jtg3tb.teejaysllc.com Open in urlscan Pro
144.91.97.152 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://4mli8.tehran-mdfcabinet.ir/_::FYJ67uDTc8kAhkqjPaln0zHvi_ref_Mjkucy5hbWlhcnVzYS5jb20vXzI5LyAyOSNZVzV1WVM1aWVYSnVaVUJ0WlhKcGR...
Effective URL:
http://jtg3tb.teejaysllc.com/SJp7HQGjbQ8WlJzu22zfRQGUd7pUmj284YqckU5xbOhHajI4Fr0omFblm7TvBt9KecsFZfmSpSVmBUfApqQmup2mV5ryt2FM...
Submission: On June 05 via manual (June 5th 2022, 7:40:47 am UTC) from US — Scanned from FI

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 12 HTTP transactions. The main IP is 144.91.97.152, located in Nuremberg, Germany and belongs to CONTABO, DE. The main domain is jtg3tb.teejaysllc.com.

This is the only time jtg3tb.teejaysllc.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

	IP Address	AS Autonomous System
3	95.216.33.194 95.216.33.194	24940 (HETZNER-AS) (HETZNER-AS)
5	20.68.124.158 20.68.124.158	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	144.91.97.152 144.91.97.152	51167 (CONTABO) (CONTABO)
12	4

3 95.216.33.194 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.194.33.216.95.clients.your-server.de

4mli8.tehran-mdfcabinet.ir	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 20.68.124.158 (Cardiff, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

29.s.amiarusa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mcgiurewood.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 144.91.97.152 (Nuremberg, Germany)

ASN51167 (CONTABO, DE)
PTR: vp3001.cloudhostingpk.com

jtg3tb.teejaysllc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	teejaysllc.com jtg3tb.teejaysllc.com Failed	31 KB
3	amiarusa.com 29.s.amiarusa.com	21 KB
3	tehran-mdfcabinet.ir 4mli8.tehran-mdfcabinet.ir	13 KB
2	mcgiurewood.com mcgiurewood.com	2 KB
12	4

	Domain	Requested by
3	jtg3tb.teejaysllc.com	29.s.amiarusa.com jtg3tb.teejaysllc.com
3	29.s.amiarusa.com	4mli8.tehran-mdfcabinet.ir 29.s.amiarusa.com
3	4mli8.tehran-mdfcabinet.ir	4mli8.tehran-mdfcabinet.ir
2	mcgiurewood.com	jtg3tb.teejaysllc.com
12	4

This site contains no links.

Subject Issuer	Validity	Valid
mcgiurewood.com cPanel, Inc. Certification Authority	`2022-05-27` - `2022-08-25`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://jtg3tb.teejaysllc.com/SJp7HQGjbQ8WlJzu22zfRQGUd7pUmj284YqckU5xbOhHajI4Fr0omFblm7TvBt9KecsFZfmSpSVmBUfApqQmup2mV5ryt2FMpfPu/0f9AtIEu8zC6kxN7JsnjCgSzrmoXHH10934QfqsHrMHGlPGQa9hnB3RP4EJgBOUbdV2SKOHU9wOtZ3Bd4dbSg0ENeO0TcbglupOr/@*&%5E-wPyQUtVPqlbdsjrg5zQUtRQKRGkygoN8AFALHpeEnLklNCM1N9mk0OWOq2WmgR25wLBucxPTPc6S0bEcimBFSTm9ojomMdmolIsN/?alt=media&token=eceadc54-a951-44b8-ae51-18aaf8c8e92f&mvSuW7YkDwYJkcO2SSPc9aQ6rGvNw90hJo8UjBXw6UCGx5vUUn=8YAZxoksUpqX3HCJ3kmG&email=anna.byrne@meritor.com&jkLsTdLjdTg0eDFToq4RKJkdxnv9aEZQuB90Tp0YGYDrUwbULbQ0JPZN7lAyELhsKzshL2dBm9QLxAnMj0z9Pwk0YIeapI4tiuWG
Frame ID: 51CF78ECA8D9EDCD338B7F233F8543B5
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign In

Page URL History Show full URLs

http://4mli8.tehran-mdfcabinet.ir/_::FYJ67uDTc8kAhkqjPaln0zHvi_ref_Mjkucy5hbWlhcnVzYS5jb20vXzI5LyAyOSNZVzV1WVM... Page URL
http://29.s.amiarusa.com/_29/%2029 Page URL
http://jtg3tb.teejaysllc.com/SJp7HQGjbQ8WlJzu22zfRQGUd7pUmj284YqckU5xbOhHajI4Fr0omFblm7TvBt9KecsFZfmSpSVm... Page URL

Page Statistics

12
Requests

17 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

66 kB
Transfer

171 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://4mli8.tehran-mdfcabinet.ir/_::FYJ67uDTc8kAhkqjPaln0zHvi_ref_Mjkucy5hbWlhcnVzYS5jb20vXzI5LyAyOSNZVzV1WVM1aWVYSnVaVUJ0WlhKcGRHOXlMbU52YlE9PQ== Page URL
http://29.s.amiarusa.com/_29/%2029 Page URL
http://jtg3tb.teejaysllc.com/SJp7HQGjbQ8WlJzu22zfRQGUd7pUmj284YqckU5xbOhHajI4Fr0omFblm7TvBt9KecsFZfmSpSVmBUfApqQmup2mV5ryt2FMpfPu/0f9AtIEu8zC6kxN7JsnjCgSzrmoXHH10934QfqsHrMHGlPGQa9hnB3RP4EJgBOUbdV2SKOHU9wOtZ3Bd4dbSg0ENeO0TcbglupOr/@*&%5E-wPyQUtVPqlbdsjrg5zQUtRQKRGkygoN8AFALHpeEnLklNCM1N9mk0OWOq2WmgR25wLBucxPTPc6S0bEcimBFSTm9ojomMdmolIsN/?alt=media&token=eceadc54-a951-44b8-ae51-18aaf8c8e92f&mvSuW7YkDwYJkcO2SSPc9aQ6rGvNw90hJo8UjBXw6UCGx5vUUn=8YAZxoksUpqX3HCJ3kmG&email=anna.byrne@meritor.com&jkLsTdLjdTg0eDFToq4RKJkdxnv9aEZQuB90Tp0YGYDrUwbULbQ0JPZN7lAyELhsKzshL2dBm9QLxAnMj0z9Pwk0YIeapI4tiuWG Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	404 Not Found	_::FYJ67uDTc8kAhkqjPaln0zHvi_ref_Mjkucy5hbWlhcnVzYS5jb20vXzI5LyAyOSNZVzV1WVM1aWVYSnVaVUJ0WlhKcGRHOXlMbU52YlE9PQ== 4mli8.tehran-mdfcabinet.ir/	13 KB 6 KB	228ms 43ms	Document text/html	95.216.33.194 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://4mli8.tehran-mdfcabinet.ir/_::FYJ67uDTc8kAhkqjPaln0zHvi_ref_Mjkucy5hbWlhcnVzYS5jb20vXzI5LyAyOSNZVzV1WVM1aWVYSnVaVUJ0WlhKcGRHOXlMbU52YlE9PQ== Protocol HTTP/1.1 Server 95.216.33.194 Helsinki, Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS static.194.33.216.95.clients.your-server.de Software / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers Connection Keep-Alive Content-Encoding gzip Content-Type text/html Date Sun, 05 Jun 2022 07:40:37 GMT Transfer-Encoding chunked Vary Accept-Encoding
GET H/1.1	200 OK	server_misconfigured.png 4mli8.tehran-mdfcabinet.ir/img-sys/	3 KB 3 KB	43ms 42ms	Image image/png	95.216.33.194 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://4mli8.tehran-mdfcabinet.ir/img-sys/server_misconfigured.png Requested by Host: 4mli8.tehran-mdfcabinet.ir URL: http://4mli8.tehran-mdfcabinet.ir/_::FYJ67uDTc8kAhkqjPaln0zHvi_ref_Mjkucy5hbWlhcnVzYS5jb20vXzI5LyAyOSNZVzV1WVM1aWVYSnVaVUJ0WlhKcGRHOXlMbU52YlE9PQ== Protocol HTTP/1.1 Server 95.216.33.194 Helsinki, Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS static.194.33.216.95.clients.your-server.de Software / Resource Hash Request headers accept-language fi-FI,fi;q=0.9 Referer http://4mli8.tehran-mdfcabinet.ir/_::FYJ67uDTc8kAhkqjPaln0zHvi_ref_Mjkucy5hbWlhcnVzYS5jb20vXzI5LyAyOSNZVzV1WVM1aWVYSnVaVUJ0WlhKcGRHOXlMbU52YlE9PQ== User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Sun, 05 Jun 2022 07:40:38 GMT Last-Modified Wed, 29 May 2019 19:21:47 GMT Content-Type image/png Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 3164 Expires Sun, 12 Jun 2022 07:40:38 GMT
