urlscan.io logo urlscan.io
SecurityTrails logo

moonlit-pastelito-925de3.netlify.app Open in urlscan Pro
2a03:b0c0:3:d0::d22:8001  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://moonlit-pastelito-925de3.netlify.app/
Effective URL: https://moonlit-pastelito-925de3.netlify.app/
Submission: On May 27 via manual from PL — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 2a03:b0c0:3:d0::d22:8001, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is moonlit-pastelito-925de3.netlify.app.
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on February 15th 2022. Valid for: a year.
This is the only time moonlit-pastelito-925de3.netlify.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
3 2a03:b0c0:3:d... 14061 (DIGITALOC...)
1 198.54.115.249 22612 (NAMECHEAP...)
4 3
Apex Domain
Subdomains		 Transfer
3 netlify.app
moonlit-pastelito-925de3.netlify.app
8 KB
1 bobbim.xyz
bobbim.xyz
55 KB
4 2
Domain Requested by
3 moonlit-pastelito-925de3.netlify.app moonlit-pastelito-925de3.netlify.app
1 bobbim.xyz moonlit-pastelito-925de3.netlify.app
4 2

This site contains no links.

Subject Issuer Validity Valid
*.netlify.app
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-02-15 -
2023-03-02		 a year crt.sh
bobbim.xyz
Sectigo RSA Domain Validation Secure Server CA		 2022-05-16 -
2023-05-16		 a year crt.sh

This page contains 1 frames:

Primary Page: https://moonlit-pastelito-925de3.netlify.app/
Frame ID: 6CB59703A627ACB951BDA5A5BAD4CDA1
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Webmail Portal Login

Page URL History Show full URLs

  1. http://moonlit-pastelito-925de3.netlify.app/ HTTP 307
    https://moonlit-pastelito-925de3.netlify.app/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • ^https?://[^/]+\.netlify\.(?:com|app)/
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

4
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

63 kB
Transfer

70 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://moonlit-pastelito-925de3.netlify.app/ HTTP 307
    https://moonlit-pastelito-925de3.netlify.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
moonlit-pastelito-925de3.netlify.app/
Redirect Chain
  • http://moonlit-pastelito-925de3.netlify.app/
  • https://moonlit-pastelito-925de3.netlify.app/
11 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://moonlit-pastelito-925de3.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:b0c0:3:d0::d22:8001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
30a9e5dec02c11a9ae8ba923a7c5ed2d5e5813cb6fff9370a07cb7b745156af9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
6674
cache-control
public, max-age=0, must-revalidate
content-encoding
gzip
content-length
4586
content-type
text/html; charset=UTF-8
date
Thu, 26 May 2022 22:10:03 GMT
etag
"7e9b7d3bc5554a16b95673b57ab25bde-ssl-df"
server
Netlify
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-nf-request-id
01G41D2FAYPXEG1ABACPFYEKMK

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://moonlit-pastelito-925de3.netlify.app/
Non-Authoritative-Reason
HSTS
jquery-1.11.1.min.js.download
moonlit-pastelito-925de3.netlify.app/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://moonlit-pastelito-925de3.netlify.app/js/jquery-1.11.1.min.js.download
Requested by
Host: moonlit-pastelito-925de3.netlify.app
URL: https://moonlit-pastelito-925de3.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:b0c0:3:d0::d22:8001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://moonlit-pastelito-925de3.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-nf-request-id
01G41D2FC0ZCE3Z07089F6SFHD
date
Thu, 26 May 2022 19:41:42 GMT
content-encoding
br
server
Netlify
age
15574
etag
1653484256-ssl-df
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
public, max-age=0, must-revalidate
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1248
norton.png
bobbim.xyz/ 		55 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bobbim.xyz/norton.png
Requested by
Host: moonlit-pastelito-925de3.netlify.app
URL: https://moonlit-pastelito-925de3.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.54.115.249 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server66-3.web-hosting.com
Software
LiteSpeed /
Resource Hash
42171d76548498998da88f032aba50a028b9481fd7004a9a3b5d3b8d98fe48a2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://moonlit-pastelito-925de3.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 00:01:16 GMT
last-modified
Mon, 16 May 2022 10:33:20 GMT
server
LiteSpeed
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
56109
expires
Fri, 03 Jun 2022 00:01:16 GMT
26-269507_arbys-logo-transparent-norton-secured-logo-png-png.png
moonlit-pastelito-925de3.netlify.app/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://moonlit-pastelito-925de3.netlify.app/images/26-269507_arbys-logo-transparent-norton-secured-logo-png-png.png
Requested by
Host: moonlit-pastelito-925de3.netlify.app
URL: https://moonlit-pastelito-925de3.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:b0c0:3:d0::d22:8001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
4c77c42dfbe7a820bd5e5e19a9fe314967bb74aa00c6477241e313dd58256ed5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://moonlit-pastelito-925de3.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-nf-request-id
01G41D2FD0M845SZ4H2WTZZBRP
date
Fri, 27 May 2022 00:01:16 GMT
content-encoding
br
server
Netlify
age
0
etag
1653484256-ssl-df
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
public, max-age=0, must-revalidate
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1248
truncated
/ 		558 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
578254b8c8e53db6ffe80754d29a9db454d8818885ac826b11e9b95389618b5b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		520 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2172033cc841f94e32ca4412cd380e43d873a9e74e54aee03f0d26ed72d20be5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| _0x29a3 function| _0x40b2 function| _0x2e20a0 string| hash number| n function| goNow

0 Cookies

2 Console Messages

Source Level URL
Text
network error URL: https://moonlit-pastelito-925de3.netlify.app/js/jquery-1.11.1.min.js.download
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://moonlit-pastelito-925de3.netlify.app/images/26-269507_arbys-logo-transparent-norton-secured-logo-png-png.png
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload