agjka2323-kitsusea.16-b.it
Open in
urlscan Pro
65.52.121.135
Malicious Activity!
Public Scan
Submission: On September 18 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R3 on September 12th 2021. Valid for: 3 months.
This is the only time agjka2323-kitsusea.16-b.it was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WhatsApp (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 5 | 65.52.121.135 65.52.121.135 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
5 | 104.16.19.94 104.16.19.94 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 142.250.186.170 142.250.186.170 | 15169 (GOOGLE) (GOOGLE) | |
2 | 104.75.88.209 104.75.88.209 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
9 | 152.228.223.13 152.228.223.13 | 16276 (OVH) (OVH) | |
4 | 104.21.234.231 104.21.234.231 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 69.16.175.10 69.16.175.10 | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 | 185.199.109.133 185.199.109.133 | 54113 (FASTLY) (FASTLY) | |
2 | 142.250.186.131 142.250.186.131 | 15169 (GOOGLE) (GOOGLE) | |
29 | 9 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
agjka2323-kitsusea.16-b.it |
ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f10.1e100.net
fonts.googleapis.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-209.deploy.static.akamaitechnologies.com
i.pinimg.com |
ASN54113 (FASTLY, US)
PTR: cdn-185-199-109-133.github.com
cloud.githubusercontent.com |
ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
ibb.co
i.ibb.co |
11 KB |
5 |
cloudflare.com
cdnjs.cloudflare.com |
93 KB |
5 |
16-b.it
2 redirects
agjka2323-kitsusea.16-b.it |
19 KB |
4 |
githack.com
rawcdn.githack.com |
192 KB |
2 |
gstatic.com
fonts.gstatic.com |
32 KB |
2 |
pinimg.com
i.pinimg.com |
161 KB |
2 |
googleapis.com
fonts.googleapis.com |
2 KB |
1 |
githubusercontent.com
cloud.githubusercontent.com |
220 KB |
1 |
jquery.com
code.jquery.com |
30 KB |
29 | 9 |
Domain | Requested by | |
---|---|---|
9 | i.ibb.co |
agjka2323-kitsusea.16-b.it
|
5 | cdnjs.cloudflare.com |
agjka2323-kitsusea.16-b.it
cdnjs.cloudflare.com |
5 | agjka2323-kitsusea.16-b.it |
2 redirects
agjka2323-kitsusea.16-b.it
|
4 | rawcdn.githack.com |
agjka2323-kitsusea.16-b.it
|
2 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | i.pinimg.com |
agjka2323-kitsusea.16-b.it
|
2 | fonts.googleapis.com |
agjka2323-kitsusea.16-b.it
|
1 | cloud.githubusercontent.com |
agjka2323-kitsusea.16-b.it
|
1 | code.jquery.com |
agjka2323-kitsusea.16-b.it
|
29 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
agjka2323-kitsusea.16-b.it R3 |
2021-09-12 - 2021-12-11 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-21 - 2021-10-20 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-08-30 - 2021-11-22 |
3 months | crt.sh |
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-07-26 - 2022-08-05 |
a year | crt.sh |
ibb.co R3 |
2021-08-06 - 2021-11-04 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
www.github.com DigiCert SHA2 High Assurance Server CA |
2020-05-06 - 2022-04-14 |
2 years | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-08-30 - 2021-11-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://agjka2323-kitsusea.16-b.it/invite.php
Frame ID: C76353B71B2915274EBEF4AEA3D55FC0
Requests: 29 HTTP requests in this frame
Screenshot
Page Title
Undangan Grup WhatsAppPage URL History Show full URLs
-
https://agjka2323-kitsusea.16-b.it/invite.php
HTTP 302
https://agjka2323-kitsusea.16-b.it/index.php Page URL
- https://agjka2323-kitsusea.16-b.it/invite.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Moment.js (JavaScript Libraries) Expand
Detected patterns
- moment(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
- /([\d.]+)/jquery(?:\.min)?\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://agjka2323-kitsusea.16-b.it/invite.php
HTTP 302
https://agjka2323-kitsusea.16-b.it/index.php Page URL
- https://agjka2323-kitsusea.16-b.it/invite.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://agjka2323-kitsusea.16-b.it/invite.php HTTP 302
- https://agjka2323-kitsusea.16-b.it/index.php
- https://agjka2323-kitsusea.16-b.it/invite.php HTTP 302
- https://agjka2323-kitsusea.16-b.it/index.php
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
index.php
agjka2323-kitsusea.16-b.it/ Redirect Chain
|
2 KB 609 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3-Q050 |
Primary Request
invite.php
agjka2323-kitsusea.16-b.it/ |
81 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
30 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
6 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
material-design-iconic-font.min.css
cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.1.2/css/ |
67 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
1 KB 519 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dfeb51e22c076b269470dea421c58bcd.jpg
i.pinimg.com/750x/df/eb/51/ |
80 KB 80 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
20210127-024850.png
i.ibb.co/R3CdPDw/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Screenshot-408.png
i.ibb.co/qx6q9GT/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Screenshot-405.png
i.ibb.co/CwDsXX3/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Screenshot-409.png
i.ibb.co/qJBTccY/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Screenshot-407.png
i.ibb.co/Rgw81cF/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Screenshot-406.png
i.ibb.co/8zsJZ1L/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Screenshot-410.png
i.ibb.co/MNpDDYZ/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0-pt-DX0-Hf-JCYpo9-Pcs.gif
i.ibb.co/XYqVZyc/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
facebook-text.png
i.ibb.co/gW6VhCg/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
580b57fcd9996e24bc43c543.png
rawcdn.githack.com/AlexHostX/all.asset/c529c239acac01cd8bc1a76f349f7c3caebba766/ |
149 KB 150 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
moment.min.js
cdnjs.cloudflare.com/ajax/libs/moment.js/2.13.0/ |
46 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/ |
85 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
input-exception.js
rawcdn.githack.com/AlexHostX/protect/aaa1462a19b8d8b6cbd68101a5ac89f4955b49de/ |
9 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
watermark.css
rawcdn.githack.com/AlexHostX/protect/a64076479559076b6e31356a0fb6188d291204ce/ |
105 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4e765036-1639-11e6-9201-67e728e86f39.jpg
cloud.githubusercontent.com/assets/398893/15136779/ |
220 KB 220 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Material-Design-Iconic-Font.woff2
cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.1.2/fonts/ |
38 KB 39 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
index.php
agjka2323-kitsusea.16-b.it/ Redirect Chain
|
2 KB 2 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dfeb51e22c076b269470dea421c58bcd.jpg
i.pinimg.com/750x/df/eb/51/ |
80 KB 80 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
AlexHostWA.ttf
rawcdn.githack.com/AlexHostX/all.asset/38984972fb20a70d711e86ac3e6f19e60ea8adc3/ |
39 KB 40 KB |
Font
application/x-font-ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WhatsApp (Instant Messenger)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster object| memes object| random function| myFunction object| HUB_EVENTS object| CP function| moment object| messageTime object| form object| conversation function| newMessage function| buildMessage function| animateMessage function| $ function| jQuery function| AlexHosting object| desc object| more object| _0x768a1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.githack.com/ | Name: __cf_bm Value: fec43e7a557596b0190bbaa803a6b9a05ab3c186-1631970868-0-Aeg6y/+tu0pXjsiz5kFlK89FFGdLcZVv4jRg2XdFVtT53WwVX3Oe1ACrHthb995eyzwRJGM26IHGZ89TreQtS44= |
9 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
agjka2323-kitsusea.16-b.it
cdnjs.cloudflare.com
cloud.githubusercontent.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
i.ibb.co
i.pinimg.com
rawcdn.githack.com
104.16.19.94
104.21.234.231
104.75.88.209
142.250.186.131
142.250.186.170
152.228.223.13
185.199.109.133
65.52.121.135
69.16.175.10
03845ae6fc5097c5f107ffc206c3fe329a962d045b23151188b6dab3ef4fbcc5
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
33c678d15e22f448d9ab8064dea7a88cb537d35a9204d9861d188a88799bce83
383267c9f5ee8f68d2aa68642d500e0f471463d4781205ba8f22fa01af34f5e0
39cda5e7a819fe468455d1daf68a545fbe8eb07d1d9c3f0dc95c0e5b8f7c2341
435daf8bcdfc48055767f023bbdb91fb312d6555e9f4e6b5a15712ea3beed530
454aca938f1d697b34fa6f099a90d06baa7ce4ce398c9e0b46d76a2670a99f46
4e411c99fe4a486db34e801a53392ae86f8659eccc438944b5a062c9aaba25be
6daf416f915e77243b8b68baada9eae0fff34cffb447300f114757c9b488a704
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7d8c329264275748c586498a45884c20faa1f726a5fc694c6303c72258c3f5a6
96df2f4735650bfe911e983781783284646ff7cc8109e0dfeb6de8056f1a7654
a7c76505efe4da19696e3365b1a211614d3a0d80abea92539d316ea2df2ccea3
b18fbbc30fe4a27a2e1955a3bea178e5a65798d8edd01fdeadaf70c7ee359f2b
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d15c880b55b3ed610b5af0bddb63b50e386da5d32658e069dac8d8c512f801e8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549