GET H/1.1	200 OK	powered_by_cpanel.svg 4mli8.tehran-mdfcabinet.ir/img-sys/	5 KB 3 KB	84ms 42ms	Image image/svg+xml	95.216.33.194 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://4mli8.tehran-mdfcabinet.ir/img-sys/powered_by_cpanel.svg Requested by Host: 4mli8.tehran-mdfcabinet.ir URL: http://4mli8.tehran-mdfcabinet.ir/_::FYJ67uDTc8kAhkqjPaln0zHvi_ref_Mjkucy5hbWlhcnVzYS5jb20vXzI5LyAyOSNZVzV1WVM1aWVYSnVaVUJ0WlhKcGRHOXlMbU52YlE9PQ== Protocol HTTP/1.1 Server 95.216.33.194 Helsinki, Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS static.194.33.216.95.clients.your-server.de Software / Resource Hash Request headers accept-language fi-FI,fi;q=0.9 Referer http://4mli8.tehran-mdfcabinet.ir/_::FYJ67uDTc8kAhkqjPaln0zHvi_ref_Mjkucy5hbWlhcnVzYS5jb20vXzI5LyAyOSNZVzV1WVM1aWVYSnVaVUJ0WlhKcGRHOXlMbU52YlE9PQ== User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Sun, 05 Jun 2022 07:40:38 GMT Content-Encoding gzip Last-Modified Wed, 29 May 2019 19:21:47 GMT Vary Accept-Encoding Content-Type image/svg+xml Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 2550 Expires Sun, 12 Jun 2022 07:40:38 GMT
GET H/1.1	404 Not Found	%2029 29.s.amiarusa.com/_29/	12 KB 12 KB	192ms 78ms	Document text/html	20.68.124.158 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL http://29.s.amiarusa.com/_29/%2029 Requested by Host: 4mli8.tehran-mdfcabinet.ir URL: http://4mli8.tehran-mdfcabinet.ir/_::FYJ67uDTc8kAhkqjPaln0zHvi_ref_Mjkucy5hbWlhcnVzYS5jb20vXzI5LyAyOSNZVzV1WVM1aWVYSnVaVUJ0WlhKcGRHOXlMbU52YlE9PQ== Protocol HTTP/1.1 Server 20.68.124.158 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Apache / Resource Hash Request headers Referer http://4mli8.tehran-mdfcabinet.ir/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Type text/html Date Sun, 05 Jun 2022 07:40:38 GMT Keep-Alive timeout=5, max=100 Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	server_misconfigured.png 29.s.amiarusa.com/img-sys/	3 KB 3 KB	78ms 77ms	Image image/png	20.68.124.158 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL http://29.s.amiarusa.com/img-sys/server_misconfigured.png Requested by Host: 29.s.amiarusa.com URL: http://29.s.amiarusa.com/_29/%2029 Protocol HTTP/1.1 Server 20.68.124.158 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Apache / Resource Hash Request headers accept-language fi-FI,fi;q=0.9 Referer http://29.s.amiarusa.com/_29/%2029 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Sun, 05 Jun 2022 07:40:38 GMT Last-Modified Tue, 24 May 2022 20:24:29 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 3164
GET H/1.1	200 OK	powered_by_cpanel.svg 29.s.amiarusa.com/img-sys/	5 KB 6 KB	155ms 77ms	Image image/svg+xml	20.68.124.158 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL http://29.s.amiarusa.com/img-sys/powered_by_cpanel.svg Requested by Host: 29.s.amiarusa.com URL: http://29.s.amiarusa.com/_29/%2029 Protocol HTTP/1.1 Server 20.68.124.158 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Apache / Resource Hash Request headers accept-language fi-FI,fi;q=0.9 Referer http://29.s.amiarusa.com/_29/%2029 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Sun, 05 Jun 2022 07:40:38 GMT Last-Modified Tue, 24 May 2022 20:24:29 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 5617
GET		/ jtg3tb.teejaysllc.com/SJp7HQGjbQ8WlJzu22zfRQGUd7pUmj284YqckU5xbOhHajI4Fr0omFblm7TvBt9KecsFZfmSpSVmBUfApqQmup2mV5ryt2FMpfPu/0f9AtIEu8zC6kxN7JsnjCgSzrmoXHH10934QfqsHrMHGlPGQa9hnB3RP4EJgBOUbdV2SKOHU9w...	0 0

