detectornqr.ro Open in urlscan Pro
193.34.145.202 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://homesafetydivision.co.uk/.dove/rdr.php
Effective URL:
http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLi...
Submission: On June 27 via automatic, source openphish (June 27th 2017, 6:43:04 pm UTC)

Summary HTTP 11 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 11 HTTP transactions. The main IP is 193.34.145.202, located in Germany and belongs to CONTABO to AS1299 announce AS34933, DE. The main domain is detectornqr.ro.

This is the only time detectornqr.ro was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online) Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
9	193.34.145.202 193.34.145.202	51167 (CONTABO t...) (CONTABO to AS1299 announce AS34933)
2	2a02:26f0:122... 2a02:26f0:122:393::fb1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
11	2

9 193.34.145.202 (Germany)

ASN51167 (CONTABO to AS1299 announce AS34933, DE)
PTR: m3499.contabo.net

detectornqr.ro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:122:393::fb1 (European Union)

ASN20940 (AKAMAI-ASN1, US)

secure.aadcdn.microsoftonline-p.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	detectornqr.ro detectornqr.ro	572 KB
2	microsoftonline-p.com secure.aadcdn.microsoftonline-p.com	4 KB
11	2

	Domain	Requested by
9	detectornqr.ro	detectornqr.ro
2	secure.aadcdn.microsoftonline-p.com	detectornqr.ro
11	2

This site contains links to these domains. Also see Links.

Domain
login.live.com

Subject Issuer	Validity	Valid
secure.aadcdn.microsoftonline-p.com Symantec Class 3 Secure Server CA - G4	`2016-09-01` - `2017-09-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Frame ID: 18316.1
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

11
Requests

18 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

576 kB
Transfer

581 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAdNiNtQztFIxgAAjXRCpa5CWZqibnApiIYEiIS6B3HmzC6TX33Dd03tIYPmJcN9VjEoZJSUFxVb6-vmlJTn5-dl6-Wlpmcmpxmamesn5ufr55Yn6OxgZLzAyrmIyNzM2M7I0N7AwNrC0MDUwMjYw1zNItLQ0S0xK1jUxNTPVNTGzNNJNMrFI0k22NDQ2TjExMU1KTLrFxO_vWFqSYQQi8osyq1I_MXGm5RflxhfkF5fMYmYF27KKmShfbGJmA7orNz_vFDNbfkFqXmbKBRbGVyw8BsxWHBxsAowSDAoMP1gYF7ECfctwfEPjS94mt91vln1ljdVnOMWqn17kHlWZ6aUd6m4YmOThHJpZ7hNslOKSpZ9WbmzmVelobpQdYGliEZXl62trbGU4gY1xAhvbLk4iQgkA0&id=&uaid=709b9e6daf1b45d8bc8dc210a7c8574d&pcexp=false&popupui=
Title: Sign in with a Microsoft account

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request Sign-in.php Show response
detectornqr.ro/offnal/
Redirect Chain

http://detectornqr.ro/offnal/
http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?...

29 KB
29 KB

286ms
286ms

Document
text/html

193.34.145.202
CONTABO to AS1299...

General

Check archive.org

Show headers Download Go to

Full URL: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol: HTTP/1.1
Server: 193.34.145.202 , Germany, ASN51167 (CONTABO to AS1299 announce AS34933, DE),
Reverse DNS: m3499.contabo.net
Software: Apache / PHP/5.6.30
Resource Hash: 923ec15901b92763b4495b512c883bd1154f6f16a435d95290e16aee9b2d1f2e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

Date: Tue, 27 Jun 2017 18:42:53 GMT
Server: Apache
Connection: Keep-Alive
X-Powered-By: PHP/5.6.30
Transfer-Encoding: chunked
Keep-Alive: timeout=5, max=98
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Tue, 27 Jun 2017 18:42:52 GMT
Server: Apache
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8
Location: Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4#n=1252899642&fid=1&fav=1' >
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 0

GET
H/1.1 200
OK login.css
detectornqr.ro/offnal/files/ 21 KB
21 KB 18ms
11ms Stylesheet
text/css 193.34.145.202
CONTABO to AS1299...

General

Check archive.org

Show headers Download Go to

Full URL: http://detectornqr.ro/offnal/files/login.css
Requested by: Host: detectornqr.ro
URL: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol: HTTP/1.1
Server: 193.34.145.202 , Germany, ASN51167 (CONTABO to AS1299 announce AS34933, DE),
Reverse DNS: m3499.contabo.net
Software: Apache /
Resource Hash: b849c8da2fb4163b99fb3e45081f8622cba52359d9d68749aa0a6a1db7d7e97f

Request headers

Referer: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

Date: Tue, 27 Jun 2017 18:42:53 GMT
Last-Modified: Sat, 06 May 2017 22:00:34 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 21886

GET
H/1.1 200
OK login_hover.css
detectornqr.ro/offnal/files/ 89 B
89 B 20ms
10ms Stylesheet
text/css 193.34.145.202
CONTABO to AS1299...

