lalusantai.com
Open in
urlscan Pro
162.241.149.21
Malicious Activity!
Public Scan
Effective URL: https://lalusantai.com/dcc/?08909598527009&email=
Submission: On August 06 via manual from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on August 6th 2020. Valid for: 3 months.
This is the only time lalusantai.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 188.93.234.31 188.93.234.31 | 47674 (NETSOLUTIONS) (NETSOLUTIONS) | |
6 | 162.241.149.21 162.241.149.21 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 2a00:1450:400... 2a00:1450:4001:81d::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:818::2003 | 15169 (GOOGLE) (GOOGLE) | |
8 | 3 |
ASN47674 (NETSOLUTIONS, NL)
PTR: cp01.redelx.com
www.sgdexmedia.com.joelvaz.com |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-149-21.unifiedlayer.com
lalusantai.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
lalusantai.com
lalusantai.com |
322 KB |
1 |
gstatic.com
www.gstatic.com |
130 KB |
1 |
google.com
www.google.com |
541 B |
1 |
joelvaz.com
1 redirects
www.sgdexmedia.com.joelvaz.com |
333 B |
8 | 4 |
Domain | Requested by | |
---|---|---|
6 | lalusantai.com |
lalusantai.com
|
1 | www.gstatic.com |
www.google.com
|
1 | www.google.com |
lalusantai.com
|
1 | www.sgdexmedia.com.joelvaz.com | 1 redirects |
8 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
mail.lalusantai.com Let's Encrypt Authority X3 |
2020-08-06 - 2020-11-04 |
3 months | crt.sh |
www.google.com GTS CA 1O1 |
2020-07-07 - 2020-09-29 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-07-07 - 2020-09-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://lalusantai.com/dcc/?08909598527009&email=
Frame ID: 68AA6CDAB06F916B60CDE56FBB6FD202
Requests: 8 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://www.sgdexmedia.com.joelvaz.com/
HTTP 302
https://lalusantai.com/dcc/?08909598527009&email= Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.sgdexmedia.com.joelvaz.com/
HTTP 302
https://lalusantai.com/dcc/?08909598527009&email= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
lalusantai.com/dcc/ Redirect Chain
|
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
82949378a4c147f1a7def89958991ba9.css
lalusantai.com/dcc/A5CB1AABD5AD749D62CD43EF20367FC1/assets/css/ |
10 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.google.com/recaptcha/ |
674 B 541 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f19f615ecbaf7b7b040eb8ab54538e9d.js
lalusantai.com/dcc/D8705F4C73CCE91E1507EFADDE95BE68/assets/js/ |
161 KB 49 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/IU7gZ7o6RDdDE6U4Y1YJJWnN/ |
332 KB 130 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_84108461.jpg
lalusantai.com/dcc/A5CB1AABD5AD749D62CD43EF20367FC1/assets/img/ |
266 KB 266 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
l_84108461.png
lalusantai.com/dcc/A5CB1AABD5AD749D62CD43EF20367FC1/assets/img/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d2_84108461.png
lalusantai.com/dcc/A5CB1AABD5AD749D62CD43EF20367FC1/assets/img/ |
292 B 728 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client object| recaptcha1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
lalusantai.com/ | Name: session Value: 3831112fcb9490acb38d0593873bbecaef835d51 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
lalusantai.com
www.google.com
www.gstatic.com
www.sgdexmedia.com.joelvaz.com
162.241.149.21
188.93.234.31
2a00:1450:4001:818::2003
2a00:1450:4001:81d::2004
30d2482949a5df2f049b1887d3e83c22369c954e7477a81a0de2e6d66267df5d
3bed5b6ea88c478fc3822b659bc11f293e59ddc73ec9ce0a2e688d0459c11b27
7b218bd1617ad42147aee30e2bfb5d82e49fa12b559fb72f8a4f44f6e85ff3eb
a4187e5929abc818c9a630ac0d95652ac8b40941dee5312765766130c65ab898
b49b397871dff384aab300554a8f1745d86e020edd55dea9f1ad58209a1b7563
c0af41da9f52376496beeba05110b06c5ffa60d64a9f28e305177f0cd4550d7a
f78d95453b94a5b2613cd582278ddd0a504960913a0c038535a23b167bdd164b
ffe7dd37ec4ec2906d17d4b0f5565975305ecefc515f2aeecc5508be6989df9e