refreshcreativity.com
Open in
urlscan Pro
50.87.9.26
Malicious Activity!
Public Scan
Submission: On January 17 via automatic, source openphish
Summary
This is the only time refreshcreativity.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 50.87.9.26 50.87.9.26 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
2 | 2.16.186.57 2.16.186.57 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2a00:1450:400... 2a00:1450:4001:815::2002 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 2a00:1450:400... 2a00:1450:4001:815::2004 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 2 | 141.8.225.89 141.8.225.89 | 40034 (CONFLUENC...) (CONFLUENCE-NETWORK-INC - Confluence Networks Inc) | |
2 | 208.91.196.4 208.91.196.4 | 40034 (CONFLUENC...) (CONFLUENCE-NETWORK-INC - Confluence Networks Inc) | |
17 | 5 |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 50-87-9-26.unifiedlayer.com
refreshcreativity.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-57.deploy.static.akamaitechnologies.com
cdn.dsultra.com |
ASN15169 (GOOGLE - Google LLC, US)
pagead2.googlesyndication.com |
ASN40034 (CONFLUENCE-NETWORK-INC - Confluence Networks Inc, VG)
dsregredir.com |
ASN40034 (CONFLUENCE-NETWORK-INC - Confluence Networks Inc, VG)
www.searchesinteractive.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
refreshcreativity.com
refreshcreativity.com |
77 KB |
2 |
searchesinteractive.com
www.searchesinteractive.com |
|
2 |
dsregredir.com
2 redirects
dsregredir.com |
552 B |
2 |
google.com
www.google.com |
2 KB |
2 |
googlesyndication.com
pagead2.googlesyndication.com |
3 KB |
2 |
dsultra.com
cdn.dsultra.com |
4 KB |
17 | 6 |
Domain | Requested by | |
---|---|---|
9 | refreshcreativity.com |
refreshcreativity.com
|
2 | www.searchesinteractive.com |
cdn.dsultra.com
|
2 | dsregredir.com | 2 redirects |
2 | www.google.com |
pagead2.googlesyndication.com
|
2 | pagead2.googlesyndication.com |
cdn.dsultra.com
|
2 | cdn.dsultra.com |
refreshcreativity.com
|
17 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.google.com Google Internet Authority G3 |
2018-12-19 - 2019-03-13 |
3 months | crt.sh |
This page contains 5 frames:
Primary Page:
http://refreshcreativity.com/includes/help/Old/4139503b90a7f18e7ede372a25b1c6b9/loginauth.php?country.x=&locale.x=&SEC.x=ID-PAc80ad85040c96f220db2eff04d7b85b4&home?$1$YkvsP.It$fuBuMUeFTZbVZIuF9mq6I.$1$YkvsP.It$fuBuMUeFTZbVZIuF9mq6I.$1$YkvsP.It$fuBuMUeFTZbVZIuF9mq6I.&Safety=xLtOgM6Y4b2nDJhXEVUBHk0WIl5qKsmRvTyC1zF7iNZPQ3uoGcwSfajA8edp9rN3Sz5YtXuhQpUVy6rOkxFWe7ERIGL9dcaCvj0qi8D142gHAmloPfZbsMBwKnJT77462650040&$1$YkvsP.It$fuBuMUeFTZbVZIuF9mq6I.
