truncated - urlscan.io

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 6 HTTP transactions. The main IP is , located in and belongs to . The main domain is truncated.

This is the only time truncated was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AOL (Online)

Domain & IP information

	IP Address	AS Autonomous System
4	216.120.255.100 216.120.255.100	23535 (HOSTROCKET) (HOSTROCKET - HostRocket.com)
1	195.93.85.179 195.93.85.179	1668 (AOL-ATDN) (AOL-ATDN - AOL Transit Data Network)
1	195.93.85.131 195.93.85.131	1668 (AOL-ATDN) (AOL-ATDN - AOL Transit Data Network)
6	4

4 216.120.255.100 (Clifton Park, United States)

ASN23535 (HOSTROCKET - HostRocket.com, Inc., US)
PTR: zeus.hrwebservices.net

heberfamrd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.heberfamrd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.93.85.179 (Germany)

ASN1668 (AOL-ATDN - AOL Transit Data Network, US)
PTR: snsproxy-shared-frr.evip.aol.com

sns-static.aolcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.93.85.131 (Germany)

ASN1668 (AOL-ATDN - AOL Transit Data Network, US)
PTR: snsprod-cs-shared-frr.evip.aol.com

my.screenname.aol.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	heberfamrd.com heberfamrd.com www.heberfamrd.com	82 KB
1	aol.com my.screenname.aol.com	1 KB
1	aolcdn.com sns-static.aolcdn.com	1 KB
6	3

	Domain	Requested by
3	www.heberfamrd.com	text
1	my.screenname.aol.com
1	sns-static.aolcdn.com	text
1	heberfamrd.com
6	4

This site contains links to these domains. Also see Links.

Domain
account.login.aol.com

Subject Issuer	Validity	Valid
sns-static.aolcdn.com Entrust Certification Authority - L1K	`2016-03-30` - `2019-03-29`	3 years	crt.sh
my.screenname.aol.com Entrust Certification Authority - L1M	`2015-04-21` - `2017-04-21`	2 years	crt.sh

This page contains 1 frames:

Primary Page: data://truncated
Frame ID: 17124.1
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://heberfamrd.com/libraries/gantry/facets/_/ Page URL
data://truncated Page URL

