foottraffic.us - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 104.247.78.196, located in United States and belongs to IMH-IAD, US. The main domain is foottraffic.us.
TLS certificate: Issued by R3 on January 5th 2024. Valid for: 3 months.

This is the only time foottraffic.us was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address		AS Autonomous System
6	104.247.78.196 104.247.78.196		54641 (IMH-IAD) (IMH-IAD)
6	1

6 104.247.78.196 (United States)

ASN54641 (IMH-IAD, US)
PTR: server.foottraffic.us

foottraffic.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	foottraffic.us foottraffic.us	321 KB
6	1

	Domain	Requested by
6	foottraffic.us	foottraffic.us
6	1

This site contains no links.

Subject Issuer	Validity	Valid
foottraffic.us R3	`2024-01-05` - `2024-04-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://foottraffic.us/wp-admin/network/C-InFO/clients/c.php
Frame ID: 0547278310F24A089BAD788EB0A66BC8
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Netflix

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

321 kB
Transfer

342 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request c.php Show response foottraffic.us/wp-admin/network/C-InFO/clients/	5 KB 2 KB	179ms 57ms	Document text/html	104.247.78.196 IMH-IAD
General Check archive.org Show headers Download Go to Full URL https://foottraffic.us/wp-admin/network/C-InFO/clients/c.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.247.78.196 , United States, ASN54641 (IMH-IAD, US), Reverse DNS server.foottraffic.us Software Apache / Resource Hash `a6a7fac7ea6df63f97cc2a3d901889cd1b1098dc2d5d614808b4d66e6dd30aa9` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Cache-Control max-age=0 Connection Keep-Alive Content-Encoding gzip Content-Length 1933 Content-Type text/html; charset=UTF-8 Date Fri, 02 Feb 2024 15:02:42 GMT Expires Fri, 02 Feb 2024 15:02:42 GMT Keep-Alive timeout=5, max=100 Server Apache Vary Accept-Encoding,User-Agent
GET H/1.1	200 OK	main.css foottraffic.us/wp-admin/network/C-InFO/css/	4 KB 1 KB	56ms 55ms	Stylesheet text/css	104.247.78.196 IMH-IAD
General Check archive.org Show headers Download Go to Full URL https://foottraffic.us/wp-admin/network/C-InFO/css/main.css Requested by Host: foottraffic.us URL: https://foottraffic.us/wp-admin/network/C-InFO/clients/c.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.247.78.196 , United States, ASN54641 (IMH-IAD, US), Reverse DNS server.foottraffic.us Software Apache / Resource Hash `6c8c96927fb2b23021a5336ef11c805edcdb31e8c993a385b603ae4e37f51bcd` Request headers accept-language en-US,en;q=0.9 Referer https://foottraffic.us/wp-admin/network/C-InFO/clients/c.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers Date Fri, 02 Feb 2024 15:02:42 GMT Content-Encoding gzip Last-Modified Tue, 08 Aug 2023 16:55:02 GMT Server Apache Vary Accept-Encoding,User-Agent Content-Type text/css; charset=utf-8 Cache-Control max-age=31536000, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1069 Expires Sat, 01 Feb 2025 15:02:42 GMT
GET H/1.1	200 OK	selectlanguage.PNG foottraffic.us/wp-admin/network/C-InFO/images/	2 KB 2 KB	112ms 55ms	Image image/png	104.247.78.196 IMH-IAD
General Check archive.org Show headers Download Go to Show image Full URL https://foottraffic.us/wp-admin/network/C-InFO/images/selectlanguage.PNG Requested by Host: foottraffic.us URL: https://foottraffic.us/wp-admin/network/C-InFO/clients/c.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.247.78.196 , United States, ASN54641 (IMH-IAD, US), Reverse DNS server.foottraffic.us Software Apache / Resource Hash `d82d7057c4aaf8fe1a75beb7fa0d88c62a4a7f0988bac673b6ed974ad84838f8` Request headers accept-language en-US,en;q=0.9 Referer https://foottraffic.us/wp-admin/network/C-InFO/clients/c.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers Date Fri, 02 Feb 2024 15:02:42 GMT Last-Modified Wed, 15 Mar 2023 06:07:08 GMT Server Apache Vary Accept-Encoding Content-Type image/png Cache-Control max-age=10368000 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1800 Expires Sat, 01 Jun 2024 15:02:42 GMT
