active-tlon.arkgames.com Open in urlscan Pro
128.1.89.161 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://active-tlon.arkgames.com/
Effective URL:
https://active-tlon.arkgames.com/
Submission: On March 31 via api (March 31st 2024, 7:38:07 pm UTC) from US — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 16 HTTP transactions. The main IP is 128.1.89.161, located in United States and belongs to ZEN-ECN, US. The main domain is active-tlon.arkgames.com.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G1 on October 23rd 2023. Valid for: a year.

This is the only time active-tlon.arkgames.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
7	128.1.89.161 128.1.89.161	21859 (ZEN-ECN) (ZEN-ECN)
9	2a03:90c0:41:... 2a03:90c0:41:2801::62	199524 (GCORE) (GCORE)
16	3

7 128.1.89.161 (United States)

ASN21859 (ZEN-ECN, US)

active-tlon.arkgames.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a03:90c0:41:2801::62 (Frankfurt am Main, Germany)

ASN199524 (GCORE, LU)

static.koramgame.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	koramgame.com static.koramgame.com	425 KB
7	arkgames.com active-tlon.arkgames.com	58 KB
16	2

	Domain	Requested by
9	static.koramgame.com	active-tlon.arkgames.com
7	active-tlon.arkgames.com	active-tlon.arkgames.com
16	2

This site contains no links.

Subject Issuer	Validity	Valid
*.arkgames.com Encryption Everywhere DV TLS CA - G1	`2023-10-23` - `2024-10-23`	a year	crt.sh
www.mji.tw Go Daddy Secure Certificate Authority - G2	`2023-07-17` - `2024-08-17`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://active-tlon.arkgames.com/
Frame ID: 9620295148CC541D71472AB6D5936F88
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Top-up Center

Page URL History Show full URLs

http://active-tlon.arkgames.com/ HTTP 307
https://active-tlon.arkgames.com/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