GET H/1.1	404 Not Found	Primary Request / Show response jtg3tb.teejaysllc.com/SJp7HQGjbQ8WlJzu22zfRQGUd7pUmj284YqckU5xbOhHajI4Fr0omFblm7TvBt9KecsFZfmSpSVmBUfApqQmup2mV5ryt2FMpfPu/0f9AtIEu8zC6kxN7JsnjCgSzrmoXHH10934QfqsHrMHGlPGQa9hnB3RP4EJgBOUbdV2SKOHU9w...	6 KB 2 KB	399ms 103ms	Document text/html	144.91.97.152 CONTABO
General Check archive.org Show headers Download Go to Full URL http://jtg3tb.teejaysllc.com/SJp7HQGjbQ8WlJzu22zfRQGUd7pUmj284YqckU5xbOhHajI4Fr0omFblm7TvBt9KecsFZfmSpSVmBUfApqQmup2mV5ryt2FMpfPu/0f9AtIEu8zC6kxN7JsnjCgSzrmoXHH10934QfqsHrMHGlPGQa9hnB3RP4EJgBOUbdV2SKOHU9wOtZ3Bd4dbSg0ENeO0TcbglupOr/@&%5E-wPyQUtVPqlbdsjrg5zQUtRQKRGkygoN8AFALHpeEnLklNCM1N9mk0OWOq2WmgR25wLBucxPTPc6S0bEcimBFSTm9ojomMdmolIsN/?alt=media&token=eceadc54-a951-44b8-ae51-18aaf8c8e92f&mvSuW7YkDwYJkcO2SSPc9aQ6rGvNw90hJo8UjBXw6UCGx5vUUn=8YAZxoksUpqX3HCJ3kmG&email=anna.byrne@meritor.com&jkLsTdLjdTg0eDFToq4RKJkdxnv9aEZQuB90Tp0YGYDrUwbULbQ0JPZN7lAyELhsKzshL2dBm9QLxAnMj0z9Pwk0YIeapI4tiuWG Requested by* Host: 29.s.amiarusa.com URL: http://29.s.amiarusa.com/_29/%2029 Protocol HTTP/1.1 Server 144.91.97.152 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vp3001.cloudhostingpk.com Software LiteSpeed / Resource Hash `21d8ce5a48b0ec1199a7991c203840522a4b524e2dc179689fef66654878860c` Request headers Referer http://29.s.amiarusa.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers Connection Keep-Alive Keep-Alive timeout=5, max=100 content-encoding gzip content-type text/html date Wed, 22 Sep 2021 02:03:11 GMT server LiteSpeed transfer-encoding chunked vary Accept-Encoding
GET H/1.1	200 OK	style.js Show response jtg3tb.teejaysllc.com/	34 KB 8 KB	95ms 94ms	Script application/javascript	144.91.97.152 CONTABO
General Check archive.org Show headers Download Go to Full URL http://jtg3tb.teejaysllc.com/style.js Requested by Host: jtg3tb.teejaysllc.com URL: http://jtg3tb.teejaysllc.com/SJp7HQGjbQ8WlJzu22zfRQGUd7pUmj284YqckU5xbOhHajI4Fr0omFblm7TvBt9KecsFZfmSpSVmBUfApqQmup2mV5ryt2FMpfPu/0f9AtIEu8zC6kxN7JsnjCgSzrmoXHH10934QfqsHrMHGlPGQa9hnB3RP4EJgBOUbdV2SKOHU9wOtZ3Bd4dbSg0ENeO0TcbglupOr/@&%5E-wPyQUtVPqlbdsjrg5zQUtRQKRGkygoN8AFALHpeEnLklNCM1N9mk0OWOq2WmgR25wLBucxPTPc6S0bEcimBFSTm9ojomMdmolIsN/?alt=media&token=eceadc54-a951-44b8-ae51-18aaf8c8e92f&mvSuW7YkDwYJkcO2SSPc9aQ6rGvNw90hJo8UjBXw6UCGx5vUUn=8YAZxoksUpqX3HCJ3kmG&email=anna.byrne@meritor.com&jkLsTdLjdTg0eDFToq4RKJkdxnv9aEZQuB90Tp0YGYDrUwbULbQ0JPZN7lAyELhsKzshL2dBm9QLxAnMj0z9Pwk0YIeapI4tiuWG Protocol* HTTP/1.1 Server 144.91.97.152 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vp3001.cloudhostingpk.com Software LiteSpeed / Resource Hash `e8cef48fcbdd0509ff9564412b1e4fb08759aa73ebf2e13e800fd7acf54efa2e` Request headers accept-language fi-FI,fi;q=0.9 Referer http://jtg3tb.teejaysllc.com/SJp7HQGjbQ8WlJzu22zfRQGUd7pUmj284YqckU5xbOhHajI4Fr0omFblm7TvBt9KecsFZfmSpSVmBUfApqQmup2mV5ryt2FMpfPu/0f9AtIEu8zC6kxN7JsnjCgSzrmoXHH10934QfqsHrMHGlPGQa9hnB3RP4EJgBOUbdV2SKOHU9wOtZ3Bd4dbSg0ENeO0TcbglupOr/@&%5E-wPyQUtVPqlbdsjrg5zQUtRQKRGkygoN8AFALHpeEnLklNCM1N9mk0OWOq2WmgR25wLBucxPTPc6S0bEcimBFSTm9ojomMdmolIsN/?alt=media&token=eceadc54-a951-44b8-ae51-18aaf8c8e92f&mvSuW7YkDwYJkcO2SSPc9aQ6rGvNw90hJo8UjBXw6UCGx5vUUn=8YAZxoksUpqX3HCJ3kmG&email=anna.byrne@meritor.com&jkLsTdLjdTg0eDFToq4RKJkdxnv9aEZQuB90Tp0YGYDrUwbULbQ0JPZN7lAyELhsKzshL2dBm9QLxAnMj0z9Pwk0YIeapI4tiuWG User-Agent* Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Wed, 22 Sep 2021 02:03:11 GMT content-encoding gzip last-modified Mon, 30 May 2022 21:59:00 GMT server LiteSpeed vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 7836 expires Wed, 29 Sep 2021 02:03:11 GMT
GET H/1.1	200 OK	style.css jtg3tb.teejaysllc.com/	60 KB 20 KB	93ms 92ms	Stylesheet text/css	144.91.97.152 CONTABO
