appsync.info
Open in
urlscan Pro
193.233.161.149
Malicious Activity!
Public Scan
Submission: On August 16 via api from US — Scanned from NL
Summary
TLS certificate: Issued by R3 on July 7th 2023. Valid for: 3 months.
This is the only time appsync.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
18 | 193.233.161.149 193.233.161.149 | 200019 (ALEXHOST) (ALEXHOST) | |
1 | 2600:9000:26d... 2600:9000:26da:5400:3:b5aa:ad80:21 | 16509 (AMAZON-02) (AMAZON-02) | |
4 | 2600:9000:20c... 2600:9000:20c3:4200:10:1631:3500:21 | 16509 (AMAZON-02) (AMAZON-02) | |
26 | 4 |
ASN16509 (AMAZON-02, US)
d13nu0oomnx5ti.cloudfront.net |
ASN16509 (AMAZON-02, US)
d1w9uux77ifu8k.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
appsync.info
appsync.info |
526 KB |
5 |
cloudfront.net
d13nu0oomnx5ti.cloudfront.net d1w9uux77ifu8k.cloudfront.net |
48 KB |
0 |
nowadays.co
Failed
nowadays.co Failed |
|
26 | 3 |
Domain | Requested by | |
---|---|---|
18 | appsync.info |
appsync.info
|
4 | d1w9uux77ifu8k.cloudfront.net |
d13nu0oomnx5ti.cloudfront.net
|
1 | d13nu0oomnx5ti.cloudfront.net |
appsync.info
|
0 | nowadays.co Failed |
appsync.info
|
26 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
appsync.info R3 |
2023-07-07 - 2023-10-05 |
3 months | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2022-12-08 - 2023-12-07 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://appsync.info/telegram-contents-recovery/index.html
Frame ID: 2258D54FC52449AFBECB8B4EE86C9C97
Requests: 26 HTTP requests in this frame
Screenshot
Page Title
Recover Deleted Telegram Message Conversation ToolDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.html
appsync.info/telegram-contents-recovery/ |
15 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
appsync.info/telegram-contents-recovery/static/css/ |
115 KB 115 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom.css
appsync.info/telegram-contents-recovery/static/css/ |
145 KB 146 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
appsync.info/telegram-contents-recovery/static/css/ |
23 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e9f4b4d.js
d13nu0oomnx5ti.cloudfront.net/ |
29 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cap.png
appsync.info/telegram-contents-recovery/static/picture/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
appsync.info/telegram-contents-recovery/static/picture/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon.png
appsync.info/telegram-contents-recovery/static/picture/ |
15 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
captcha.png
appsync.info/telegram-contents-recovery/static/picture/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
red.png
appsync.info/telegram-contents-recovery/static/picture/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yellow.png
appsync.info/telegram-contents-recovery/static/picture/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
green.png
appsync.info/telegram-contents-recovery/static/picture/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js.js
appsync.info/telegram-contents-recovery/static/js/ |
109 KB 109 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js.js
appsync.info/telegram-contents-recovery/static/js/ |
35 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.validate.min.js.js
appsync.info/telegram-contents-recovery/static/js/ |
21 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.typewriter.min.js.js
appsync.info/telegram-contents-recovery/static/js/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
buzz.min.js.js
appsync.info/telegram-contents-recovery/static/js/ |
10 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
html.1862373.88f3d.0.js
d1w9uux77ifu8k.cloudfront.net/public/external/v2/ |
9 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css_front.css
d1w9uux77ifu8k.cloudfront.net/public/external/ |
6 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
glyphicons-halflings-regular.woff2
nowadays.co/mkt/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
glyphicons-halflings-regular.woff
nowadays.co/mkt/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
glyphicons-halflings-regular.ttf
nowadays.co/mkt/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Coins.wav
appsync.info/telegram-contents-recovery/ |
2 KB 2 KB |