482 kB
Transfer

507 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://active-tlon.arkgames.com/ HTTP 307
https://active-tlon.arkgames.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response active-tlon.arkgames.com/ Redirect Chain http://active-tlon.arkgames.com/ https://active-tlon.arkgames.com/	24 KB 5 KB	814ms 122ms	Document text/html	128.1.89.161 ZEN-ECN
General Check archive.org Show headers Download Go to Full URL https://active-tlon.arkgames.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 128.1.89.161 , United States, ASN21859 (ZEN-ECN, US), Reverse DNS Software nginx/1.12.1 / Resource Hash `6a0c3e92f2ea661faf8a8cfa5f27206d95556e882a4c902ccde29d940d591c8c` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Sun, 31 Mar 2024 19:38:02 GMT Server nginx/1.12.1 Transfer-Encoding chunked Vary Accept-Encoding Redirect headers Location https://active-tlon.arkgames.com/ Non-Authoritative-Reason HttpsUpgrades
GET H/1.1	200 OK	jump.js Show response active-tlon.arkgames.com/js/	625 B 960 B	119ms 119ms	Script application/javascript	128.1.89.161 ZEN-ECN
General Check archive.org Show headers Download Go to Full URL https://active-tlon.arkgames.com/js/jump.js Requested by Host: active-tlon.arkgames.com URL: https://active-tlon.arkgames.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 128.1.89.161 , United States, ASN21859 (ZEN-ECN, US), Reverse DNS Software nginx/1.12.1 / Resource Hash `45e5d741e2314a5a07f30452f0bee4ead7bb47bbe1b5b860518dfa61818a6f46` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://active-tlon.arkgames.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 31 Mar 2024 19:38:02 GMT Last-Modified Sat, 27 Aug 2022 08:36:06 GMT Server nginx/1.12.1 ETag "6309d776-271" Content-Type application/javascript; charset=utf-8 Cache-Control max-age=3600 Connection keep-alive Accept-Ranges bytes Content-Length 625 Expires Sun, 31 Mar 2024 20:38:02 GMT
GET H/1.1	200 OK	main.css active-tlon.arkgames.com/css/	11 KB 3 KB	239ms 119ms	Stylesheet text/css	128.1.89.161 ZEN-ECN
General Check archive.org Show headers Download Go to Full URL https://active-tlon.arkgames.com/css/main.css?r=20220816 Requested by Host: active-tlon.arkgames.com URL: https://active-tlon.arkgames.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 128.1.89.161 , United States, ASN21859 (ZEN-ECN, US), Reverse DNS Software nginx/1.12.1 / Resource Hash `920f5186d01cc18ed63847ba70ab99e937f348ce7473ca13e51c70dc603e013a` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://active-tlon.arkgames.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 31 Mar 2024 19:38:02 GMT Content-Encoding gzip Last-Modified Tue, 16 Aug 2022 09:56:02 GMT Server nginx/1.12.1 ETag W/"62fb69b2-2ac5" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Cache-Control max-age=3600 Connection keep-alive Expires Sun, 31 Mar 2024 20:38:02 GMT
GET H2	200	icon_other.jpg static.koramgame.com/web/tkactive/images/	2 KB 3 KB	200ms 41ms	Image image/jpeg	2a03:90c0:41:2801::62 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.koramgame.com/web/tkactive/images/icon_other.jpg Requested by Host: active-tlon.arkgames.com URL: https://active-tlon.arkgames.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash `a5b199f1269564767c377a6134fb9d85354e0e60ad71671a8cb56493428d0ee1` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://active-tlon.arkgames.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-id fr5-hw-edge-gc62 date Sun, 31 Mar 2024 19:38:01 GMT last-modified Fri, 14 May 2021 05:23:20 GMT server nginx traceparent 00-57cf462254dded36af009136da7f6525-fc68bab09662efe5-01 etag "609e0948-97c" x-cached-since 2024-03-29T09:16:05+00:00 content-type image/jpeg cache-control public, max-age=86400 cache HIT x-id-fe fr5-hw-edge-gc62 accept-ranges bytes content-length 2428
GET H/1.1	200 OK	paypal-mark-color.svg active-tlon.arkgames.com/images/	1 KB 1 KB	356ms 119ms	Image image/svg+xml	128.1.89.161 ZEN-ECN
General Check archive.org Show headers Download Go to Show image Full URL https://active-tlon.arkgames.com/images/paypal-mark-color.svg Requested by Host: active-tlon.arkgames.com URL: https://active-tlon.arkgames.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 128.1.89.161 , United States, ASN21859 (ZEN-ECN, US), Reverse DNS Software nginx/1.12.1 / Resource Hash `f9035e34f5734e89ddb03b601b1c0fd58323a93f176c5c7e220d7aa7a2062ed5` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://active-tlon.arkgames.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 31 Mar 2024 19:38:02 GMT Last-Modified Sun, 29 Jan 2023 06:26:25 GMT Server nginx/1.12.1 ETag "63d61191-436" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 1078
GET H/1.1	200 OK	airwallex.png active-tlon.arkgames.com/images/	10 KB 11 KB	121ms 121ms	Image image/png	128.1.89.161 ZEN-ECN
