threatfox.abuse.ch
Open in
urlscan Pro
151.101.66.49
Public Scan
Submission: On March 27 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2022 Q3 on September 28th 2022. Valid for: a year.
This is the only time threatfox.abuse.ch was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 25 | 151.101.66.49 151.101.66.49 | 54113 (FASTLY) (FASTLY) | |
2 | 2a00:1450:400... 2a00:1450:4001:82a::2008 | 15169 (GOOGLE) (GOOGLE) | |
4 | 2a00:1450:400... 2a00:1450:4001:830::2004 | 15169 (GOOGLE) (GOOGLE) | |
4 | 2a00:1450:400... 2a00:1450:4001:830::2003 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:806::2003 | 15169 (GOOGLE) (GOOGLE) | |
37 | 6 |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
25 |
abuse.ch
1 redirects
threatfox.abuse.ch |
393 KB |
6 |
gstatic.com
www.gstatic.com fonts.gstatic.com |
385 KB |
4 |
google.com
www.google.com — Cisco Umbrella Rank: 2 |
46 KB |
2 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39 |
155 KB |
0 |
twitter.com
Failed
api.twitter.com Failed |
|
37 | 5 |
Domain | Requested by | |
---|---|---|
25 | threatfox.abuse.ch |
1 redirects
threatfox.abuse.ch
|
4 | www.gstatic.com |
www.google.com
www.gstatic.com |
4 | www.google.com |
threatfox.abuse.ch
www.gstatic.com www.google.com |
2 | fonts.gstatic.com |
www.google.com
|
2 | www.googletagmanager.com |
threatfox.abuse.ch
|
0 | api.twitter.com Failed | |
37 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
spamhaus.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.abuse.ch GlobalSign Atlas R3 DV TLS CA 2022 Q3 |
2022-09-28 - 2023-10-30 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-03-06 - 2023-05-29 |
3 months | crt.sh |
www.google.com GTS CA 1C3 |
2023-03-06 - 2023-05-29 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-03-06 - 2023-05-29 |
3 months | crt.sh |
*.google.com GTS CA 1C3 |
2023-03-06 - 2023-05-29 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://threatfox.abuse.ch/ioc/1094210/
Frame ID: 85C3F1A9AF660D621A8737C3F4D265E2
Requests: 29 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcISgUfAAAAAHj9HvxEZtSKdR4YQV3jdSMADDLL&co=aHR0cHM6Ly90aHJlYXRmb3guYWJ1c2UuY2g6NDQz&hl=de&v=vpEprwpCoBMgy-fvZET0Mz6L&size=invisible&cb=2itbsr6u6by
Frame ID: 0775784D1AFD2A44000614AAE82AC90B
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
ThreatFox | https://appbesfksaw.actomzxck.xyz:2083/aaaaaaaaaPage URL History Show full URLs
-
https://threatfox.abuse.ch/ioc/1094210/
HTTP 307
https://threatfox.abuse.ch/verify-ua/?url=L2lvYy8xMDk0MjEwLw== Page URL
- https://threatfox.abuse.ch/ioc/1094210/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Clipboard.js (Miscellaneous) Expand
Detected patterns
- clipboard(?:-([\d.]+))?(?:\.min)?\.js
Google Analytics (Analytics) Expand
Detected patterns
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
reCAPTCHA (Captchas) Expand
Detected patterns
- /recaptcha/api\.js
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Spamhaus Project
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://threatfox.abuse.ch/ioc/1094210/
HTTP 307
https://threatfox.abuse.ch/verify-ua/?url=L2lvYy8xMDk0MjEwLw== Page URL
- https://threatfox.abuse.ch/ioc/1094210/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://threatfox.abuse.ch/ioc/1094210/ HTTP 307
- https://threatfox.abuse.ch/verify-ua/?url=L2lvYy8xMDk0MjEwLw==
- https://threatfox.abuse.ch/ajax/ HTTP 302
- https://threatfox.abuse.ch/login/ HTTP 0
- https://api.twitter.com/oauth/authorize?oauth_token=W8Pc0wAAAAABKKpNAAABhyKnfVM
37 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
threatfox.abuse.ch/verify-ua/ Redirect Chain
|
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
threatfox.abuse.ch/css/ |
157 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
threatfox.abuse.ch/css/ |
58 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom.css
threatfox.abuse.ch/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
220 KB 77 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
threatfox_logo.png
threatfox.abuse.ch/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.js
threatfox.abuse.ch/js/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
threatfox.abuse.ch/js/ |
62 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.google.com/recaptcha/ |
884 B 908 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
threatfox.abuse.ch/webfonts/ |
78 KB 79 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__de.js
www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/ |
409 KB 165 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anchor
www.google.com/recaptcha/api2/ Frame 0775 |
47 KB 26 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
styles__ltr.css
www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/ Frame 0775 |
55 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
recaptcha__de.js
www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/ Frame 0775 |
409 KB 164 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 0775 |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0775 |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0775 |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
webworker.js
www.google.com/recaptcha/api2/ Frame 0775 |
102 B 134 B |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
reload
www.google.com/recaptcha/api2/ Frame 0775 |
32 KB 18 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
threatfox.abuse.ch/ajax/ |
31 B 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
threatfox.abuse.ch/ioc/1094210/ |
18 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
threatfox.abuse.ch/css/ |
157 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
threatfox.abuse.ch/css/ |
58 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-select.min.css
threatfox.abuse.ch/css/ |
11 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom.css
threatfox.abuse.ch/css/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
220 KB 77 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
threatfox_logo.png
threatfox.abuse.ch/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
11122.jpg
threatfox.abuse.ch/images/avatar/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.js
threatfox.abuse.ch/js/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
threatfox.abuse.ch/js/ |
20 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
threatfox.abuse.ch/js/ |
62 KB 16 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-select.min.js
threatfox.abuse.ch/js/ |
56 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clipboard.min.js
threatfox.abuse.ch/js/ |
10 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ioc_81ZtGklOp9.min.js
threatfox.abuse.ch/js/ |
10 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
threatfox.abuse.ch/webfonts/ |
78 KB 79 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-regular-400.woff2
threatfox.abuse.ch/webfonts/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
authorize
api.twitter.com/oauth/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- api.twitter.com
- URL
- https://api.twitter.com/oauth/authorize?oauth_token=W8Pc0wAAAAABKKpNAAABhyKnfVM
Verdicts & Comments Add Verdict or Comment
19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| gtag object| dataLayer function| $ function| jQuery function| Popper object| bootstrap function| ClipboardJS function| get_malware function| report_fp function| add_tag function| remove_tag function| delete_ioc function| change_malware object| clipboard object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.google.com/recaptcha | Name: _GRECAPTCHA Value: 09APgFj6NxHP-whOax5-5q-448yF8GMI-yO90ukaFVXL1rNjiA8qGMkVhkVQi9biX7YfyBmbhX-IdagRXDojKkTEo |
|
threatfox.abuse.ch/ | Name: THREATFOX Value: jeia6fbhso3repu20qvij5o486 |
|
.abuse.ch/ | Name: _ga Value: GA1.1.2055167438.1679913613 |
|
.abuse.ch/ | Name: _ga_6EH7DFEY3J Value: GS1.1.1679913613.1.1.1679913614.0.0.0 |
10 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none' |
Strict-Transport-Security | max-age=15768000 ; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | sameorigin |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.twitter.com
fonts.gstatic.com
threatfox.abuse.ch
www.google.com
www.googletagmanager.com
www.gstatic.com
api.twitter.com
151.101.66.49
2a00:1450:4001:806::2003
2a00:1450:4001:82a::2008
2a00:1450:4001:830::2003
2a00:1450:4001:830::2004
07c8f05b093fcb494bb2fe0e64c53969b16e8cc6e516f5d85b673acc2af279e8
18fcc06e8e158f0b20df57e5966474ba5ee428da943b5e27417d7e2bdde6058f
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3f56999aeab7be8e3f721662e81ea04984084ba621984fa5e5890cb78efdf9e3
55305bb9041fddba69d6eee99b956bb169fe5a7e9c84e896d94d5d38c060f59b
599857e8847568c778d7b139aef2a6df5d9223b35873b2739a72d116a1d3ea53
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
668a3fea267fb5a3dd702512bc9d6b9f554dd2d58ead558b1a850253a3491de0
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7
80cfa94d4fcaf4efbfbbc238efa6e3d13514ba90deb24b7981c35b79edb41640
8a7739925f4c03586479852df840b7061948832a7fda30c8c812d2ea4dd4c4f2
94cb63d1e29b01f19665241566f966a4d8ea8585e7f0b86877b07ef62c42bbe4
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
9eb1eff3f6af5c2264a2e8b28325ce22d81244addaa65f18a29f5eb2dfca1d3f
af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325
b6d3f75dcb2320ed386f2dcb0ef91e545558ded6c268cda18015869cb59658d9
b87fbc515e655d6990021f1d21f2c2ea72772876863eba7884b62df40a1b1160
c175ae95e6ba9e8ec74a391a53ca58e09874f15bebb921b2b56e7c5f82832809
c22308edbb8e579501cdd58de2ce245ea13f2d9efde21c79a0938e21094305a3
c36877c7c6835746a006977077eccf1812f9c0a4df1d8d9b969811972081f49d
ce20ed8a323117c8a718ff1ddc6dabb997373b575a8e896f2bf02b846c082c9d
d45c49d206a6348d2cb921091cc506bebc534b74834646b78614d553e61b813b
d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88
f3e837c8da58d6ba09b482db3b830672d13fec10fd88bc833838d755cbea8739
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d