shark.okgomo.club Open in urlscan Pro
185.199.111.153 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://meb05.github.io/shark
Effective URL:
https://shark.okgomo.club/
Submission: On July 07 via api (July 7th 2021, 10:06:34 am UTC) from US

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 13 HTTP transactions. The main IP is 185.199.111.153, located in United States and belongs to FASTLY, US. The main domain is shark.okgomo.club.
TLS certificate: Issued by R3 on July 7th 2021. Valid for: 3 months.

This is the only time shark.okgomo.club was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 2	185.199.111.153 185.199.111.153	54113 (FASTLY) (FASTLY)
5	2a04:4e42:3::485 2a04:4e42:3::485	54113 (FASTLY) (FASTLY)
1	2600:9000:20e... 2600:9000:20eb:9800:3:b5aa:ad80:21	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:811::2016	15169 (GOOGLE) (GOOGLE)
5	2600:9000:21f... 2600:9000:21f3:600:13:652b:c180:21	16509 (AMAZON-02) (AMAZON-02)
13	5

2 185.199.111.153 (United States) 1 redirects

ASN54113 (FASTLY, US)
PTR: cdn-185-199-111-153.github.com

meb05.github.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
shark.okgomo.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a04:4e42:3::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:9800:3:b5aa:ad80:21 (United States)

ASN16509 (AMAZON-02, US)

d13nu0oomnx5ti.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

play-lh.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:21f3:600:13:652b:c180:21 (United States)

ASN16509 (AMAZON-02, US)

dgu9g3a2kzqx2.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	cloudfront.net d13nu0oomnx5ti.cloudfront.net dgu9g3a2kzqx2.cloudfront.net	47 KB
5	jsdelivr.net cdn.jsdelivr.net	72 KB
1	googleusercontent.com play-lh.googleusercontent.com	306 KB
1	okgomo.club shark.okgomo.club	1 KB
1	github.io 1 redirects meb05.github.io	197 B
13	5

	Domain	Requested by
5	dgu9g3a2kzqx2.cloudfront.net	d13nu0oomnx5ti.cloudfront.net
5	cdn.jsdelivr.net	shark.okgomo.club
1	play-lh.googleusercontent.com	shark.okgomo.club
1	d13nu0oomnx5ti.cloudfront.net	shark.okgomo.club
1	shark.okgomo.club
1	meb05.github.io	1 redirects
13	6

This site contains no links.

Subject Issuer	Validity	Valid
shark.okgomo.club R3	`2021-07-07` - `2021-10-05`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-30` - `2022-06-01`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
edgestatic.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://shark.okgomo.club/
Frame ID: 086AD44E941F63C395FA1F84A1D85038
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://meb05.github.io/shark HTTP 301
https://shark.okgomo.club/ Page URL

Detected technologies

Ruby (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /^https?:\/\/[^/]+\.github\.io\//i
headers server /^GitHub\.com$/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

url /^https?:\/\/[^/]+\.github\.io\//i
headers server /^GitHub\.com$/i

GitHub Pages (CDN) Expand

Overall confidence: 100%
Detected patterns

url /^https?:\/\/[^/]+\.github\.io\//i
headers server /^GitHub\.com$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

13
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

6
Subdomains

5
IPs

2
Countries

426 kB
Transfer

661 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://meb05.github.io/shark HTTP 301
https://shark.okgomo.club/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
shark.okgomo.club/
Redirect Chain

https://meb05.github.io/shark
https://shark.okgomo.club/

3 KB
1 KB

182ms
119ms

Document
text/html

185.199.111.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://shark.okgomo.club/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.111.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-111-153.github.com
Software: GitHub.com /
Resource Hash: 1afa5f37465a719d6e52756d03dfde5d78b4be5990c88aaa4a768829e00b0b2e

Request headers

:method: GET
:authority: shark.okgomo.club
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: GitHub.com
content-type: text/html; charset=utf-8
last-modified: Wed, 07 Jul 2021 09:53:12 GMT
access-control-allow-origin: *
etag: W/"60e57988-bd1"
expires: Wed, 07 Jul 2021 10:16:15 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 38CC:6147:2999925:2ADC6A2:60E57C97
accept-ranges: bytes
date: Wed, 07 Jul 2021 10:06:15 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-cph20634-CPH
x-cache: MISS
x-cache-hits: 0
x-timer: S1625652375.451870,VS0,VE99
vary: Accept-Encoding
x-fastly-request-id: cd1aec62dd31661607dc2cd16eb5dc8dcba299c5
content-length: 1121

