thebasketballfactoryinc.com
Open in
urlscan Pro
199.250.203.94
Malicious Activity!
Public Scan
Submitted URL: https://us-west-2.protection.sophos.com/?d=azurefd.net&u=aHR0cHM6Ly9tZWV0aW5ndGVhbW1pY3JvLmF6dXJlZmQubmV0L21lZXRpbmcvI2Fjem9ybnlAbWlzc29...
Effective URL: https://thebasketballfactoryinc.com//teammeeting/meeting.php
Submission Tags: falconsandbox
Submission: On April 01 via api from US
Effective URL: https://thebasketballfactoryinc.com//teammeeting/meeting.php
Submission Tags: falconsandbox
Submission: On April 01 via api from US
Summary
This website contacted 2 IPs
in 1 countries
across 3 domains to perform 1 HTTP transactions.
The main IP is 199.250.203.94, located in
United States and
belongs to IMH-IAD, US.
The main domain is thebasketballfactoryinc.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 23rd 2021. Valid for: 3 months.
This is the only time thebasketballfactoryinc.com was scanned on urlscan.io!
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 23rd 2021. Valid for: 3 months.
This is the only time thebasketballfactoryinc.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 13.32.25.75 13.32.25.75 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 1 | 2620:1ec:bdf::19 2620:1ec:bdf::19 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
| 1 | 199.250.203.94 199.250.203.94 | 54641 (IMH-IAD) (IMH-IAD) | |
| 1 | 2 |
1
13.32.25.75
(United States)
ASN16509 (AMAZON-02, US)
PTR: server-13-32-25-75.fra56.r.cloudfront.net
ASN16509 (AMAZON-02, US)
PTR: server-13-32-25-75.fra56.r.cloudfront.net
| us-west-2.protection.sophos.com |
1
2620:1ec:bdf::19
(United States)
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
| meetingteammicro.azurefd.net |
1
199.250.203.94
(United States)
ASN54641 (IMH-IAD, US)
PTR: vps41583.inmotionhosting.com
ASN54641 (IMH-IAD, US)
PTR: vps41583.inmotionhosting.com
| thebasketballfactoryinc.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 1 |
thebasketballfactoryinc.com
thebasketballfactoryinc.com |
24 KB |
| 1 |
azurefd.net
1 redirects
meetingteammicro.azurefd.net |
196 B |
| 1 |
sophos.com
1 redirects
us-west-2.protection.sophos.com |
401 B |
| 1 | 3 |
| Domain | Requested by | |
|---|---|---|
| 1 | thebasketballfactoryinc.com | |
| 1 | meetingteammicro.azurefd.net | 1 redirects |
| 1 | us-west-2.protection.sophos.com | 1 redirects |
| 1 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| thebasketballfactoryinc.com cPanel, Inc. Certification Authority |
2021-03-23 - 2021-06-21 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://thebasketballfactoryinc.com//teammeeting/meeting.php
Frame ID: C85C3A6235E8B619B257FBC8E4F11502
Requests: 6 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://us-west-2.protection.sophos.com/?d=azurefd.net&u=aHR0cHM6Ly9tZWV0aW5ndGVhbW1pY3JvLmF6dXJlZmQubmV0L21lZXRpbmc...
HTTP 302
https://meetingteammicro.azurefd.net/meeting/ HTTP 307
https://thebasketballfactoryinc.com//teammeeting/meeting.php Page URL
Detected technologies
Nginx
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://us-west-2.protection.sophos.com/?d=azurefd.net&u=aHR0cHM6Ly9tZWV0aW5ndGVhbW1pY3JvLmF6dXJlZmQubmV0L21lZXRpbmcvI2Fjem9ybnlAbWlzc291bGFjb3VudHkudXM%3D&i=NWE0YmM1N2QwOWI5OTMxNzgxMzRmYWY3&t=QUcvNlk2RHRZMWNyVTRaOEg5dWVmWW9aZTlpTzlJcVc1QTI2RHVwaE9BWT0%3D&h=685686652e564392a49c2bc0b99a06bf
HTTP 302
https://meetingteammicro.azurefd.net/meeting/ HTTP 307
https://thebasketballfactoryinc.com//teammeeting/meeting.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
1 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
meeting.php
thebasketballfactoryinc.com//teammeeting/ Redirect Chain
|
43 KB 24 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
28 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
2 KB 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
11 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook (Online)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| speak0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Content-Security-Policy | upgrade-insecure-requests; |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
meetingteammicro.azurefd.net
thebasketballfactoryinc.com
us-west-2.protection.sophos.com
13.32.25.75
199.250.203.94
2620:1ec:bdf::19
2260da75cbe9974073378c05bf336b9d48ca5cca7563276be0d63986e112ab47
47abb531f51079ad100757fa175a33462f038be94d918dc5db204d1be2545045
60cdf23d419df3491dab01fbca94f3a15b1f9a3f3ace85c0f60468e31ed246de
64d14471cc6ff013cc309a0c43be662723f220d78d960c3ef1903f9c5f9c5838
a7cdef2a343a697f16fb77ccba5ad107680cd7b4c336e45024b54802481271d1
f8593c513b145927dfff508c6e4a3c21c5e76f5003fb5c817036e4416f7888d8