![](/screenshots/d9d7dd55-c9fa-4b5e-8efd-e186e72070a9.png)
laatransportation.com
Open in
urlscan Pro
148.72.119.75
Malicious Activity!
Public Scan
Submission: On October 07 via api from CA
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on June 15th 2019. Valid for: a year.
This is the only time laatransportation.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial) Generic Banking (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 148.72.119.75 148.72.119.75 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
5 | 1 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-148-72-119-75.ip.secureserver.net
laatransportation.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
laatransportation.com
laatransportation.com |
31 KB |
5 | 1 |
Domain | Requested by | |
---|---|---|
5 | laatransportation.com |
laatransportation.com
|
5 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
247limocarservice.com Go Daddy Secure Certificate Authority - G2 |
2019-06-15 - 2020-06-15 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://laatransportation.com/Access/clients/clients/clients/05b20f19b67ae97f78829b6830a57c46/
Frame ID: B6B94DC09A27E7C73D0FE581DA7ED110
Requests: 5 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
laatransportation.com/Access/clients/clients/clients/05b20f19b67ae97f78829b6830a57c46/ |
4 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
encrypter.js
laatransportation.com/Access/clients/clients/clients/05b20f19b67ae97f78829b6830a57c46/img/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
laatransportation.com/Access/clients/clients/clients/05b20f19b67ae97f78829b6830a57c46/st/ |
53 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
alert.png
laatransportation.com/Access/clients/clients/clients/05b20f19b67ae97f78829b6830a57c46/img/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lo9o.svg
laatransportation.com/Access/clients/clients/clients/05b20f19b67ae97f78829b6830a57c46/img/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial) Generic Banking (Banking)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| Aes object| Base64 object| Utf8 string| Akaabouchp string| Akaaboucht string| output string| ctrTxt function| check0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
laatransportation.com
148.72.119.75
215a69508583079a6c06d6203b5f84882c6ae4dd580b785de6335119afc462a1
61d72488b597b64396b1cca9e6d3b3e37473d014e48f29d810da8ad3b55a6442
7806624ba5b8f472649750ff7ad3224b88ecb490e6e75275d6cf2dddea805db5
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
e72d5d5057dd618349cc5c13c78d856ecfab9715e9b8485d7d82f5e578ea7e35