GET H/1.1	200 OK	junia-framework.js Show response foottraffic.us/wp-admin/network/C-InFO/js/	21 KB 7 KB	164ms 56ms	Script application/javascript	104.247.78.196 IMH-IAD
General Check archive.org Show headers Download Go to Full URL https://foottraffic.us/wp-admin/network/C-InFO/js/junia-framework.js Requested by Host: foottraffic.us URL: https://foottraffic.us/wp-admin/network/C-InFO/clients/c.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.247.78.196 , United States, ASN54641 (IMH-IAD, US), Reverse DNS server.foottraffic.us Software Apache / Resource Hash `4eddbc6b9a1194b7c26b7289cd5187ac1ae81887ee176ff265706fc7a002c961` Request headers accept-language en-US,en;q=0.9 Referer https://foottraffic.us/wp-admin/network/C-InFO/clients/c.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers Date Fri, 02 Feb 2024 15:02:42 GMT Content-Encoding gzip Last-Modified Tue, 10 Jan 2023 02:36:36 GMT Server Apache Vary Accept-Encoding,User-Agent Content-Type application/javascript; charset=utf-8 Cache-Control max-age=31536000, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 6273 Expires Sat, 01 Feb 2025 15:02:42 GMT
GET H/1.1	200 OK	cc.js Show response foottraffic.us/wp-admin/network/C-InFO/js/	2 KB 942 B	163ms 55ms	Script application/javascript	104.247.78.196 IMH-IAD
General Check archive.org Show headers Download Go to Full URL https://foottraffic.us/wp-admin/network/C-InFO/js/cc.js Requested by Host: foottraffic.us URL: https://foottraffic.us/wp-admin/network/C-InFO/clients/c.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.247.78.196 , United States, ASN54641 (IMH-IAD, US), Reverse DNS server.foottraffic.us Software Apache / Resource Hash `a78cf28111d6c1d2c9f2fe03652b6e385b97a1a2828bf2f2133c40b3209766d2` Request headers accept-language en-US,en;q=0.9 Referer https://foottraffic.us/wp-admin/network/C-InFO/clients/c.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers Date Fri, 02 Feb 2024 15:02:42 GMT Content-Encoding gzip Last-Modified Wed, 15 Mar 2023 06:44:50 GMT Server Apache Vary Accept-Encoding,User-Agent Content-Type application/javascript; charset=utf-8 Cache-Control max-age=31536000, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 533 Expires Sat, 01 Feb 2025 15:02:42 GMT
GET H/1.1	200 OK	background.jpg foottraffic.us/wp-admin/network/C-InFO/images/	308 KB 308 KB	112ms 56ms	Image image/jpeg	104.247.78.196 IMH-IAD
General Check archive.org Show headers Download Go to Show image Full URL https://foottraffic.us/wp-admin/network/C-InFO/images/background.jpg Requested by Host: foottraffic.us URL: https://foottraffic.us/wp-admin/network/C-InFO/css/main.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.247.78.196 , United States, ASN54641 (IMH-IAD, US), Reverse DNS server.foottraffic.us Software Apache / Resource Hash `c0f09464fc615241a88a012e590375ec17f6d6ca089232dd21a4a8eb0b5a0704` Request headers accept-language en-US,en;q=0.9 Referer https://foottraffic.us/wp-admin/network/C-InFO/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers Date Fri, 02 Feb 2024 15:02:42 GMT Last-Modified Tue, 14 Mar 2023 19:33:56 GMT Server Apache Vary Accept-Encoding Content-Type image/jpeg Cache-Control max-age=10368000, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 315229 Expires Sat, 01 Jun 2024 15:02:42 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| Cleave

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

foottraffic.us
104.247.78.196
4eddbc6b9a1194b7c26b7289cd5187ac1ae81887ee176ff265706fc7a002c961
6c8c96927fb2b23021a5336ef11c805edcdb31e8c993a385b603ae4e37f51bcd
a6a7fac7ea6df63f97cc2a3d901889cd1b1098dc2d5d614808b4d66e6dd30aa9
a78cf28111d6c1d2c9f2fe03652b6e385b97a1a2828bf2f2133c40b3209766d2
c0f09464fc615241a88a012e590375ec17f6d6ca089232dd21a4a8eb0b5a0704
d82d7057c4aaf8fe1a75beb7fa0d88c62a4a7f0988bac673b6ed974ad84838f8

foottraffic.us Open in urlscan Pro 104.247.78.196 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

321 kBTransfer

342 kBSize

0 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

foottraffic.us Open in urlscan Pro
104.247.78.196 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

321 kB
Transfer

342 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!