ligfrog.myftp.org
Open in
urlscan Pro
34.72.155.204
Malicious Activity!
Public Scan
Submission: On November 28 via automatic, source openphish
Summary
This is the only time ligfrog.myftp.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Excel / PDF download (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 34.72.155.204 34.72.155.204 | 15169 (GOOGLE) (GOOGLE) | |
3 | 1 |
ASN15169 (GOOGLE, US)
PTR: 204.155.72.34.bc.googleusercontent.com
ligfrog.myftp.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
myftp.org
ligfrog.myftp.org |
485 KB |
3 | 1 |
Domain | Requested by | |
---|---|---|
3 | ligfrog.myftp.org |
ligfrog.myftp.org
|
3 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://ligfrog.myftp.org/blondie/grasp/formation/?email=tes@example.org
Frame ID: FC13AD0EFBE569B279D68FEBD2A88186
Requests: 3 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
ligfrog.myftp.org/blondie/grasp/formation/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
excel-intro.png
ligfrog.myftp.org/blondie/grasp/formation/files/ |
45 KB 45 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.png
ligfrog.myftp.org/blondie/grasp/formation/files/ |
438 KB 439 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Excel / PDF download (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ligfrog.myftp.org
34.72.155.204
422c97d221bffc3da04455f1db0b4e651d132d28a5e50c561ef8c2cd081f62f7
556651bcec25ecdc6819957908ff1f796ae5aeccffd8d96c404aae5c1b14b84a
ad4b4431cad484272a9b7aa20416be09e2d09cbbd22c066e3d9198b3282d2270