Redirect headers

server: GitHub.com
content-type: text/html
permissions-policy: interest-cohort=()
location: https://shark.okgomo.club
x-github-request-id: D89A:0D47:32F275:34894C:60E57C97
accept-ranges: bytes
date: Wed, 07 Jul 2021 10:06:15 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-cph20621-CPH
x-cache: MISS
x-cache-hits: 0
x-timer: S1625652375.268308,VS0,VE100
vary: Accept-Encoding
x-fastly-request-id: abc40c102f6c82aae3d406beb29dadfaf1aed97f
content-length: 162

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/gh/meb05/uploads@main/view/assets/css/ 156 KB
23 KB 19ms
7ms Stylesheet
text/css 2a04:4e42:3::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/meb05/uploads@main/view/assets/css/bootstrap.min.css

Requested by

Host: shark.okgomo.club
URL: https://shark.okgomo.club/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:3::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://shark.okgomo.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 1531
x-jsd-version: main
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 23674
etag: W/"26f1b-0wURD7eRE6lhOUtDPYUaNBA0K4w"
x-served-by: cache-fra19152-FRA
x-jsd-version-type: branch
date: Wed, 07 Jul 2021 10:06:15 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 style.css
cdn.jsdelivr.net/gh/meb05/uploads@main/view/assets/css/ 4 KB
1 KB 18ms
6ms Stylesheet
text/css 2a04:4e42:3::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/meb05/uploads@main/view/assets/css/style.css

Requested by

Host: shark.okgomo.club
URL: https://shark.okgomo.club/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:3::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1da3f99dcf0c4efe3de2660fd69ec2c972e1dfba4b8d782588cc5fc66bca3f2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://shark.okgomo.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 1531
x-jsd-version: main
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1079
etag: W/"f1f-5n0AW0NQCZJGEkHwjsTcNIGEdXk"
x-served-by: cache-fra19152-FRA
x-jsd-version-type: branch
date: Wed, 07 Jul 2021 10:06:15 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 0339f82.js Show response
d13nu0oomnx5ti.cloudfront.net/ 23 KB
23 KB 380ms
355ms Script
application/javascript 2600:9000:20eb:9800:3:b5aa:ad80:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d13nu0oomnx5ti.cloudfront.net/0339f82.js
Requested by: Host: shark.okgomo.club
URL: https://shark.okgomo.club/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:9800:3:b5aa:ad80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d71b75f37cbaa198fcac72013ceb2a2fe5b68c89902dbcf4b52ae28812cb9268

Request headers

Referer: https://shark.okgomo.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Jul 2021 08:28:09 GMT
via: 1.1 24c299c0a6423c6f96984a85fb014109.cloudfront.net (CloudFront)
last-modified: Mon, 03 May 2021 01:43:32 GMT
server: AmazonS3
age: 5887
etag: "6863f6e390060c097da580136d1dcaf2"
x-cache: Error from cloudfront
content-type: application/javascript
x-amz-cf-pop: FRA2-C1
content-length: 23438
x-amz-cf-id: em8cAo9SqbT3HxT0qlY-P6_FF8O0lndxNBRbAbp3Po64OC4tkYDdSA==

GET
H2 200 eBRbBBK4Fz_Ojc3L55BfJfQ21mljcuO5EptADRlDwLHmHT8QaiWwQmVx0ZNM_4Mps8I
play-lh.googleusercontent.com/ 305 KB
306 KB 30ms
9ms Image
image/png 2a00:1450:4001:811::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/eBRbBBK4Fz_Ojc3L55BfJfQ21mljcuO5EptADRlDwLHmHT8QaiWwQmVx0ZNM_4Mps8I

Requested by

Host: shark.okgomo.club
URL: https://shark.okgomo.club/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

13d9ee2b5ca7d52f62544e8e3fca91c2646fb2e5d4cae49648f79941550d8b89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://shark.okgomo.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Jul 2021 08:47:58 GMT
x-content-type-options: nosniff
age: 4697
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 312300
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 07 Jul 2021 12:37:42 GMT

GET
H2 200 jquery.min.js Show response
cdn.jsdelivr.net/gh/meb05/uploads@main/view/assets/js/ 86 KB
30 KB 6ms
6ms Script
application/javascript 2a04:4e42:3::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/meb05/uploads@main/view/assets/js/jquery.min.js