General Check archive.org Show headers Download Go to Full URL http://jtg3tb.teejaysllc.com/style.css Requested by Host: jtg3tb.teejaysllc.com URL: http://jtg3tb.teejaysllc.com/SJp7HQGjbQ8WlJzu22zfRQGUd7pUmj284YqckU5xbOhHajI4Fr0omFblm7TvBt9KecsFZfmSpSVmBUfApqQmup2mV5ryt2FMpfPu/0f9AtIEu8zC6kxN7JsnjCgSzrmoXHH10934QfqsHrMHGlPGQa9hnB3RP4EJgBOUbdV2SKOHU9wOtZ3Bd4dbSg0ENeO0TcbglupOr/@&%5E-wPyQUtVPqlbdsjrg5zQUtRQKRGkygoN8AFALHpeEnLklNCM1N9mk0OWOq2WmgR25wLBucxPTPc6S0bEcimBFSTm9ojomMdmolIsN/?alt=media&token=eceadc54-a951-44b8-ae51-18aaf8c8e92f&mvSuW7YkDwYJkcO2SSPc9aQ6rGvNw90hJo8UjBXw6UCGx5vUUn=8YAZxoksUpqX3HCJ3kmG&email=anna.byrne@meritor.com&jkLsTdLjdTg0eDFToq4RKJkdxnv9aEZQuB90Tp0YGYDrUwbULbQ0JPZN7lAyELhsKzshL2dBm9QLxAnMj0z9Pwk0YIeapI4tiuWG Protocol* HTTP/1.1 Server 144.91.97.152 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vp3001.cloudhostingpk.com Software LiteSpeed / Resource Hash `d821b8c489cce8225e2426092268ea570c115869213cf654eae559a828a2b8aa` Request headers accept-language fi-FI,fi;q=0.9 Referer http://jtg3tb.teejaysllc.com/SJp7HQGjbQ8WlJzu22zfRQGUd7pUmj284YqckU5xbOhHajI4Fr0omFblm7TvBt9KecsFZfmSpSVmBUfApqQmup2mV5ryt2FMpfPu/0f9AtIEu8zC6kxN7JsnjCgSzrmoXHH10934QfqsHrMHGlPGQa9hnB3RP4EJgBOUbdV2SKOHU9wOtZ3Bd4dbSg0ENeO0TcbglupOr/@&%5E-wPyQUtVPqlbdsjrg5zQUtRQKRGkygoN8AFALHpeEnLklNCM1N9mk0OWOq2WmgR25wLBucxPTPc6S0bEcimBFSTm9ojomMdmolIsN/?alt=media&token=eceadc54-a951-44b8-ae51-18aaf8c8e92f&mvSuW7YkDwYJkcO2SSPc9aQ6rGvNw90hJo8UjBXw6UCGx5vUUn=8YAZxoksUpqX3HCJ3kmG&email=anna.byrne@meritor.com&jkLsTdLjdTg0eDFToq4RKJkdxnv9aEZQuB90Tp0YGYDrUwbULbQ0JPZN7lAyELhsKzshL2dBm9QLxAnMj0z9Pwk0YIeapI4tiuWG User-Agent* Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Wed, 22 Sep 2021 02:03:11 GMT content-encoding gzip last-modified Mon, 30 May 2022 05:01:01 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 20484 expires Wed, 29 Sep 2021 02:03:11 GMT
POST H/1.1	200 OK	send.php Show response mcgiurewood.com/all/	465 B 705 B	465ms 298ms	XHR text/html	20.68.124.158 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://mcgiurewood.com/all/send.php Requested by Host: jtg3tb.teejaysllc.com URL: http://jtg3tb.teejaysllc.com/style.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 20.68.124.158 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Apache / Resource Hash `e66d8f1437eaead687a5714763f5baa36c9955f8e3e02a7f344368b3f49b4e44` Request headers Referer http://jtg3tb.teejaysllc.com/ accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers Access-Control-Allow-Origin * Date Sun, 05 Jun 2022 07:40:39 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=100 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
POST H/1.1	200 OK	send.php Show response mcgiurewood.com/all/	732 B 972 B	822ms 656ms	XHR text/html	20.68.124.158 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://mcgiurewood.com/all/send.php Requested by Host: jtg3tb.teejaysllc.com URL: http://jtg3tb.teejaysllc.com/style.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 20.68.124.158 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Apache / Resource Hash `65fec8da9c06924fa137bfbaf270b02dfc9d22cb8bab8889150490f0bd9835c9` Request headers Referer http://jtg3tb.teejaysllc.com/ accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers Access-Control-Allow-Origin * Date Sun, 05 Jun 2022 07:40:39 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=100 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET DATA	200 OK	truncated /	28 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8b4defd065d7ff9fbe6c45e74f2ada9660724d3c80db586bf3adb82dd0c37f36` Request headers accept-language fi-FI,fi;q=0.9 Referer http://jtg3tb.teejaysllc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Content-Type image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: jtg3tb.teejaysllc.com
URL: http://jtg3tb.teejaysllc.com/SJp7HQGjbQ8WlJzu22zfRQGUd7pUmj284YqckU5xbOhHajI4Fr0omFblm7TvBt9KecsFZfmSpSVmBUfApqQmup2mV5ryt2FMpfPu/0f9AtIEu8zC6kxN7JsnjCgSzrmoXHH10934QfqsHrMHGlPGQa9hnB3RP4EJgBOUbdV2SKOHU9wOtZ3Bd4dbSg0ENeO0TcbglupOr/@*&%5E-wPyQUtVPqlbdsjrg5zQUtRQKRGkygoN8AFALHpeEnLklNCM1N9mk0OWOq2WmgR25wLBucxPTPc6S0bEcimBFSTm9ojomMdmolIsN/?alt=media&token=eceadc54-a951-44b8-ae51-18aaf8c8e92f&mvSuW7YkDwYJkcO2SSPc9aQ6rGvNw90hJo8UjBXw6UCGx5vUUn=8YAZxoksUpqX3HCJ3kmG&email=anna.byrne@meritor.com&jkLsTdLjdTg0eDFToq4RKJkdxnv9aEZQuB90Tp0YGYDrUwbULbQ0JPZN7lAyELhsKzshL2dBm9QLxAnMj0z9Pwk0YIeapI4tiuWG