General

Check archive.org

Show headers Download Go to

Full URL: http://detectornqr.ro/offnal/files/login_hover.css
Requested by: Host: detectornqr.ro
URL: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol: HTTP/1.1
Server: 193.34.145.202 , Germany, ASN51167 (CONTABO to AS1299 announce AS34933, DE),
Reverse DNS: m3499.contabo.net
Software: Apache /
Resource Hash: 91c2b74542e11d0278e02715a980b39582eae2e3b519ddd2d4f9ca939e58109c

Request headers

Referer: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

Date: Tue, 27 Jun 2017 18:42:53 GMT
Last-Modified: Sat, 06 May 2017 22:00:34 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 89

GET
H/1.1 200
OK jquery.js Show response
detectornqr.ro/offnal/files/ 108 KB
108 KB 20ms
11ms Script
application/javascript 193.34.145.202
CONTABO to AS1299...

General

Check archive.org

Show headers Download Go to

Full URL: http://detectornqr.ro/offnal/files/jquery.js
Requested by: Host: detectornqr.ro
URL: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol: HTTP/1.1
Server: 193.34.145.202 , Germany, ASN51167 (CONTABO to AS1299 announce AS34933, DE),
Reverse DNS: m3499.contabo.net
Software: Apache /
Resource Hash: 080ff245615e719959bc5537e164ac4495c4b8036462dfee2076dd92f22c8491

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36
Referer: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Origin: http://detectornqr.ro

Response headers

Date: Tue, 27 Jun 2017 18:42:53 GMT
Last-Modified: Sat, 06 May 2017 22:00:36 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 110256

GET
H/1.1 200
OK aad.js Show response
detectornqr.ro/offnal/files/ 174 KB
174 KB 20ms
11ms Script
application/javascript 193.34.145.202
CONTABO to AS1299...

General

Check archive.org

Show headers Download Go to

Full URL: http://detectornqr.ro/offnal/files/aad.js
Requested by: Host: detectornqr.ro
URL: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol: HTTP/1.1
Server: 193.34.145.202 , Germany, ASN51167 (CONTABO to AS1299 announce AS34933, DE),
Reverse DNS: m3499.contabo.net
Software: Apache /
Resource Hash: 784272794b86d17613d2311fa54eab23d223252eebe139ce8113eaca26a03f86

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36
Referer: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Origin: http://detectornqr.ro

Response headers

Date: Tue, 27 Jun 2017 18:42:53 GMT
Last-Modified: Sat, 06 May 2017 22:00:36 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 178334

GET
H/1.1 200
OK heroillustration.jpg
detectornqr.ro/offnal/files/ 199 KB
199 KB 11ms
10ms Image
image/jpeg 193.34.145.202
CONTABO to AS1299...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://detectornqr.ro/offnal/files/heroillustration.jpg
Requested by: Host: detectornqr.ro
URL: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol: HTTP/1.1
Server: 193.34.145.202 , Germany, ASN51167 (CONTABO to AS1299 announce AS34933, DE),
Reverse DNS: m3499.contabo.net
Software: Apache /
Resource Hash: 7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b

Request headers

Referer: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

Date: Tue, 27 Jun 2017 18:42:53 GMT
Last-Modified: Sat, 06 May 2017 22:00:34 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 203294

GET
H/1.1 200
OK bannerlogo.png
detectornqr.ro/offnal/files/ 4 KB
4 KB 10ms
10ms Image
image/png 193.34.145.202
CONTABO to AS1299...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://detectornqr.ro/offnal/files/bannerlogo.png
Requested by: Host: detectornqr.ro
URL: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol: HTTP/1.1
Server: 193.34.145.202 , Germany, ASN51167 (CONTABO to AS1299 announce AS34933, DE),
Reverse DNS: m3499.contabo.net
Software: Apache /
Resource Hash: fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603

Request headers

Referer: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

Date: Tue, 27 Jun 2017 18:42:53 GMT
Last-Modified: Sat, 06 May 2017 22:00:34 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 4585

GET
H/1.1 200
OK microsoft_logo.png
detectornqr.ro/offnal/files/ 1 KB
1 KB 11ms
11ms Image
image/png 193.34.145.202
CONTABO to AS1299...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://detectornqr.ro/offnal/files/microsoft_logo.png
Requested by: Host: detectornqr.ro
URL: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol: HTTP/1.1
Server: 193.34.145.202 , Germany, ASN51167 (CONTABO to AS1299 announce AS34933, DE),
Reverse DNS: m3499.contabo.net
Software: Apache /
Resource Hash: f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c

Request headers

Referer: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

Date: Tue, 27 Jun 2017 18:42:53 GMT
Last-Modified: Sat, 06 May 2017 22:00:34 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1057

GET
H/1.1 200
OK login_hover.min.css
secure.aadcdn.microsoftonline-p.com/ests/2.1.5898.9/content/cdnbundles/ 89 B
82 B 38ms
6ms Stylesheet
text/css 2a02:26f0:122:393::fb1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.aadcdn.microsoftonline-p.com/ests/2.1.5898.9/content/cdnbundles/login_hover.min.css