Requested by

Host: shark.okgomo.club
URL: https://shark.okgomo.club/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:3::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://shark.okgomo.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 1531
x-jsd-version: main
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 30718
etag: W/"15851-iFI5JDUbrAtdVg/gxXgeJVbnaT0"
x-served-by: cache-fra19152-FRA
x-jsd-version-type: branch
date: Wed, 07 Jul 2021 10:06:15 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 bootstrap.min.js Show response
cdn.jsdelivr.net/gh/meb05/uploads@main/view/assets/js/ 59 KB
16 KB 7ms
6ms Script
application/javascript 2a04:4e42:3::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/meb05/uploads@main/view/assets/js/bootstrap.min.js

Requested by

Host: shark.okgomo.club
URL: https://shark.okgomo.club/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:3::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://shark.okgomo.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 1530
x-jsd-version: main
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 15918
etag: W/"ea6a-s8EWxl5vBTqqtF5WGaeOwAJxpQ8"
x-served-by: cache-fra19152-FRA
x-jsd-version-type: branch
date: Wed, 07 Jul 2021 10:06:15 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 custom.min.js Show response
cdn.jsdelivr.net/gh/meb05/uploads@main/view/assets/js/ 4 KB
1 KB 6ms
6ms Script
application/javascript 2a04:4e42:3::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/meb05/uploads@main/view/assets/js/custom.min.js

Requested by

Host: shark.okgomo.club
URL: https://shark.okgomo.club/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:3::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

07a0eeefbe7a4c220e934f2775e1e3e5bf2a24864e28018f04e9727b07d025a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://shark.okgomo.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 1531
x-jsd-version: main
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1324
etag: W/"f23-Ky53ixaxm9r8/bOcqaGRDCNpxI8"
x-served-by: cache-fra19152-FRA
x-jsd-version-type: branch
date: Wed, 07 Jul 2021 10:06:15 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 html.1628108.56100.0.js Show response
dgu9g3a2kzqx2.cloudfront.net/public/external/v2/ 15 KB
15 KB 194ms
169ms Script
application/javascript 2600:9000:21f3:600:13:652b:c180:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dgu9g3a2kzqx2.cloudfront.net/public/external/v2/html.1628108.56100.0.js
Requested by: Host: d13nu0oomnx5ti.cloudfront.net
URL: https://d13nu0oomnx5ti.cloudfront.net/0339f82.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:600:13:652b:c180:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11
Resource Hash: d24fce6de5fbadcea31ceffba43639bfa663003810cd395ef3d144fa3494d288

Request headers

Referer: https://shark.okgomo.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Jul 2021 10:06:16 GMT
via: 1.1 83caebe1f817a31bd75ba17dff7ae1a6.cloudfront.net (CloudFront)
server: Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop: FRA2-C2
x-powered-by: PHP/7.4.11
x-cache: Miss from cloudfront
content-type: application/javascript
x-amz-cf-id: a_njdqi32-K4RP2C1yM60NsE0E727guKfOR1KGmNWuU2aKGml9Zieg==

GET
H2 200 css_front.css
dgu9g3a2kzqx2.cloudfront.net/public/external/ 6 KB
7 KB 183ms
158ms Stylesheet
text/css 2600:9000:21f3:600:13:652b:c180:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dgu9g3a2kzqx2.cloudfront.net/public/external/css_front.css
Requested by: Host: d13nu0oomnx5ti.cloudfront.net
URL: https://d13nu0oomnx5ti.cloudfront.net/0339f82.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:600:13:652b:c180:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11 /
Resource Hash: a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec

Request headers

Referer: https://shark.okgomo.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Jul 2021 10:06:16 GMT
via: 1.1 83caebe1f817a31bd75ba17dff7ae1a6.cloudfront.net (CloudFront)
last-modified: Tue, 23 Jun 2020 20:06:47 GMT
server: Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop: FRA2-C2
etag: "19c4-5a8c5e62e9d0a"
x-cache: Miss from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 6596
x-amz-cf-id: WPYoQqMaZSg0qhEwdOMW5_9iDRdKQy_VzheGVy4dumcCthh_DFkQKg==

GET
H2 200 css.css
dgu9g3a2kzqx2.cloudfront.net/public/clockers/CustomButton/ 1010 B
1 KB 310ms
309ms Stylesheet
text/css 2600:9000:21f3:600:13:652b:c180:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dgu9g3a2kzqx2.cloudfront.net/public/clockers/CustomButton/css.css
Requested by: Host: d13nu0oomnx5ti.cloudfront.net
URL: https://d13nu0oomnx5ti.cloudfront.net/0339f82.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:600:13:652b:c180:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11 /
Resource Hash: a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de