General Check archive.org Show headers Download Go to Show image Full URL https://active-tlon.arkgames.com/images/airwallex.png Requested by Host: active-tlon.arkgames.com URL: https://active-tlon.arkgames.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 128.1.89.161 , United States, ASN21859 (ZEN-ECN, US), Reverse DNS Software nginx/1.12.1 / Resource Hash `8b5a24386f20a4cb74c813e4363c216456870a82d0d94ae4129220f0352b9827` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://active-tlon.arkgames.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 31 Mar 2024 19:38:02 GMT Last-Modified Wed, 23 Aug 2023 06:18:28 GMT Server nginx/1.12.1 ETag "64e5a4b4-28e5" Content-Type image/png Cache-Control max-age=2592000 Connection keep-alive Accept-Ranges bytes Content-Length 10469 Expires Tue, 30 Apr 2024 19:38:02 GMT
GET H/1.1	200 OK	pix.png active-tlon.arkgames.com/images/	16 KB 17 KB	355ms 239ms	Image image/png	128.1.89.161 ZEN-ECN
General Check archive.org Show headers Download Go to Show image Full URL https://active-tlon.arkgames.com/images/pix.png Requested by Host: active-tlon.arkgames.com URL: https://active-tlon.arkgames.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 128.1.89.161 , United States, ASN21859 (ZEN-ECN, US), Reverse DNS Software nginx/1.12.1 / Resource Hash `16e98d29771daeb1fdbb6db96767508a88262d08239e015126729087e6a409f3` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://active-tlon.arkgames.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 31 Mar 2024 19:38:02 GMT Last-Modified Wed, 03 Jan 2024 03:28:26 GMT Server nginx/1.12.1 ETag "6594d45a-4123" Content-Type image/png Cache-Control max-age=2592000 Connection keep-alive Accept-Ranges bytes Content-Length 16675 Expires Tue, 30 Apr 2024 19:38:02 GMT
GET H2	200	footer_logo.png static.koramgame.com/web/tkactive/images/	6 KB 6 KB	84ms 83ms	Image image/png	2a03:90c0:41:2801::62 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.koramgame.com/web/tkactive/images/footer_logo.png Requested by Host: active-tlon.arkgames.com URL: https://active-tlon.arkgames.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash `d8f3224e40caa92f9f40a610312589cca3476acdd4610c361b1411115a38a45f` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://active-tlon.arkgames.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-id fr5-hw-edge-gc62 date Sun, 31 Mar 2024 19:38:02 GMT last-modified Thu, 01 Jul 2021 06:37:54 GMT server nginx traceparent 00-b6318afc0747ed734e321ed50a5fb223-f1f464db5f7bcced-01 etag "60dd62c2-169d" x-cached-since 2024-03-29T09:16:05+00:00 content-type image/png cache-control public, max-age=86400 cache HIT x-id-fe fr5-hw-edge-gc62 accept-ranges bytes content-length 5789
GET H2	200	footer_tip.jpg static.koramgame.com/web/tkactive/images/	5 KB 5 KB	84ms 84ms	Image image/jpeg	2a03:90c0:41:2801::62 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.koramgame.com/web/tkactive/images/footer_tip.jpg Requested by Host: active-tlon.arkgames.com URL: https://active-tlon.arkgames.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash `85ddac5c23ee4aa7ea935bfda07adbdd041df312531577d410bf3d51f314648b` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://active-tlon.arkgames.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-id fr5-hw-edge-gc62 date Sun, 31 Mar 2024 19:38:02 GMT last-modified Thu, 01 Jul 2021 06:45:40 GMT server nginx traceparent 00-8e3a7f8803abd18e58e879420f0c732f-4c7503a92d7a5427-01 etag "60dd6494-14ad" x-cached-since 2024-03-29T09:16:05+00:00 content-type image/jpeg cache-control public, max-age=86400 cache HIT x-id-fe fr5-hw-edge-gc62 accept-ranges bytes content-length 5293
GET H2	200	jquery.js Show response static.koramgame.com/web/tkactive/js/	140 KB 140 KB	44ms 44ms	Script application/javascript	2a03:90c0:41:2801::62 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.koramgame.com/web/tkactive/js/jquery.js Requested by Host: active-tlon.arkgames.com URL: https://active-tlon.arkgames.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash `3989f1390043183f6c459cc2f4ea8bdd5219c556745afc36a625340acf9bb947` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://active-tlon.arkgames.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-id fr5-hw-edge-gc62 date Sun, 31 Mar 2024 19:38:01 GMT last-modified Thu, 29 Apr 2021 09:03:04 GMT server nginx traceparent 00-1f50ee68ceb31a1145007aa15a5565b0-804a429f08f43631-01 etag "608a7648-22f49" x-cached-since 2024-03-22T17:58:34+00:00 content-type application/javascript; charset=utf-8 cache-control public, max-age=86400 cache HIT x-id-fe fr5-hw-edge-gc62 accept-ranges bytes content-length 143177
GET H/1.1	200 OK	common.js Show response active-tlon.arkgames.com/js/	20 KB 20 KB	240ms 240ms	Script application/javascript	128.1.89.161 ZEN-ECN
General Check archive.org Show headers Download Go to Full URL https://active-tlon.arkgames.com/js/common.js?v=8 Requested by Host: active-tlon.arkgames.com URL: https://active-tlon.arkgames.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 128.1.89.161 , United States, ASN21859 (ZEN-ECN, US), Reverse DNS Software nginx/1.12.1 / Resource Hash `a6bb096662a7f4c061cd5c0cf484cc23ba4fb702db5e09da36a9af69ad47ee12` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://active-tlon.arkgames.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 31 Mar 2024 19:38:02 GMT Last-Modified Tue, 08 Nov 2022 11:31:34 GMT Server nginx/1.12.1 ETag "636a3e16-5027" Content-Type application/javascript; charset=utf-8 Cache-Control max-age=3600 Connection keep-alive Accept-Ranges bytes Content-Length 20519 Expires Sun, 31 Mar 2024 20:38:02 GMT
