darkestar.org
Open in
urlscan Pro
172.67.168.242
Malicious Activity!
Public Scan
Submission: On July 27 via api from JP — Scanned from JP
Summary
This is the only time darkestar.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 172.67.168.242 172.67.168.242 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 151.101.129.229 151.101.129.229 | 54113 (FASTLY) (FASTLY) | |
2 | 142.250.76.138 142.250.76.138 | 15169 (GOOGLE) (GOOGLE) | |
1 | 172.217.25.161 172.217.25.161 | 15169 (GOOGLE) (GOOGLE) | |
3 | 142.250.76.136 142.250.76.136 | 15169 (GOOGLE) (GOOGLE) | |
4 | 142.250.76.142 142.250.76.142 | 15169 (GOOGLE) (GOOGLE) | |
13 | 6 |
ASN15169 (GOOGLE, US)
PTR: kix07s06-in-f10.1e100.net
ajax.googleapis.com | |
fonts.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: kix06s19-in-f1.1e100.net
1.bp.blogspot.com |
ASN15169 (GOOGLE, US)
PTR: kix07s06-in-f8.1e100.net
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
PTR: kix07s06-in-f14.1e100.net
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 59 |
21 KB |
3 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 72 |
221 KB |
2 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 409 fonts.googleapis.com — Cisco Umbrella Rank: 76 |
32 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 361 |
49 KB |
1 |
blogspot.com
1.bp.blogspot.com — Cisco Umbrella Rank: 11189 |
152 KB |
1 |
darkestar.org
darkestar.org |
3 KB |
13 | 6 |
Domain | Requested by | |
---|---|---|
4 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
3 | www.googletagmanager.com |
darkestar.org
www.googletagmanager.com |
2 | cdn.jsdelivr.net |
darkestar.org
|
1 | fonts.googleapis.com |
client
|
1 | 1.bp.blogspot.com |
darkestar.org
|
1 | ajax.googleapis.com |
darkestar.org
|
1 | darkestar.org | |
13 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4 |
2022-12-23 - 2024-01-24 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
misc-sni.blogspot.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://darkestar.org/
Frame ID: C472E14F0F88746DE1C57A093574F816
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
Đăng nhậpDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
darkestar.org/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/ |
152 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
887906fc5a13ae4df702.jpg
1.bp.blogspot.com/-W90h_vIYs9w/YOEWPkKhZYI/AAAAAAAAAAM/96ojIoW5M341ggKZjs-elzJ0FhXHzQmhACNcBGAsYHQ/s16000/ |
152 KB 152 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/ |
77 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
229 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
11 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
178 KB 65 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/g/ |
0 169 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
215 KB 76 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
52 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/g/ |
0 54 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
1 B 91 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| GetURLParameter number| uidEvent object| bootstrap function| gtag object| dataLayer function| verifyPassword object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal string| GoogleAnalyticsObject function| ga object| gaplugins object| gaData6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
darkestar.org/ | Name: PHPSESSID Value: ehg84focs1i1h4rso888921lu2 |
|
.darkestar.org/ | Name: _ga_Z0LKZTYTRQ Value: GS1.1.1690435098.1.0.1690435098.0.0.0 |
|
.darkestar.org/ | Name: _ga_9XRGFTJSW7 Value: GS1.1.1690435099.1.0.1690435099.0.0.0 |
|
.darkestar.org/ | Name: _ga Value: GA1.2.2036925520.1690435099 |
|
.darkestar.org/ | Name: _gid Value: GA1.2.672482006.1690435099 |
|
.darkestar.org/ | Name: _gat_gtag_UA_213518874_1 Value: 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
1.bp.blogspot.com
ajax.googleapis.com
cdn.jsdelivr.net
darkestar.org
fonts.googleapis.com
www.google-analytics.com
www.googletagmanager.com
142.250.76.136
142.250.76.138
142.250.76.142
151.101.129.229
172.217.25.161
172.67.168.242
0b1dcceca3fb4d61bad4a50d946630b5dedb26a3dc0431f6439c2e71b103bd1d
3b1afb9e78d0834590df85fee79ac9e7e763dd4e3d894d49ecdb726fd7c75633
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b
7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe
88441c122223f6ee922d5454df5789c4ad37ea8f15ecc88b9537867eebcc008b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb7a2448843a5ed36f30ba018ed973a0dfbf5f922a1a4a3bd7b1e9575a4b1363
f65753cbf3a4df6426bb64fe158b2353f578fd0e3e6bebaa9bc1be47b7aa3f97
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f823de45f5b60be50b775b271b2a962fca71b36618879d25f94063d3b8444d92