www.abhahomeland.com
Open in
urlscan Pro
67.20.76.62
Malicious Activity!
Public Scan
Effective URL: https://www.abhahomeland.com/routes/AXAconnectedd-loading/responsive/rlytc=/
Submission: On December 19 via manual from FR
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on November 20th 2019. Valid for: 3 months.
This is the only time www.abhahomeland.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Axa (Insurance)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.67.57.56 54.67.57.56 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 2 | 50.87.249.157 50.87.249.157 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
2 3 | 70.40.195.242 70.40.195.242 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
2 8 | 67.20.76.62 67.20.76.62 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
8 | 3 |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ow.ly
ow.ly |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: box1357.bluehost.com
blainecountygives.com |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 70-40-195-242.unifiedlayer.com
8-degrees-south.com |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: host2004.hostmonster.com
www.abhahomeland.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
abhahomeland.com
2 redirects
www.abhahomeland.com |
838 KB |
3 |
8-degrees-south.com
2 redirects
8-degrees-south.com |
498 B |
2 |
blainecountygives.com
1 redirects
blainecountygives.com |
444 B |
1 |
ow.ly
1 redirects
ow.ly |
135 B |
8 | 4 |
Domain | Requested by | |
---|---|---|
8 | www.abhahomeland.com |
2 redirects
www.abhahomeland.com
|
3 | 8-degrees-south.com | 2 redirects |
2 | blainecountygives.com | 1 redirects |
1 | ow.ly | 1 redirects |
8 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
svtv.online Let's Encrypt Authority X3 |
2019-12-16 - 2020-03-15 |
3 months | crt.sh |
8-degrees-south.com Let's Encrypt Authority X3 |
2019-11-02 - 2020-01-31 |
3 months | crt.sh |
abhahomeland.com Let's Encrypt Authority X3 |
2019-11-20 - 2020-02-18 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.abhahomeland.com/routes/AXAconnectedd-loading/responsive/rlytc=/
Frame ID: DCC238DD8EDB85F2FF984E4F3F084DC7
Requests: 8 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://ow.ly/BWt230q2V2J
HTTP 301
https://blainecountygives.com/wp-admin/images/qtml/ HTTP 302
https://blainecountygives.com/wp-admin/images/qtml/2266c3b226e97cf113bc394b387eb66d/Load.php Page URL
-
https://8-degrees-south.com/wp-includes/blocks/qtml
HTTP 301
https://8-degrees-south.com/wp-includes/blocks/qtml/ HTTP 302
https://8-degrees-south.com/wp-includes/blocks/qtml/eee8df4e0000dc6d63d9b4a520c5f992/Load.php Page URL
-
https://www.abhahomeland.com/routes/AXAconnectedd-loading/responsive/
HTTP 302
https://www.abhahomeland.com/routes/AXAconnectedd-loading/responsive/rlytc= HTTP 301
https://www.abhahomeland.com/routes/AXAconnectedd-loading/responsive/rlytc=/ Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://ow.ly/BWt230q2V2J
HTTP 301
https://blainecountygives.com/wp-admin/images/qtml/ HTTP 302
https://blainecountygives.com/wp-admin/images/qtml/2266c3b226e97cf113bc394b387eb66d/Load.php Page URL
-
https://8-degrees-south.com/wp-includes/blocks/qtml
HTTP 301
https://8-degrees-south.com/wp-includes/blocks/qtml/ HTTP 302
https://8-degrees-south.com/wp-includes/blocks/qtml/eee8df4e0000dc6d63d9b4a520c5f992/Load.php Page URL
-
https://www.abhahomeland.com/routes/AXAconnectedd-loading/responsive/
HTTP 302
https://www.abhahomeland.com/routes/AXAconnectedd-loading/responsive/rlytc= HTTP 301
https://www.abhahomeland.com/routes/AXAconnectedd-loading/responsive/rlytc=/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://ow.ly/BWt230q2V2J HTTP 301
- https://blainecountygives.com/wp-admin/images/qtml/ HTTP 302
- https://blainecountygives.com/wp-admin/images/qtml/2266c3b226e97cf113bc394b387eb66d/Load.php
- https://8-degrees-south.com/wp-includes/blocks/qtml HTTP 301
- https://8-degrees-south.com/wp-includes/blocks/qtml/ HTTP 302
- https://8-degrees-south.com/wp-includes/blocks/qtml/eee8df4e0000dc6d63d9b4a520c5f992/Load.php
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Load.php
blainecountygives.com/wp-admin/images/qtml/2266c3b226e97cf113bc394b387eb66d/ Redirect Chain
|
95 B 271 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Load.php
8-degrees-south.com/wp-includes/blocks/qtml/eee8df4e0000dc6d63d9b4a520c5f992/ Redirect Chain
|
113 B 233 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
www.abhahomeland.com/routes/AXAconnectedd-loading/responsive/rlytc=/ Redirect Chain
|
14 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
www.abhahomeland.com/routes/AXAconnectedd-loading/responsive/rlytc=/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.jpg
www.abhahomeland.com/routes/AXAconnectedd-loading/responsive/rlytc=/ |
1 KB 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Capture.png
www.abhahomeland.com/routes/AXAconnectedd-loading/responsive/rlytc=/ |
649 B 687 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
seS.png
www.abhahomeland.com/routes/AXAconnectedd-loading/responsive/rlytc=/ |
541 B 571 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fd2.jpg
www.abhahomeland.com/routes/AXAconnectedd-loading/responsive/rlytc=/ |
827 KB 832 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Axa (Insurance)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| maf0 function| maf1 function| maf2 function| maf3 function| maf4 function| maf5 function| maf6 function| maf7 function| maf8 function| maf9 function| deletmdp0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
8-degrees-south.com
blainecountygives.com
ow.ly
www.abhahomeland.com
50.87.249.157
54.67.57.56
67.20.76.62
70.40.195.242
25692c1d953a19d8a493ca3d135eb868dd31795a960dc890e77e7a0eaee1298d
38f1e938bd021aaa3a94ec20795868cb1a84b0ebaa48c5f2e35eeaa01d80a21a
6bcbba94cd7a796861c100a8b362d7dcf92dfffa27fbb8bc77c741c77d9a9e53
85b5d9275ff55fb0dceec5bd2116de38f1a772d2f465ddde7e04c2a6c6b4dad9
8db87e5374c1c7aca2d7203fd6e058ed769deb056f483c41221d297ffe91e8da
aae6907b97bb625bc3d760099058e3e2c40b78089bc95790c91cee26b83e4b5e
ba3aa538fdc5ffaea8cc931420d59be6b6464129daedd77a4783f5e9649f2717