wazql.trusteddeals.net
Open in
urlscan Pro
3.248.111.124
Malicious Activity!
Public Scan
Effective URL: https://wazql.trusteddeals.net/c/1f0a2cb367c37dee?s1=13875&j1=1&j3=1&s2=25713&click_id=rctdn5d8011da6a801702871307
Submission: On September 16 via api from DE
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on September 12th 2019. Valid for: 3 months.
This is the only time wazql.trusteddeals.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 185.117.88.130 185.117.88.130 | 42708 (PORTLANE ...) (PORTLANE www.portlane.com) | |
1 1 | 67.202.94.86 67.202.94.86 | 32748 (STEADFAST) (STEADFAST - Steadfast) | |
1 | 185.225.208.133 185.225.208.133 | 13213 (UK2NET-AS) (UK2NET-AS) | |
1 1 | 109.169.53.180 109.169.53.180 | 20860 (IOMART-AS) (IOMART-AS) | |
1 2 | 3.248.111.124 3.248.111.124 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
22 | 2.16.186.99 2.16.186.99 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:2a | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
1 | 2a00:1450:400... 2a00:1450:4001:814::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
29 | 7 |
ASN42708 (PORTLANE www.portlane.com, SE)
PTR: shared8.yourbestnetwork.net
testiphone.org |
ASN32748 (STEADFAST - Steadfast, US)
PTR: amung.us
whos.amung.us |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-248-111-124.eu-west-1.compute.amazonaws.com
gbvoz.freeprize.org | |
wazql.trusteddeals.net |
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-99.deploy.static.akamaitechnologies.com
cdn-aimi.akamaized.net |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
maxcdn.bootstrapcdn.com |
ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
akamaized.net
cdn-aimi.akamaized.net |
135 KB |
2 |
amung.us
1 redirects
whos.amung.us widgets.amung.us |
2 KB |
2 |
testiphone.org
testiphone.org |
1 KB |
1 |
googleapis.com
ajax.googleapis.com |
29 KB |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
7 KB |
1 |
trusteddeals.net
wazql.trusteddeals.net |
5 KB |
1 |
freeprize.org
1 redirects
gbvoz.freeprize.org |
920 B |
1 |
mobogate.com
1 redirects
trk.mobogate.com |
428 B |
29 | 8 |
Domain | Requested by | |
---|---|---|
22 | cdn-aimi.akamaized.net |
wazql.trusteddeals.net
|
2 | testiphone.org |
testiphone.org
|
1 | ajax.googleapis.com |
wazql.trusteddeals.net
|
1 | maxcdn.bootstrapcdn.com |
wazql.trusteddeals.net
|
1 | wazql.trusteddeals.net | |
1 | gbvoz.freeprize.org | 1 redirects |
1 | trk.mobogate.com | 1 redirects |
1 | widgets.amung.us |
testiphone.org
|
1 | whos.amung.us | 1 redirects |
29 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh | |
*.trusteddeals.net Let's Encrypt Authority X3 |
2019-09-12 - 2019-12-11 |
3 months | crt.sh |
a248.e.akamai.net DigiCert ECC Secure Server CA |
2018-10-18 - 2019-10-18 |
a year | crt.sh |
*.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA |
2018-10-03 - 2019-10-12 |
a year | crt.sh |
*.googleapis.com GTS CA 1O1 |
2019-08-23 - 2019-11-21 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://wazql.trusteddeals.net/c/1f0a2cb367c37dee?s1=13875&j1=1&j3=1&s2=25713&click_id=rctdn5d8011da6a801702871307
Frame ID: 9D9D444693355A5E74E958E8344D6598
Requests: 29 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://testiphone.org/ Page URL
-
http://trk.mobogate.com/aff_c?aff_id=10567&off_id=1637
HTTP 302
https://gbvoz.freeprize.org/c/1dd03d5201665a15?s1=25713&s2=60141&s3=ti11 HTTP 302
https://wazql.trusteddeals.net/c/1f0a2cb367c37dee?s1=13875&j1=1&j3=1&s2=25713&click_id=rctdn5d8011da6a80170... Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
- script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://testiphone.org/ Page URL
-
http://trk.mobogate.com/aff_c?aff_id=10567&off_id=1637
HTTP 302
https://gbvoz.freeprize.org/c/1dd03d5201665a15?s1=25713&s2=60141&s3=ti11 HTTP 302
https://wazql.trusteddeals.net/c/1f0a2cb367c37dee?s1=13875&j1=1&j3=1&s2=25713&click_id=rctdn5d8011da6a801702871307 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- http://whos.amung.us/cwidget/s7lriu3na3lk/ccc700000001.png HTTP 307
- http://widgets.amung.us/draw/?w=colored&n=3&c=ccc700000001&p=
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
testiphone.org/ |
852 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
widgets.amung.us/draw/ Redirect Chain
|
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pix.png
testiphone.org/tmp/1/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
1f0a2cb367c37dee
wazql.trusteddeals.net/c/ Redirect Chain
|
23 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
cdn-aimi.akamaized.net/landings/146720/1542013681/css/ |
98 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
cdn-aimi.akamaized.net/landings/146720/1542013681/css/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
cdn-aimi.akamaized.net/landings/146720/1542013681/js/ |
28 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
detect-browser.js
cdn-aimi.akamaized.net/landings/146720/1542013681/js/ |