Page Statistics

6
Requests

33 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

85 kB
Transfer

88 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://account.login.aol.com/opr/_cqr/opr/opr.psp?sitedomain=sns.webmail.aol.com&authLev=0&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3Ae6950bd7-9b05-4f98-b523-90567952c37d&lang=en&locale=us&offerId=newmail-en-us-v2&seamless=novl
Title: Forgot password?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://heberfamrd.com/libraries/gantry/facets/_/ Page URL
data://truncated Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response heberfamrd.com/libraries/gantry/facets/_/	8 KB 8 KB	461ms 242ms	Document text/html	216.120.255.100 HostRocket.com
General Check archive.org Show headers Download Go to Full URL http://heberfamrd.com/libraries/gantry/facets/_/ Protocol HTTP/1.1 Server 216.120.255.100 Clifton Park, United States, ASN23535 (HOSTROCKET - HostRocket.com, Inc., US), Reverse DNS zeus.hrwebservices.net Software Apache / PHP/5.3.29 Resource Hash `381df64b73e51cd217dc939eb3bd07c7bbe0990af472b9b1bed96d15b93a066d` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host heberfamrd.com Accept-Language en-US,en;q=0.8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Date Fri, 24 Mar 2017 19:41:40 GMT Server Apache Connection Keep-Alive X-Powered-By PHP/5.3.29 Content-Length 8359 Keep-Alive timeout=5, max=100 Content-Type text/html
GET DATA	200 OK	Primary Request truncated Show response /	3 KB 0		Document text/html
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c9ffb937f0144b045a86c568aef682b13e8fc93592df95c1ba98319c1f2bd48d` Request headers Upgrade-Insecure-Requests 1 Referer http://heberfamrd.com/libraries/gantry/facets/_/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Access-Control-Allow-Origin * Content-Type text/html;charset=US-ASCII
GET H/1.1	200 OK	stylel.css www.heberfamrd.com/modules/mod_banners/	4 KB 4 KB	359ms 162ms	Stylesheet text/css	216.120.255.100 HostRocket.com
General Check archive.org Show headers Download Go to Full URL http://www.heberfamrd.com/modules/mod_banners/stylel.css Requested by Host: text URL: data:text/html;truncated Protocol HTTP/1.1 Server 216.120.255.100 Clifton Park, United States, ASN23535 (HOSTROCKET - HostRocket.com, Inc., US), Reverse DNS zeus.hrwebservices.net Software Apache / Resource Hash `f3de54c9e720231673c0173344c13f1b100379fbbd7a12b7d418a55b89d71657` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host www.heberfamrd.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept text/css,/;q=0.1 Cache-Control no-cache Connection keep-alive User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Date Fri, 24 Mar 2017 19:41:41 GMT Last-Modified Thu, 02 Feb 2017 12:34:58 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3631
GET H/1.1	200 OK	logo1.gif www.heberfamrd.com/modules/mod_banners/	989 B 989 B	355ms 157ms	Image image/gif	216.120.255.100 HostRocket.com
General Check archive.org Show headers Download Go to Show image Full URL http://www.heberfamrd.com/modules/mod_banners/logo1.gif Requested by Host: text URL: data:text/html;truncated Protocol HTTP/1.1 Server 216.120.255.100 Clifton Park, United States, ASN23535 (HOSTROCKET - HostRocket.com, Inc., US), Reverse DNS zeus.hrwebservices.net Software Apache / Resource Hash `3641d275ec9df661aa0e75017d3129712e8e298d5613bbad1f1ed47276e6de21` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host www.heberfamrd.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept image/webp,image/,/;q=0.8 Cache-Control* no-cache Connection keep-alive User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Date Fri, 24 Mar 2017 19:41:41 GMT Last-Modified Thu, 02 Feb 2017 12:35:20 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 989
GET H/1.1	200 OK	bd.jpg www.heberfamrd.com/modules/mod_banners/	70 KB 70 KB	196ms 195ms	Image image/jpeg	216.120.255.100 HostRocket.com
General Check archive.org Show headers Download Go to Show image Full URL http://www.heberfamrd.com/modules/mod_banners/bd.jpg Requested by Host: text URL: data:text/html;truncated Protocol HTTP/1.1 Server 216.120.255.100 Clifton Park, United States, ASN23535 (HOSTROCKET - HostRocket.com, Inc., US), Reverse DNS zeus.hrwebservices.net Software Apache / Resource Hash `638d02aaea8b4c2343ebb10c0ac5bb58b18061242d513784bb293793c187fc81` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host www.heberfamrd.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://www.heberfamrd.com/modules/mod_banners/stylel.css Connection keep-alive Cache-Control no-cache Referer http://www.heberfamrd.com/modules/mod_banners/stylel.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Date Fri, 24 Mar 2017 19:41:41 GMT Last-Modified Thu, 02 Feb 2017 12:34:51 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 71393
GET H/1.1	200 OK	lp-ui-logo-header.svg sns-static.aolcdn.com/sns.v17r2/images/	1 KB 1 KB	154ms 95ms	Image image/svg+xml	195.93.85.179 AOL Transit Data ...
General Check archive.org Show headers Download Go to Show image Full URL https://sns-static.aolcdn.com/sns.v17r2/images/lp-ui-logo-header.svg Requested by Host: text URL: data:text/html;truncated Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 195.93.85.179 , Germany, ASN1668 (AOL-ATDN - AOL Transit Data Network, US), Reverse DNS snsproxy-shared-frr.evip.aol.com Software Auth_Server / Resource Hash `64cc82939599ae62a09db24a8daaa3c0dd6118fba01a94be9e6ab8c68e3b7352` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host sns-static.aolcdn.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://www.heberfamrd.com/modules/mod_banners/stylel.css Connection keep-alive Cache-Control no-cache Referer http://www.heberfamrd.com/modules/mod_banners/stylel.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Date Fri, 24 Mar 2017 19:41:41 GMT Server Auth_Server Content-Type image/svg+xml Access-Control-Allow-Origin * Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=995 Content-Length 1330
GET H/1.1	200 OK	favicon.ico my.screenname.aol.com/	1 KB 1 KB	179ms 8ms	Other image/x-icon	195.93.85.131 AOL Transit Data ...
General Check archive.org Show headers Download Go to Full URL https://my.screenname.aol.com/favicon.ico Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 195.93.85.131 , Germany, ASN1668 (AOL-ATDN - AOL Transit Data Network, US), Reverse DNS snsprod-cs-shared-frr.evip.aol.com Software Auth_Server / Resource Hash `f9397076ffffbe7fea8bf1a5b34be8bb73b6eee211c192246932b1852d05bd59` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch, br Host my.screenname.aol.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept image/webp,image/,/;q=0.8 Cache-Control* no-cache Connection keep-alive User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Date Fri, 24 Mar 2017 19:41:41 GMT Last-Modified Thu, 26 Jan 2017 18:45:08 GMT Server Auth_Server P3P CP="PHY ONL PRE STA CURi OUR IND" ETag "47e-54703bf915500" Content-Type image/x-icon Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=487 Content-Length 1150

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AOL (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

heberfamrd.com
my.screenname.aol.com
sns-static.aolcdn.com
www.heberfamrd.com
195.93.85.131
195.93.85.179
216.120.255.100
3641d275ec9df661aa0e75017d3129712e8e298d5613bbad1f1ed47276e6de21
381df64b73e51cd217dc939eb3bd07c7bbe0990af472b9b1bed96d15b93a066d
638d02aaea8b4c2343ebb10c0ac5bb58b18061242d513784bb293793c187fc81
64cc82939599ae62a09db24a8daaa3c0dd6118fba01a94be9e6ab8c68e3b7352
c9ffb937f0144b045a86c568aef682b13e8fc93592df95c1ba98319c1f2bd48d
f3de54c9e720231673c0173344c13f1b100379fbbd7a12b7d418a55b89d71657
f9397076ffffbe7fea8bf1a5b34be8bb73b6eee211c192246932b1852d05bd59

truncated Open in urlscan Pro Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

6 Requests

33 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

4 IPs

2 Countries

85 kBTransfer

88 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

truncated Open in urlscan Pro
Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

33 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

85 kB
Transfer

88 kB
Size

0
Cookies

6 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!