GET DATA	200 OK	truncated /	763 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `fe012c56d42de031d805f8e4f6f83e51d0473480addfb0c7463a06687cc0ab88` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	pay_top.jpg static.koramgame.com/web/tkactive/images/	242 KB 243 KB	88ms 88ms	Image image/jpeg	2a03:90c0:41:2801::62 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.koramgame.com/web/tkactive/images/pay_top.jpg Requested by Host: active-tlon.arkgames.com URL: https://active-tlon.arkgames.com/css/main.css?r=20220816 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash `7f906d2ecbe8bbd9d4daa9e638668c5ec391e43dd60d80e685c65763b5563a77` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://active-tlon.arkgames.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-id fr5-hw-edge-gc62 date Sun, 31 Mar 2024 19:38:02 GMT last-modified Fri, 14 May 2021 05:03:24 GMT server nginx traceparent 00-c591a1b84c9cfdd754be87ed715b2786-4be4caf500305eb1-01 etag "609e049c-3c977" x-cached-since 2024-03-29T09:16:05+00:00 content-type image/jpeg cache-control public, max-age=86400 cache HIT x-id-fe fr5-hw-edge-gc62 accept-ranges bytes content-length 248183
GET H2	200	pay_bg_m.png static.koramgame.com/web/tkactive/images/	1 KB 1 KB	103ms 103ms	Image image/png	2a03:90c0:41:2801::62 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.koramgame.com/web/tkactive/images/pay_bg_m.png Requested by Host: active-tlon.arkgames.com URL: https://active-tlon.arkgames.com/css/main.css?r=20220816 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash `b40a0c10b1c84952d79e713dfbc76b80cacfc080188eddb839192332454868d5` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://active-tlon.arkgames.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-id fr5-hw-edge-gc62 date Sun, 31 Mar 2024 19:38:02 GMT last-modified Fri, 14 May 2021 07:16:50 GMT server nginx traceparent 00-95dc160d65bc33722131ef94a7e00baf-225822cecfdac3b8-01 etag "609e23e2-43a" x-cached-since 2024-03-29T09:16:05+00:00 content-type image/png cache-control public, max-age=86400 cache HIT x-id-fe fr5-hw-edge-gc62 accept-ranges bytes content-length 1082
GET H2	200	pay_bg_t.png static.koramgame.com/web/tkactive/images/	7 KB 7 KB	103ms 103ms	Image image/png	2a03:90c0:41:2801::62 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.koramgame.com/web/tkactive/images/pay_bg_t.png Requested by Host: active-tlon.arkgames.com URL: https://active-tlon.arkgames.com/css/main.css?r=20220816 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash `640bd0926618655ad4780f273fd84967d613f9c513c9cb6f680fbb9997fcc258` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://active-tlon.arkgames.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-id fr5-hw-edge-gc62 date Sun, 31 Mar 2024 19:38:02 GMT last-modified Fri, 14 May 2021 07:16:44 GMT server nginx traceparent 00-ba06ef78359204df0ebb70d8efa44cb6-f1c28c40d537f3bd-01 etag "609e23dc-1bc0" x-cached-since 2024-03-29T09:16:05+00:00 content-type image/png cache-control public, max-age=86400 cache HIT x-id-fe fr5-hw-edge-gc62 accept-ranges bytes content-length 7104
GET H2	200	pay_bg_b.png static.koramgame.com/web/tkactive/images/	7 KB 7 KB	85ms 84ms	Image image/png	2a03:90c0:41:2801::62 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.koramgame.com/web/tkactive/images/pay_bg_b.png Requested by Host: active-tlon.arkgames.com URL: https://active-tlon.arkgames.com/css/main.css?r=20220816 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash `cb67110a5ff06803eb1b22de8793d7668b2ef7564af26cfd17ccad25c84bee5a` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://active-tlon.arkgames.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-id fr5-hw-edge-gc62 date Sun, 31 Mar 2024 19:38:02 GMT last-modified Fri, 14 May 2021 07:16:54 GMT server nginx traceparent 00-8aa17c116e13f602abd6b008175657e5-c9a856910c415627-01 etag "609e23e6-1b8b" x-cached-since 2024-03-29T09:16:05+00:00 content-type image/png cache-control public, max-age=86400 cache HIT x-id-fe fr5-hw-edge-gc62 accept-ranges bytes content-length 7051
GET H2	200	icon.png static.koramgame.com/web/tkactive/images/	13 KB 13 KB	40ms 40ms	Other image/png	2a03:90c0:41:2801::62 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.koramgame.com/web/tkactive/images/icon.png Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash `5fdb24777cdb4c2d5d7a12f3aab9314a566cba7ab69b07549509283d332809db` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://active-tlon.arkgames.com/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-id fr5-hw-edge-gc62 date Sun, 31 Mar 2024 19:38:02 GMT last-modified Thu, 08 Jul 2021 08:58:36 GMT server nginx traceparent 00-fc08cd3d0f9db0f5a6d22e82ef6d085c-247ea6b2c216f0bc-01 etag "60e6be3c-323b" x-cached-since 2024-03-30T05:36:52+00:00 content-type image/png cache-control public, max-age=86400 cache HIT x-id-fe fr5-hw-edge-gc62 accept-ranges bytes content-length 12859

