doraidservices.com Open in urlscan Pro
192.185.188.169  Malicious Activity! Public Scan

URL: https://doraidservices.com/inddeex/indeexxx.php
Submission: On October 15 via automatic, source openphish

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 9 HTTP transactions. The main IP is 192.185.188.169, located in Houston, United States and belongs to UNIFIEDLAYER-AS-1 - Unified Layer, US. The main domain is doraidservices.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 22nd 2019. Valid for: 3 months.
This is the only time doraidservices.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
5 192.185.188.169 46606 (UNIFIEDLA...)
4 2a02:4780:dea... 204915 (AWEX)
9 2
Domain Requested by
5 doraidservices.com doraidservices.com
4 checkmark-aboutuss.000webhostapp.com doraidservices.com
9 2

This site contains no links.

Subject Issuer Validity Valid
doraidservices.com
Let's Encrypt Authority X3
2019-08-22 -
2019-11-20
3 months crt.sh
*.000webhostapp.com
RapidSSL RSA CA 2018
2019-06-11 -
2021-07-10
2 years crt.sh

This page contains 1 frames:

Primary Page: https://doraidservices.com/inddeex/indeexxx.php
Frame ID: FDF025DAA6AA83CFDFA823A83ABBE268
Requests: 9 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • meta pjax-timeout /(?:)/i

Overall confidence: 100%
Detected patterns
  • meta pjax-timeout /(?:)/i

Page Statistics

9
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

348 kB
Transfer

516 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request indeexxx.php
doraidservices.com/inddeex/
11 KB
4 KB
Document
General
Full URL
https://doraidservices.com/inddeex/indeexxx.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.185.188.169 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
192-185-188-169.unifiedlayer.com
Software
Apache /
Resource Hash
acf5f971011252fe26a78a5a1b1ac8efea6750ab5542674cd366289117eda197

Request headers

:method
GET
:authority
doraidservices.com
:scheme
https
:path
/inddeex/indeexxx.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
date
Tue, 15 Oct 2019 00:14:43 GMT
server
Apache
vary
Accept-Encoding
content-encoding
gzip
content-length
4087
content-type
text/html
frameworks-081940cf9af751b35bb9fd062060601a.css
checkmark-aboutuss.000webhostapp.com/indeex_files/
142 KB
30 KB
Stylesheet
General
Full URL
https://checkmark-aboutuss.000webhostapp.com/indeex_files/frameworks-081940cf9af751b35bb9fd062060601a.css
Requested by
Host: doraidservices.com
URL: https://doraidservices.com/inddeex/indeexxx.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:4780:dead:2925::1 , United States, ASN204915 (AWEX, US),
Reverse DNS
Software
awex /
Resource Hash
83855c7691e9ab2259ef56401f248cc812cd2c91fe6984f0672f7c29cf1217fa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://doraidservices.com/inddeex/indeexxx.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 15 Oct 2019 00:14:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 08:06:32 GMT
server
awex
content-type
text/css
status
200
x-xss-protection
1; mode=block
x-request-id
3c6f4655e1c6372bd4615da8f1767134
site-c24aa206cdd4fb0b962ca6e303f5faca.css
checkmark-aboutuss.000webhostapp.com/indeex_files/
64 KB
14 KB
Stylesheet
General
Full URL
https://checkmark-aboutuss.000webhostapp.com/indeex_files/site-c24aa206cdd4fb0b962ca6e303f5faca.css
Requested by
Host: doraidservices.com
URL: https://doraidservices.com/inddeex/indeexxx.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:4780:dead:2925::1 , United States, ASN204915 (AWEX, US),
Reverse DNS
Software
awex /
Resource Hash
08716b750e0d1b007b33b9ad9c68382afe860c74ab34194faed83f4350d2b075
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://doraidservices.com/inddeex/indeexxx.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 15 Oct 2019 00:14:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 08:06:36 GMT
server
awex
content-type
text/css
status
200
x-xss-protection
1; mode=block
x-request-id
42d1a3697d05320295cc4403028c4915
github-53c205f17323fe7f97683276a4dae741.css
doraidservices.com/inddeex/indeex_files/
0
0
Stylesheet
General
Full URL
https://doraidservices.com/inddeex/indeex_files/github-53c205f17323fe7f97683276a4dae741.css
Requested by
Host: doraidservices.com
URL: https://doraidservices.com/inddeex/indeexxx.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.185.188.169 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
192-185-188-169.unifiedlayer.com
Software
Apache /
Resource Hash

