, 09 Jun 2020 01:04:09 GMT
server
Apache
x-powered-by
PHP/7.3.17
vary
Accept-Encoding,User-Agent
content-encoding
gzip
content-length
1295
content-type
text/html; charset=UTF-8

Redirect headers

status
302
date
Tue, 09 Jun 2020 01:04:09 GMT
server
Apache
x-powered-by
PHP/7.3.17
location
login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73
vary
User-Agent
content-length
0
content-type
text/html; charset=UTF-8
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 		84 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: towertheme.com
URL: https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 18 May 2020 23:22:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1820488
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 18 May 2021 23:22:41 GMT
d1.png
towertheme.com/store/images/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://towertheme.com/store/images/d1.png
Requested by
Host: towertheme.com
URL: https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.180.4.213 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-107-180-4-213.ip.secureserver.net
Software
Apache /
Resource Hash
c8f9f70c7db53f34a107fd4fd2eb09f1083f26b9428dc8cf50dc4eec449d45da

Request headers

Referer
https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 09 Jun 2020 01:04:09 GMT
last-modified
Wed, 14 Nov 2018 05:44:10 GMT
server
Apache
etag
"29409f9-2af1-57a996c5a5e80"
content-type
image/png
status
200
accept-ranges
bytes
content-length
10993
d2.png
towertheme.com/store/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://towertheme.com/store/images/d2.png
Requested by
Host: towertheme.com
URL: https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.180.4.213 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-107-180-4-213.ip.secureserver.net
Software
Apache /
Resource Hash
1271eadc692db3f13cd86986fa975c973a3dcac697b546b5ac99e9982b7e26bd

Request headers

Referer
https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 09 Jun 2020 01:04:09 GMT
last-modified
Wed, 14 Nov 2018 03:35:32 GMT
server
Apache
etag
"29409fa-44a-57a97a0530900"
content-type
image/png
status
200
accept-ranges
bytes
content-length
1098
d3.png
towertheme.com/store/images/ 		830 B
908 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://towertheme.com/store/images/d3.png
Requested by
Host: towertheme.com
URL: https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.180.4.213 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-107-180-4-213.ip.secureserver.net
Software
Apache /
Resource Hash
4faa6ff29d282b602f04f8c990554ef81237ae22fd19900e8f57b0839a8e5d13

Request headers

Referer
https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 09 Jun 2020 01:04:09 GMT
last-modified
Wed, 14 Nov 2018 03:35:58 GMT
server
Apache
etag
"29409fb-33e-57a97a1dfc380"
content-type
image/png
status
200
accept-ranges
bytes
content-length
830
dp.png
towertheme.com/store/images/ 		703 B
779 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://towertheme.com/store/images/dp.png
Requested by
Host: towertheme.com
URL: https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.180.4.213 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-107-180-4-213.ip.secureserver.net
Software
Apache /
Resource Hash
7c5a2bf7d3aa4ee5bf88d59425f2ac2087cfefd70f55ac299b399df3ed5330af

Request headers

Referer
https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 09 Jun 2020 01:04:09 GMT
last-modified
Wed, 14 Nov 2018 03:36:16 GMT
server
Apache
etag
"2940a01-2bf-57a97a2f26c00"
content-type
image/png
status
200
accept-ranges
bytes
content-length
703
Preloader_11.gif
smallenvelop.com/wp-content/uploads/2014/08/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://smallenvelop.com/wp-content/uploads/2014/08/Preloader_11.gif
Requested by
Host: towertheme.com
URL: https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.89.31.230 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
box430.bluehost.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://towertheme.com/store/login.php?cmd=login_submit&id=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73&session=3d6060a94aa1dafd04f6e565d3204f733d6060a94aa1dafd04f6e565d3204f73
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery

0 Cookies