Frame ID: F17054B24CC5609214603C246E5E2A82
Requests: 7 HTTP requests in this frame
Frame:
http://refreshcreativity.com/includes/help/Old/4139503b90a7f18e7ede372a25b1c6b9/style/a.htm
Frame ID: 8F8507B867410EB19F154DE3B26F8953
Requests: 4 HTTP requests in this frame
Frame:
http://refreshcreativity.com/includes/help/Old/4139503b90a7f18e7ede372a25b1c6b9/style/i.htm
Frame ID: AD37DA695FC461B7E22A14664F40CDA4
Requests: 4 HTTP requests in this frame
Frame:
http://www.searchesinteractive.com/?dn=refreshcreativity.com&pid=9PO2GG478
Frame ID: A249B24419637904E038398DD2AEDF0D
Requests: 1 HTTP requests in this frame
Frame:
http://www.searchesinteractive.com/?dn=refreshcreativity.com&pid=9PO2GG478
Frame ID: F6D69DFCA29D62727ED9EA40437CD3D8
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- script /modernizr(?:-([\d.]*[\d]))?.*\.js/i
- env /^Modernizr$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 14- http://dsregredir.com/?domainname=refreshcreativity.com&drid=as-drid-2578124767373827&a_id=143209&session_token=undefined HTTP 302
- http://www.searchesinteractive.com/?dn=refreshcreativity.com&pid=9PO2GG478
- http://dsregredir.com/?domainname=refreshcreativity.com&drid=as-drid-2578124767373827&a_id=143209&session_token=undefined HTTP 302
- http://www.searchesinteractive.com/?dn=refreshcreativity.com&pid=9PO2GG478
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
loginauth.php
refreshcreativity.com/includes/help/Old/4139503b90a7f18e7ede372a25b1c6b9/ |
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app_ys.css
refreshcreativity.com/includes/help/Old/4139503b90a7f18e7ede372a25b1c6b9/YSASSETS/css/ |
41 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ys_rotate.css
refreshcreativity.com/includes/help/Old/4139503b90a7f18e7ede372a25b1c6b9/YSASSETS/css/ |
2 KB 838 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modernizr-2.js
refreshcreativity.com/includes/help/Old/4139503b90a7f18e7ede372a25b1c6b9/YSASSETS/js/ |
4 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ys_dowira_jquery.js
refreshcreativity.com/includes/help/Old/4139503b90a7f18e7ede372a25b1c6b9/YSASSETS/js/ |
94 KB 38 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ys_dowira_plugins.js
refreshcreativity.com/includes/help/Old/4139503b90a7f18e7ede372a25b1c6b9/YSASSETS/js/ |
55 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
a.htm
refreshcreativity.com/includes/help/Old/4139503b90a7f18e7ede372a25b1c6b9/style/ Frame 8F85 |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
YS_paypal-logo-129x32.svg
refreshcreativity.com/includes/help/Old/4139503b90a7f18e7ede372a25b1c6b9/YSASSETS/img/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
i.htm
refreshcreativity.com/includes/help/Old/4139503b90a7f18e7ede372a25b1c6b9/style/ Frame AD37 |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
registrar.js
cdn.dsultra.com/js/ Frame 8F85 |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
registrar.js
cdn.dsultra.com/js/ Frame AD37 |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
show_afd_ads.js
pagead2.googlesyndication.com/apps/domainpark/ Frame 8F85 |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
show_afd_ads.js
pagead2.googlesyndication.com/apps/domainpark/ Frame AD37 |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ads
www.google.com/dp/ Frame AD37 |
0 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ads
www.google.com/dp/ Frame 8F85 |
0 966 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.searchesinteractive.com/ Frame A249 Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.searchesinteractive.com/ Frame F6D6 Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| html5 object| Modernizr function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
refreshcreativity.com/ | Name: PHPSESSID Value: 2jajsk82sm684ppje6nnv8v1n7 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.dsultra.com
dsregredir.com
pagead2.googlesyndication.com
refreshcreativity.com
www.google.com
www.searchesinteractive.com
141.8.225.89
2.16.186.57
208.91.196.4
2a00:1450:4001:815::2002
2a00:1450:4001:815::2004
50.87.9.26
028f5d51a82cd752677d21413de55334103c1c95956f5c6dd293b290858da34e
055f392ecc066e80dfd57da53d329fa8a8e263133c569100ae5598dc56493b55
331458063fa1388e57d48f7bb1f9203f1280a669aede4ebca9a89908a106a5f3
5ca63f9d668f1d38e6a85f426704c402571f11b25e54cabc0814c9079e77fc4a
607530a98b7c468dd0734a70b6e1d3d1decf1d2e5f949cae492b98f43ee74949
a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
d491110d14c4d7182a0c9790d351b5c40cea642c4add3842bf8412687bd08f3d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8fbccfcac07bb996f74fd19e77f601372a374b3f756a2d8389e931271945c2a
f898b4a4eb0b93b097f91d05bbcdef7fac8b31a161082000f068e6de58032ee1