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://4mli8.tehran-mdfcabinet.ir/_::FYJ67uDTc8kAhkqjPaln0zHvi_ref_Mjkucy5hbWlhcnVzYS5jb20vXzI5LyAyOSNZVzV1WVM1aWVYSnVaVUJ0WlhKcGRHOXlMbU52YlE9PQ== Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://29.s.amiarusa.com/_29/%2029#YW5uYS5ieXJuZUBtZXJpdG9yLmNvbQ== Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://jtg3tb.teejaysllc.com/SJp7HQGjbQ8WlJzu22zfRQGUd7pUmj284YqckU5xbOhHajI4Fr0omFblm7TvBt9KecsFZfmSpSVmBUfApqQmup2mV5ryt2FMpfPu/0f9AtIEu8zC6kxN7JsnjCgSzrmoXHH10934QfqsHrMHGlPGQa9hnB3RP4EJgBOUbdV2SKOHU9wOtZ3Bd4dbSg0ENeO0TcbglupOr/@&%5E-wPyQUtVPqlbdsjrg5zQUtRQKRGkygoN8AFALHpeEnLklNCM1N9mk0OWOq2WmgR25wLBucxPTPc6S0bEcimBFSTm9ojomMdmolIsN/?alt=media&token=eceadc54-a951-44b8-ae51-18aaf8c8e92f&mvSuW7YkDwYJkcO2SSPc9aQ6rGvNw90hJo8UjBXw6UCGx5vUUn=8YAZxoksUpqX3HCJ3kmG&email=anna.byrne@meritor.com&jkLsTdLjdTg0eDFToq4RKJkdxnv9aEZQuB90Tp0YGYDrUwbULbQ0JPZN7lAyELhsKzshL2dBm9QLxAnMj0z9Pwk0YIeapI4tiuWG#anna.byrne@meritor.com Message*: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