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

active-tlon.arkgames.com
static.koramgame.com
128.1.89.161
2a03:90c0:41:2801::62
16e98d29771daeb1fdbb6db96767508a88262d08239e015126729087e6a409f3
3989f1390043183f6c459cc2f4ea8bdd5219c556745afc36a625340acf9bb947
45e5d741e2314a5a07f30452f0bee4ead7bb47bbe1b5b860518dfa61818a6f46
5fdb24777cdb4c2d5d7a12f3aab9314a566cba7ab69b07549509283d332809db
640bd0926618655ad4780f273fd84967d613f9c513c9cb6f680fbb9997fcc258
6a0c3e92f2ea661faf8a8cfa5f27206d95556e882a4c902ccde29d940d591c8c
7f906d2ecbe8bbd9d4daa9e638668c5ec391e43dd60d80e685c65763b5563a77
85ddac5c23ee4aa7ea935bfda07adbdd041df312531577d410bf3d51f314648b
8b5a24386f20a4cb74c813e4363c216456870a82d0d94ae4129220f0352b9827
920f5186d01cc18ed63847ba70ab99e937f348ce7473ca13e51c70dc603e013a
a5b199f1269564767c377a6134fb9d85354e0e60ad71671a8cb56493428d0ee1
a6bb096662a7f4c061cd5c0cf484cc23ba4fb702db5e09da36a9af69ad47ee12
b40a0c10b1c84952d79e713dfbc76b80cacfc080188eddb839192332454868d5
cb67110a5ff06803eb1b22de8793d7668b2ef7564af26cfd17ccad25c84bee5a
d8f3224e40caa92f9f40a610312589cca3476acdd4610c361b1411115a38a45f
f9035e34f5734e89ddb03b601b1c0fd58323a93f176c5c7e220d7aa7a2062ed5
fe012c56d42de031d805f8e4f6f83e51d0473480addfb0c7463a06687cc0ab88

active-tlon.arkgames.com Open in urlscan Pro 128.1.89.161 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

482 kBTransfer

507 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

0 Cookies

Indicators

active-tlon.arkgames.com Open in urlscan Pro
128.1.89.161 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

482 kB
Transfer

507 kB
Size

0
Cookies

16 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!