Requested by

Host: detectornqr.ro
URL: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:122:393::fb1 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

91c2b74542e11d0278e02715a980b39582eae2e3b519ddd2d4f9ca939e58109c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

Date: Tue, 27 Jun 2017 18:42:53 GMT
Content-Encoding: gzip
Last-Modified: Thu, 27 Apr 2017 19:35:35 GMT
Content-MD5: k+LdzPr5J17LuCAOBMVTBQ==
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=296951
Strict-Transport-Security: max-age=31536000
Content-Length: 82

GET
H/1.1 200
OK watson.min.js Show response
secure.aadcdn.microsoftonline-p.com/ests/2.1.5898.9/content/cdnbundles/ 10 KB
4 KB 10ms
10ms Script
application/x-javascript 2a02:26f0:122:393::fb1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.aadcdn.microsoftonline-p.com/ests/2.1.5898.9/content/cdnbundles/watson.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:122:393::fb1 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

ca5896e71cda62c2be576048f73ca40094592f9fd2a62f7c2b4d8c94b03191e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36

Response headers

Date: Tue, 27 Jun 2017 18:42:53 GMT
Content-Encoding: gzip
Last-Modified: Thu, 27 Apr 2017 19:35:38 GMT
Content-MD5: lHRm5RF8WrsErKEDEGrsaQ==
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=227832
Strict-Transport-Security: max-age=31536000
Content-Length: 4155

POST
H/1.1 404
Not Found watson Show response
detectornqr.ro/common/handlers/ 35 KB
36 KB 1861ms
1860ms XHR
text/html 193.34.145.202
CONTABO to AS1299...

General

Check archive.org

Show headers Download Go to

Full URL: http://detectornqr.ro/common/handlers/watson
Requested by: Host: detectornqr.ro
URL: http://detectornqr.ro/offnal/files/jquery.js
Protocol: HTTP/1.1
Server: 193.34.145.202 , Germany, ASN51167 (CONTABO to AS1299 announce AS34933, DE),
Reverse DNS: m3499.contabo.net
Software: Apache / PHP/5.6.30
Resource Hash: 2b577177fe624c368e5aadb4ffa8204413bd1dc4db9aa71f0c31a664f372f1e6

Request headers

Origin: http://detectornqr.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.109 Safari/537.36
client-request-id: 709b9e6d-af1b-45d8-bc8d-c210a7c8574d
canary: AQABAAAAAABnfiG-mA6NTae7CdWW7QfdIvisIZTKrlzexJxUZIyvWU6djUDBmL2cFLnOuC0FTO2-fLXMPoP1cpVqzfcgl2ghAsWPsIETuS80xCJcWu9KyrCMf5xQh-47oH18j1hUUDGMNUvRya5Zn9aUb_tPoE4i5b6JDl8f3P7cgTNpurC8eqvVlhDHO9ivUwSH1SGO4d4_j_US6Ep6fIC5ALiLMFWRlpKOywI8grRLvHA3oTv0ACAA
Content-Type: application/json; charset=UTF-8
hpgid: 1002
Accept: application/json
Referer: http://detectornqr.ro/offnal/Sign-in.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
X-Requested-With: XMLHttpRequest
hpgact: 1800

Response headers

Date: Tue, 27 Jun 2017 18:42:53 GMT
Server: Apache
X-Powered-By: PHP/5.6.30
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate, max-age=0
Connection: Keep-Alive
Link: <http://www.detectornqr.ro/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=98
Expires: Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online) Microsoft (Consumer)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			detectornqr.ro/offnal	1970-01-01 00:00:00	Name: testcookie Value: testcookie

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

detectornqr.ro
secure.aadcdn.microsoftonline-p.com
193.34.145.202
2a02:26f0:122:393::fb1
080ff245615e719959bc5537e164ac4495c4b8036462dfee2076dd92f22c8491
2b577177fe624c368e5aadb4ffa8204413bd1dc4db9aa71f0c31a664f372f1e6
784272794b86d17613d2311fa54eab23d223252eebe139ce8113eaca26a03f86
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
91c2b74542e11d0278e02715a980b39582eae2e3b519ddd2d4f9ca939e58109c
923ec15901b92763b4495b512c883bd1154f6f16a435d95290e16aee9b2d1f2e
b849c8da2fb4163b99fb3e45081f8622cba52359d9d68749aa0a6a1db7d7e97f
ca5896e71cda62c2be576048f73ca40094592f9fd2a62f7c2b4d8c94b03191e3
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603

detectornqr.ro Open in urlscan Pro 193.34.145.202 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

11 Requests

18 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

576 kBTransfer

581 kBSize

1 Cookies

1 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

detectornqr.ro Open in urlscan Pro
193.34.145.202 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

18 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

576 kB
Transfer

581 kB
Size

1
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!