29.s.amiarusa.com
4mli8.tehran-mdfcabinet.ir
jtg3tb.teejaysllc.com
mcgiurewood.com
jtg3tb.teejaysllc.com
144.91.97.152
20.68.124.158
95.216.33.194
21d8ce5a48b0ec1199a7991c203840522a4b524e2dc179689fef66654878860c
65fec8da9c06924fa137bfbaf270b02dfc9d22cb8bab8889150490f0bd9835c9
8b4defd065d7ff9fbe6c45e74f2ada9660724d3c80db586bf3adb82dd0c37f36
d821b8c489cce8225e2426092268ea570c115869213cf654eae559a828a2b8aa
e66d8f1437eaead687a5714763f5baa36c9955f8e3e02a7f344368b3f49b4e44
e8cef48fcbdd0509ff9564412b1e4fb08759aa73ebf2e13e800fd7acf54efa2e

jtg3tb.teejaysllc.com Open in urlscan Pro 144.91.97.152 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

12 Requests

17 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

66 kBTransfer

171 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

28 JavaScript Global Variables

0 Cookies

3 Console Messages

Indicators

jtg3tb.teejaysllc.com Open in urlscan Pro
144.91.97.152 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

17 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

66 kB
Transfer

171 kB
Size

0
Cookies

12 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!