tookaco.com
Open in
urlscan Pro
91.98.96.132
Malicious Activity!
Public Scan
Submission: On July 23 via automatic, source openphish
Summary
This is the only time tookaco.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
13 | 91.98.96.132 91.98.96.132 | 60976 (POL) (POL) | |
1 2 | 66.117.29.228 66.117.29.228 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
14 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
tookaco.com
tookaco.com |
231 KB |
2 |
2o7.net
1 redirects
synacor.112.2o7.net |
2 KB |
14 | 2 |
Domain | Requested by | |
---|---|---|
13 | tookaco.com |
tookaco.com
|
2 | synacor.112.2o7.net |
1 redirects
tookaco.com
|
14 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
secure.centurylink.net |
centurylink.net |
Subject Issuer | Validity | Valid | |
---|---|---|---|
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh |
This page contains 1 frames:
Primary Page:
http://tookaco.com/wp-admin/js/widgets/-/-/espin-ppl/csc.html
Frame ID: 931D041E14170CF24F6B063D013C8B16
Requests: 14 HTTP requests in this frame
Screenshot
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 12- http://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s07416381030409?AQB=1&ndh=1&t=23%2F6%2F2019%202%3A4%3A43%202%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=http%3A%2F%2Ftookaco.com%2Fwp-admin%2Fjs%2Fwidgets%2F-%2F-%2Fespin-ppl%2Fcsc.html&cc=USD&c1=CenturyLink&c6=Federated%20Login&c7=7a4816c3b72052726a665505abae3e3c&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
- http://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s07416381030409?AQB=1&pccr=true&vidn=2E9B278D8530B547-40000308E0004832&&ndh=1&t=23%2F6%2F2019%202%3A4%3A43%202%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=http%3A%2F%2Ftookaco.com%2Fwp-admin%2Fjs%2Fwidgets%2F-%2F-%2Fespin-ppl%2Fcsc.html&cc=USD&c1=CenturyLink&c6=Federated%20Login&c7=7a4816c3b72052726a665505abae3e3c&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
csc.html
tookaco.com/wp-admin/js/widgets/-/-/espin-ppl/ |
14 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.css
tookaco.com/wp-admin/js/widgets/-/-/espin-ppl/csc_fichiers/ |
103 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social.css
tookaco.com/wp-admin/js/widgets/-/-/espin-ppl/csc_fichiers/ |
7 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social_responsive.css
tookaco.com/wp-admin/js/widgets/-/-/espin-ppl/csc_fichiers/ |
1 KB 899 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social_login.css
tookaco.com/wp-admin/js/widgets/-/-/espin-ppl/csc_fichiers/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
quora.js
tookaco.com/wp-admin/js/widgets/-/-/espin-ppl/csc_fichiers/ |
128 B 455 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
tookaco.com/wp-admin/js/widgets/-/-/espin-ppl/csc_fichiers/ |
91 KB 38 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pp258.png
tookaco.com/wp-admin/js/widgets/-/-/espin-ppl/csc_fichiers/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
visa-mastercard-amex_0.png
tookaco.com/wp-admin/js/widgets/-/-/espin-ppl/csc_fichiers/ |
109 KB 110 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modernizr.js
tookaco.com/wp-admin/js/widgets/-/-/espin-ppl/csc_fichiers/ |
12 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ddd.png
tookaco.com/wp-admin/js/widgets/-/-/espin-ppl/csc_fichiers/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.js
tookaco.com/wp-admin/js/widgets/-/-/espin-ppl/csc_fichiers/ |
28 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s_code.js
tookaco.com/wp-admin/js/widgets/-/-/espin-ppl/csc_fichiers/ |
30 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s07416381030409
synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/ Redirect Chain
|
43 B 738 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)31 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| isNumber function| $ function| jQuery object| html5 object| Modernizr function| yepnope function| updateTracking object| jQuery1810015286123505497962 string| s_account object| s string| s_code string| s_objectID function| s_gi function| s_giqf string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq object| s_i_synacor object| $elements string| $escaped0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
synacor.112.2o7.net
tookaco.com
66.117.29.228
91.98.96.132
0920ffb0edc4772a0f3c3a5ddc1084b14ff8e5f10a4d5932a8855f415e218eb4
34e7485254321247359d42d049d1e880f0c54c3a6e9232ee99ccf9c17622b67f
420e5d89dc72e40e31fff3a9b7d5a9e21b97d2705976ba3e7864496c1b1ba1dc
44d0d4d970f61ac3792db6e448ed2495ec75b34c991024bb0067105d550b4593
4552f530dcc347a18f05ab8fed6bd386983f9d87ea1fcfdaf95e0bcbd559ac1d
5838e7d63d42c3846c634374f3207cafa622a1e6551720dd1bb75835776192b5
678142bea0f875f9140575b7643f9f76486cf2139270371acd1543f063c93ec1
6d8050cc8b33b9fdca434c4a66bde15cb8540db2a4bc29f7bb9ede78753477df
7470f9d78491838f5cc3ee51d4ed4d8a232f6c80ae80706dff96c062d3d663b6
82aa8220b0b10115902bf05d352ad727a2c21a7af61b20ae05dff5ff061de65c
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
b095c14e576cb3c64990abce12a5efb2e319999721456f2258e7c362834b673d
f8e673c25be39d8531277d87b18ac3cf91def3c21ca9c171625e6c2aaa796bbd
fd413a60f3084fd9f633f1fcdf7ba4cb0a53f5eadc42ec0272d9a0fb9c439a50