affectedplain.com
Open in
urlscan Pro
2606:4700:3036::6815:1437
Malicious Activity!
Public Scan
Effective URL: https://affectedplain.com/d-6v13g/?04e774fb7d89eb016629391588f2f8d5
Submission: On June 07 via manual from MX — Scanned from US
Summary
TLS certificate: Issued by E1 on May 8th 2023. Valid for: 3 months.
This is the only time affectedplain.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Customer Survey Spam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 52.219.93.202 52.219.93.202 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 172.82.84.172 172.82.84.172 | 398343 (BAXET-GROUP) (BAXET-GROUP) | |
1 1 | 2606:4700:303... 2606:4700:3037::ac43:8d4e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
17 | 2606:4700:303... 2606:4700:3036::6815:1437 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2607:f8b0:400... 2607:f8b0:4006:820::200a | 15169 (GOOGLE) (GOOGLE) | |
20 | 4 |
ASN16509 (AMAZON-02, US)
PTR: s3-r-w.us-east-2.amazonaws.com
aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
affectedplain.com
affectedplain.com |
164 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 422 |
33 KB |
1 |
foregoneblade.live
1 redirects
foregoneblade.live |
676 B |
1 |
romqust.com
romqust.com |
463 B |
1 |
amazonaws.com
aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com |
531 B |
20 | 5 |
Domain | Requested by | |
---|---|---|
17 | affectedplain.com |
romqust.com
affectedplain.com |
1 | ajax.googleapis.com |
affectedplain.com
|
1 | foregoneblade.live | 1 redirects |
1 | romqust.com |
aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com
|
1 | aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com | |
20 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3.us-east-2.amazonaws.com Amazon RSA 2048 M01 |
2023-04-11 - 2024-02-28 |
a year | crt.sh |
romqust.com R3 |
2023-04-11 - 2023-07-10 |
3 months | crt.sh |
affectedplain.com E1 |
2023-05-08 - 2023-08-06 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-05-19 - 2023-08-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://affectedplain.com/d-6v13g/?04e774fb7d89eb016629391588f2f8d5
Frame ID: 0FF71D96C0D5913E7F335DE33408CAEB
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
Ace Hardware-ShopperPage URL History Show full URLs
- https://aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com/sdfsvxclkvidfugyvdd.html Page URL
- https://romqust.com/0/0/0/533e93dba02ac2dfc83e6c64c03eceda Page URL
-
https://foregoneblade.live/d-6v13g/index_2.php?s1=351510&s2=999404456&s3=1949&s4=2084&ow=72&p=10-c-6v13g
HTTP 302
https://affectedplain.com/d-6v13g/?04e774fb7d89eb016629391588f2f8d5 Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com/sdfsvxclkvidfugyvdd.html Page URL
- https://romqust.com/0/0/0/533e93dba02ac2dfc83e6c64c03eceda Page URL
-
https://foregoneblade.live/d-6v13g/index_2.php?s1=351510&s2=999404456&s3=1949&s4=2084&ow=72&p=10-c-6v13g
HTTP 302
https://affectedplain.com/d-6v13g/?04e774fb7d89eb016629391588f2f8d5 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
sdfsvxclkvidfugyvdd.html
aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com/ |
137 B 531 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
533e93dba02ac2dfc83e6c64c03eceda
romqust.com/0/0/0/ |
167 B 463 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
affectedplain.com/d-6v13g/ Redirect Chain
|
41 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrapp.min.css
affectedplain.com/d-6v13g/assets/css/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main0010.css
affectedplain.com/d-6v13g/assets/css/ |
10 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
terms.css
affectedplain.com/d-6v13g/assets/css/ |
1 KB 729 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ipad.png
affectedplain.com/d-6v13g/assets/images/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
5.jpg
affectedplain.com/d-6v13g/assets/images/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3.jpg
affectedplain.com/d-6v13g/assets/images/ |
936 B 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4.jpg
affectedplain.com/d-6v13g/assets/images/ |
1005 B 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2.jpg
affectedplain.com/d-6v13g/assets/images/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1.jpg
affectedplain.com/d-6v13g/assets/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
download.png
affectedplain.com/d-6v13g/assets/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
x.png
affectedplain.com/d-6v13g/assets/images/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.2/ |
94 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
modal.js
affectedplain.com/d-6v13g/assets/js/ |
887 B 780 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
affectedplain.com/d-6v13g/assets/bootstrap/dist/js/ |
36 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
scripts-w23478e-ed5.js
affectedplain.com/d-6v13g/assets/js/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
css.css
affectedplain.com/d-6v13g/assets/css/ |
4 KB 943 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bg-ace.jpg
affectedplain.com/d-6v13g/assets/images/ |
79 KB 79 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Customer Survey Spam (Consumer)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless object| onbeforetoggle object| onscrollend function| socle function| $ function| jQuery object| jQuery111204002038294355956 function| findGetParameter function| buildOfferHtml function| getRandomInt function| processQuestion number| offer_tick undefined| zz object| wall_json object| $questionsForm object| $activeQuestion object| $nextQuestion3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
romqust.com/ | Name: uid1949 Value: 999404456-20230607143850-51cd74691425c8c2de45052cead6d772-2687 |
|
foregoneblade.live/ | Name: PHPSESSID Value: c18c42fdf55b077f635ae4efd9231ad0 |
|
affectedplain.com/ | Name: PHPSESSID Value: 4a578bb28d95ae229bb5a03508346412 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
affectedplain.com
ajax.googleapis.com
aquanoslesbiuntrescinq.s3.us-east-2.amazonaws.com
foregoneblade.live
romqust.com
172.82.84.172
2606:4700:3036::6815:1437
2606:4700:3037::ac43:8d4e
2607:f8b0:4006:820::200a
52.219.93.202
05bd6e53460437d7c0d887dac8c8a6dcdc1c7d0066d7c5ce551c1dbf760577d1
1a6ee36ce8e2826b76fd7632195831e3710b8c3bd2002af22dbb3f0b85b64f16
2ac98de861aae4984b0d4a2eaaf03525b8a230f6645598d7951ad970eb35193a
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
30ab151bbfbf9da9daa1bcdbf284f19d567f41301015a66084a7571eaae2fa9a
35b735bedf07d6b66c0a9b4b82b307c9cce8b70b61b3661f2dfe87d7c1fc814c
7c94b3e9800d457f6d9f64d3a25c360a749c49e855c3a1f74aed1d77e86948c0
7e87b95d23998a3fcf71b26abdea393644e5fceaee4cb2c796aaee90a3bbfe61
856a3e25e403c4f577c63b78a2ee734deedeb7b77fdb25a600b2a5dded64f722
94a101733b064ea75abcc50f0c0f5b8be69890186b9f96a3e9cb956a2d6845a2
957fa9d8e22009502c40c12d830e48a28de8cfdcec5926bfb27830ef3b460611
bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120
d43c47d081ccec81e0af4c139eb7ad18c06fd84cd5aafe96fbcb55bd4e29efb5
d7532d53e07de8cd28c1a4d98e284df714255ec21c86d6756fe9261ec30691cf
e2fa9b237d4224b50a1c2ed2f0c729795f0dec8597aba7ac1084ba0826c42686
e4475cabe931a1f71deea2db0509054d4261af226673c9450f0085b82d6d123f
eeeb96b92d5aeda83b7b00508324d18dedf839671918eed90f9ff83d85c196d4
fa36256a9e62971035994e35f7679b2efe818cf6d8cb0ca847825560f7f07f7e