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://doraidservices.com/inddeex/indeexxx.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 15 Oct 2019 00:14:43 GMT
content-encoding
gzip
last-modified
Tue, 23 Apr 2019 06:42:56 GMT
server
Apache
vary
Accept-Encoding
content-type
text/html
status
404
accept-ranges
bytes
content-length
4677
681659.png
checkmark-aboutuss.000webhostapp.com/indeex_files/
490 B
701 B
Image
General
Full URL
https://checkmark-aboutuss.000webhostapp.com/indeex_files/681659.png
Requested by
Host: doraidservices.com
URL: https://doraidservices.com/inddeex/indeexxx.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:4780:dead:2925::1 , United States, ASN204915 (AWEX, US),
Reverse DNS
Software
awex /
Resource Hash
de73643264bb3af2bb45ef47982b12471ec2eb8c1b6bab0bce8a8e937ed96f49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://doraidservices.com/inddeex/indeexxx.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 15 Oct 2019 00:14:43 GMT
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 08:06:26 GMT
server
awex
content-type
image/png
status
200
accept-ranges
bytes
content-length
490
x-xss-protection
1; mode=block
x-request-id
1a561bdf51d0ad7f9d1880502e4c2053
a
doraidservices.com/inddeex/indeex_files/
0
0
Script
General
Full URL
https://doraidservices.com/inddeex/indeex_files/a
Requested by
Host: doraidservices.com
URL: https://doraidservices.com/inddeex/indeexxx.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.185.188.169 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
192-185-188-169.unifiedlayer.com
Software
Apache /
Resource Hash

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://doraidservices.com/inddeex/indeexxx.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 15 Oct 2019 00:14:43 GMT
content-encoding
gzip
last-modified
Tue, 23 Apr 2019 06:42:56 GMT
server
Apache
vary
Accept-Encoding
content-type
text/html
status
404
accept-ranges
bytes
content-length
4677
a
doraidservices.com/inddeex/indeex_files/
0
0
Script
General
Full URL
https://doraidservices.com/inddeex/indeex_files/a
Requested by
Host: doraidservices.com
URL: https://doraidservices.com/inddeex/indeexxx.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.185.188.169 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
192-185-188-169.unifiedlayer.com
Software
Apache /
Resource Hash

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://doraidservices.com/inddeex/indeexxx.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 15 Oct 2019 00:14:44 GMT
content-encoding
gzip
last-modified
Tue, 23 Apr 2019 06:42:56 GMT
server
Apache
vary
Accept-Encoding
content-type
text/html
status
404
accept-ranges
bytes
content-length
4677
a.jpg
checkmark-aboutuss.000webhostapp.com/indeex_files/
298 KB
299 KB
Image
General
Full URL
https://checkmark-aboutuss.000webhostapp.com/indeex_files/a.jpg
Requested by
Host: doraidservices.com
URL: https://doraidservices.com/inddeex/indeexxx.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:4780:dead:2925::1 , United States, ASN204915 (AWEX, US),
Reverse DNS
Software
awex /
Resource Hash
1edcd05875cef83d4716b936a6aaa4ee53867d48442398b40761c052de222473
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://doraidservices.com/inddeex/indeexxx.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 15 Oct 2019 00:14:44 GMT
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 08:06:30 GMT
server
awex
content-type
image/jpeg
status
200
accept-ranges
bytes
content-length
305495
x-xss-protection
1; mode=block
x-request-id
c89f1276e98b19e1125c36224eb20963
a
doraidservices.com/inddeex/indeex_files/
0
0
Script
General
Full URL
https://doraidservices.com/inddeex/indeex_files/a
Requested by
Host: doraidservices.com
URL: https://doraidservices.com/inddeex/indeexxx.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.185.188.169 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
192-185-188-169.unifiedlayer.com
Software
Apache /
Resource Hash

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://doraidservices.com/inddeex/indeexxx.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 15 Oct 2019 00:14:44 GMT
content-encoding
gzip
last-modified
Tue, 23 Apr 2019 06:42:56 GMT
server
Apache
vary
Accept-Encoding
content-type
text/html
status
404
accept-ranges
bytes
content-length
4677

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies