falmec.pro
Open in
urlscan Pro
2a03:6f00:1::5c35:6071
Malicious Activity!
Public Scan
Submission: On September 08 via automatic, source openphish — Scanned from DE
Summary
This is the only time falmec.pro was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Discover (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 2a03:6f00:1::... 2a03:6f00:1::5c35:6071 | 9123 (TIMEWEB-AS) (TIMEWEB-AS) | |
8 | 104.102.51.95 104.102.51.95 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
13 | 3 |
ASN16625 (AKAMAI-AS, US)
PTR: a104-102-51-95.deploy.static.akamaitechnologies.com
portal.discover.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
discover.com
portal.discover.com — Cisco Umbrella Rank: 49889 |
241 KB |
3 |
falmec.pro
falmec.pro |
19 KB |
13 | 2 |
Domain | Requested by | |
---|---|---|
8 | portal.discover.com |
falmec.pro
portal.discover.com |
3 | falmec.pro |
falmec.pro
|
13 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.fdic.gov |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.discovercard.com DigiCert EV RSA CA G2 |
2023-03-15 - 2024-04-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=XXXXXXXXXXXXX
Frame ID: AEA0D755CDC86C1B08B06E646445EF1C
Requests: 13 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
sisclog.htm
falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/ |
33 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.min.css
portal.discover.com/global/public/css/ |
241 KB 38 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
at-top-v2-public.min.js
portal.discover.com/global/public/scripts/ |
142 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-logout.min.css
portal.discover.com/applications/login-logout/css/ |
63 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
discover-logo.png
portal.discover.com/global/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-spyglass.png
portal.discover.com/global/images/ |
443 B 925 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Site_marketing_LRG_at.jpg
portal.discover.com/applications/login-logout/images/ |
49 KB 50 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Site_marketing_SML_at.png
portal.discover.com/applications/login-logout/images/ |
32 KB 32 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sisclog.htm
falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/ |
33 KB 6 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sisclog.htm
falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/ |
33 KB 6 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utility-icons.png
portal.discover.com/global/images/ |
60 KB 61 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
MetaWebPro-Bold.woff
portal.discover.com/global/public/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
MetaWebPro-Normal.woff
portal.discover.com/global/public/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- portal.discover.com
- URL
- https://portal.discover.com/global/public/fonts/MetaWebPro-Bold.woff
- Domain
- portal.discover.com
- URL
- https://portal.discover.com/global/public/fonts/MetaWebPro-Normal.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Discover (Financial)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| targetPageParams object| discover object| adobe0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
falmec.pro
portal.discover.com
portal.discover.com
104.102.51.95
2a03:6f00:1::5c35:6071
0a1d0cc413f2522b27f1b4ec61179cc2c8d33eb76c510b544b82328099e0ab29
1b5f430ee27eea9c1c08083a2e9a0988c04c98980d77687aebb65d200a96ba98
2c368b494568114802e37bb3940d7f2763cb4a5e1424403460cb3710442d6125
7cf5c6cb2fe80643a79bc224ebac820a3fed07e1fab03673678aa51f56c05288
90ff61e1180bef924c563843bba2edc5f5e726c8f7495e896d99765aadb72d74
9407c28cd67bb26799629f4dd6c069ca85cda2c40d3c37145f916b155dafa137
b4604cb725cca6d62d93a64726f968c875eb4697417bbdb0ecac8f47abbf4548
c226679c9cd9ec45c8708010f14f201bd1761a649528858046cc2e8e5ebe3f46
e2f6f6704c01413b70fc18956eff4cb953c7fee3496f167261a913338f456320