Request headers

Referer: https://shark.okgomo.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Jul 2021 10:06:16 GMT
via: 1.1 83caebe1f817a31bd75ba17dff7ae1a6.cloudfront.net (CloudFront)
last-modified: Fri, 10 Apr 2020 22:29:00 GMT
server: Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop: FRA2-C2
etag: "3f2-5a2f7428ae907"
x-cache: Miss from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 1010
x-amz-cf-id: UHtcY8SN_TERlYSPCdrU1ZkWuLxfPfJ0XUNQYL8dlwqmpINBw8OnXA==

GET
H2 200 guid Show response
dgu9g3a2kzqx2.cloudfront.net/public/ 0
285 B 309ms
308ms Script
text/html 2600:9000:21f3:600:13:652b:c180:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dgu9g3a2kzqx2.cloudfront.net/public/guid?cpguid=tmxa90vb6&e=ll&t=1625652376951
Requested by: Host: d13nu0oomnx5ti.cloudfront.net
URL: https://d13nu0oomnx5ti.cloudfront.net/0339f82.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:600:13:652b:c180:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.41 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shark.okgomo.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Jul 2021 10:06:17 GMT
via: 1.1 83caebe1f817a31bd75ba17dff7ae1a6.cloudfront.net (CloudFront)
server: Apache/2.4.41 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop: FRA2-C2
x-powered-by: PHP/7.4.11
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-length: 0
x-amz-cf-id: DeqSjkf6oieQHHZ2uP4H9ndwBEcbT2l1csf3VPsRqjMF5BNR5K0SNg==

GET
H2 200 check.php Show response
dgu9g3a2kzqx2.cloudfront.net/public/external/ 78 B
370 B 165ms
164ms Script
application/javascript 2600:9000:21f3:600:13:652b:c180:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dgu9g3a2kzqx2.cloudfront.net/public/external/check.php?it=1628108&time=1625652378297
Requested by: Host: d13nu0oomnx5ti.cloudfront.net
URL: https://d13nu0oomnx5ti.cloudfront.net/0339f82.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:600:13:652b:c180:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11
Resource Hash: 9ef4a63fc5e0a14a7301d693d65d6acfc44cdf14853c4a20890198f2d5e52e3b

Request headers

Referer: https://shark.okgomo.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Jul 2021 10:06:18 GMT
via: 1.1 83caebe1f817a31bd75ba17dff7ae1a6.cloudfront.net (CloudFront)
server: Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop: FRA2-C2
x-powered-by: PHP/7.4.11
x-cache: Miss from cloudfront
content-type: application/javascript
content-length: 78
x-amz-cf-id: IqOxIS7Gj1Rgc8CY19efVbZGUNthl8txAyny_Q3ttvt7j6Mp1chGVA==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			shark.okgomo.club/	1970-01-19 19:48:36	Name: _cpguid Value: tmxa90vb6

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
d13nu0oomnx5ti.cloudfront.net
dgu9g3a2kzqx2.cloudfront.net
meb05.github.io
play-lh.googleusercontent.com
shark.okgomo.club
185.199.111.153
2600:9000:20eb:9800:3:b5aa:ad80:21
2600:9000:21f3:600:13:652b:c180:21
2a00:1450:4001:811::2016
2a04:4e42:3::485
07a0eeefbe7a4c220e934f2775e1e3e5bf2a24864e28018f04e9727b07d025a8
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
13d9ee2b5ca7d52f62544e8e3fca91c2646fb2e5d4cae49648f79941550d8b89
1afa5f37465a719d6e52756d03dfde5d78b4be5990c88aaa4a768829e00b0b2e
1da3f99dcf0c4efe3de2660fd69ec2c972e1dfba4b8d782588cc5fc66bca3f2d
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
9ef4a63fc5e0a14a7301d693d65d6acfc44cdf14853c4a20890198f2d5e52e3b
a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de
a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec
d24fce6de5fbadcea31ceffba43639bfa663003810cd395ef3d144fa3494d288
d71b75f37cbaa198fcac72013ceb2a2fe5b68c89902dbcf4b52ae28812cb9268
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

shark.okgomo.club Open in urlscan Pro 185.199.111.153 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

80 %IPv6

5 Domains

6 Subdomains

5 IPs

2 Countries

426 kBTransfer

661 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

31 JavaScript Global Variables

1 Cookies

Indicators

shark.okgomo.club Open in urlscan Pro
185.199.111.153 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

6
Subdomains

5
IPs

2
Countries

426 kB
Transfer

661 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!