3 KB 1023 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
functions.js
cdn-aimi.akamaized.net/landings/146720/1542013681/js/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
cdn-aimi.akamaized.net/landings/146720/1542013681/js/ |
1 KB 771 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pulse-favicon.js
cdn-aimi.akamaized.net/landings/146720/1542013681/js/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
returnDate.en.js
cdn-aimi.akamaized.net/landings/146720/1542013681/js/ |
540 B 926 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chrome.png
cdn-aimi.akamaized.net/landings/146720/1542013681/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
opera.png
cdn-aimi.akamaized.net/landings/146720/1542013681/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ff.png
cdn-aimi.akamaized.net/landings/146720/1542013681/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ie.png
cdn-aimi.akamaized.net/landings/146720/1542013681/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
safari.png
cdn-aimi.akamaized.net/landings/146720/1542013681/images/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
cdn-aimi.akamaized.net/landings/146720/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iphone.png
cdn-aimi.akamaized.net/landings/146720/1542013681/images/ |
53 KB 54 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img1.jpg
cdn-aimi.akamaized.net/landings/146720/1542013681/images/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img2.jpg
cdn-aimi.akamaized.net/landings/146720/1542013681/images/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3temv7e.jpg
cdn-aimi.akamaized.net/landings/146720/1542013681/images/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
9PH2QqX.jpg
cdn-aimi.akamaized.net/landings/146720/1542013681/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
EKZrmbS.jpg
cdn-aimi.akamaized.net/landings/146720/1542013681/images/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KqX499j.png
cdn-aimi.akamaized.net/landings/146720/1542013681/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DsrKpkj.jpg
cdn-aimi.akamaized.net/landings/146720/1542013681/images/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
plR22yu.jpg
cdn-aimi.akamaized.net/landings/146720/1542013681/images/ |
1017 B 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cdn-aimi.akamaized.net
- URL
- https://cdn-aimi.akamaized.net/landings/146720/images/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| FBcom function| random function| checkZero function| timer function| returnDate boolean| exit3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
wazql.trusteddeals.net/ | Name: scriptHash Value: 330097_13875_25713 |
|
wazql.trusteddeals.net/ | Name: unique_id Value: 5d7fb9204ef41899703805 |
|
wazql.trusteddeals.net/ | Name: unique_2315854 Value: unique_2315854 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdn-aimi.akamaized.net
gbvoz.freeprize.org
maxcdn.bootstrapcdn.com
testiphone.org
trk.mobogate.com
wazql.trusteddeals.net
whos.amung.us
widgets.amung.us
cdn-aimi.akamaized.net
109.169.53.180
185.117.88.130
185.225.208.133
2.16.186.99
2001:4de0:ac19::1:b:2a
2a00:1450:4001:814::200a
3.248.111.124
67.202.94.86
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1b4776fa572478a562456db79c2e827a67c09df9fcf0df2baaabb7b6cd41f1e4
21da10af8bf0ca4108d20bcf7ddd37902293d888b13a451fa57f21dff347008e
2446cf6020ae3e1d053112e171b48de3fe4668014d79667bf33eb119c2685925
388e1eb0cb648490ea1c4913f4ea3128f3fbfbda0608bf85e471d947db905302
3a2cac8f63e524f8a4fa598d8ed8051fe9b744b840f7130b082255770fc39670
3e6893c1e17edeeb20c66b5176daa05ddcee8081b2dd2c3db6118b3496c2b27f
4c4e412004cfc40c4498732f1c2d555b42f7e46cc0f3767b036ee4001143b69f
5a39904c92771c94fecbb6f744fd6784c10a3298d5551bf2d5f3fcdb45e42e57
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1
947b6a10d7033a6fbb3e782b02dc690b8464ac06333319db61653417d271d91b
9545948eefe774be5121de01ef9c14207891c35116bba14056471a59e4c212a1
9d3497a2d77fdd3eeeca1fa511771f641dd2cf62380a65513c1c9c81ffa0c856
a060481ea88ddf7a8dc554c57c8a8d6961586259671a89569e1d79b6376d0ce0
aa05de326a8afd2a7b16c253d8c10fc41857b474f23a814ffa7684d4ef17c1a9
aea3443ffa2df4454daac365b37a61f9b9b1ba24dc0899ff3afca9f770765ce0
b8415abaabb26fe68590eb086a43ff6abb3ef683fb24e0a2e6fb86b3ec93fc91
ba858c8ecc8f498253509a9251e5070ce3b3ad9950b704a22a9a1fb1efc62541
bcbc9c2be11bb7450b1b0c890255e252810a5f67e01d268851c7a09882ef78f2
cd9bebc6c494b71db031c6ceed2e7c1503a8e9258e00ae5b7c25a1e298cdf241
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
de2e8e075786e304dc52ef21f40a552db8c24d248e583843af38958138f69d0d
e3da7d20be42da6e260d3085d2a3f3965a549065345ee2d139e28625104e2393
e9503448692b738dd260fbd7f7cabf2e11f09b600fa97e6eb3a56eba5b1a7e9b
eee146f3954e624b69e833055cd9ba7c1dd256c4c548fbcf30df27b9de82ccc7
ef2cd2629b4b9057ed254d71dee8658a1ab1f2f0cf54f08f0d6ed2bf9480760a
fa07d78345204bf48b255523990b544e1b28f9a7810aaf2b8a5a356d05575205