Media
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Coins.mp3
appsync.info/telegram-contents-recovery/ |
2 KB 2 KB |
Media
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
d1w9uux77ifu8k.cloudfront.net/public/clockers/PrimeApps/ |
1010 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
check.php
d1w9uux77ifu8k.cloudfront.net/public/external/ |
72 B 367 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- nowadays.co
- URL
- http://nowadays.co/mkt/fonts/glyphicons-halflings-regular.woff2
- Domain
- nowadays.co
- URL
- http://nowadays.co/mkt/fonts/glyphicons-halflings-regular.woff
- Domain
- nowadays.co
- URL
- http://nowadays.co/mkt/fonts/glyphicons-halflings-regular.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)126 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| CPABUILDSETTINGS object| CPABUILDContentLocker number| __cfRLUnblockHandlers function| CPBContentLocker function| xfLock function| xfGetFeedURL function| xfGetIframeURL function| xfGetIframeHTML function| xfUnlock function| xfOfferComplete function| xfOffersComplete function| xfCheckForLead function| xfComplete function| CPABuildLock function| CPABuildGetFeedURL function| CPABuildGetIframeURL function| CPABuildGetIframeHTML function| CPABuildUnlock function| CPABuildOfferComplete function| CPABuildOffersComplete function| CPABuildCheckForLead function| CPABuildComplete function| _RH function| _Vm function| _uj function| _Ew function| _HW function| _oy function| _Jf function| _Mz function| _EQ function| _ZU function| _lL function| _yk function| _Tm function| _Ht function| _nS function| _Xy function| _qr function| _Tt function| _du function| _OS function| _Ts function| _ET function| _om function| _Wi function| _xb function| _GK function| _CS function| _kt function| _iE function| _Ut function| _yi function| _TR function| _iD function| _aj function| _lI function| _Ri function| _Th function| _gD function| _iH function| _ff function| _uG function| _KE function| _VR function| _HL function| _VX function| _Nr function| _di function| _Ul function| _WT function| _Cd function| _cy function| _jb function| _tx function| _Yf function| _zl function| _Pg function| _CJ function| _Jl function| _GX function| _nO function| _JF function| _KB function| _VU function| _MS function| _cn function| _xA function| _Kx function| _eN function| _yy function| _bC function| _JW function| _cW function| _Cm function| _xY function| _Gi function| _Ns function| _bu function| _Ci function| _cZ function| _vH function| _ou function| _Tu function| _ux function| _xS function| _wg function| _vs function| _Nl function| _LF function| _gu function| _Yg function| _Hj function| _dS function| _VE function| _TG function| _qd function| _FD function| _rp function| _Hn function| _my function| _qW function| $ function| jQuery object| buzz1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
appsync.info/ | Name: _cpguid Value: v30icka93 |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
appsync.info
d13nu0oomnx5ti.cloudfront.net
d1w9uux77ifu8k.cloudfront.net
nowadays.co
nowadays.co
193.233.161.149
2600:9000:20c3:4200:10:1631:3500:21
2600:9000:26da:5400:3:b5aa:ad80:21
39b92f402a3726f56f54d6b57a08d86a3cb57fee1c7c09bb5abaebe406c64814
39d86925562a9a0be74603567ef7a0c2bda960d6759fbcc6c55a2af2e4ce2cec
46c0dc89cf6d107e63f1ff8f8c2cc92c33294dab989d4bc6db9abe1151bb154c
4a3bc15c1663f9bf029b74f3a76b02a2842e0af275d89a92eaf502983eb2f68d
4b723feff0fb52e814f7fbae3d9b10ed1d02d37f0a148e965f83d7b0c1ee0942
51e8ade1b78d7c67c12a0f07a6db7f201ad1a3dc76171a5e750ccaa61316f33a
577d248638c57941b7e35d9a19ef4b5d88d52482f6e59254142d4266c57bad38
6fd3745b17d3aaf35cbea4c5737fc01c33efbf0970f7e23630f3d0e2289d9fc4
7366cdb0817b07ae7869e0f645a197eafdccb82a7cf55bc7f99fffe35840cb22
805264397bb4a0c55e4ce8514387dae6fa68e68520fce44a7f746c12ba65e898
a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de
a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec
af0045622b134654936bc776a6586bb9b3c38abfa94f48ff385b8e5f1bd57e8a
c8b130c253b9ee74aae1e1026e45c26fccb063fae60a91baddd96dc456f08fdd
d25287b80d8357606b4b20924cc6d2c99811c0130286cf5d68d06a9bb83e3f0a
de9b8cac46c6db54adc2c944001522cac5fcb1b44928ad2d32a9ac34eb239985
e3fea9254634a92325f515efe398ae347ebb8ca14c8c78f16009f1ba585db255
ea95db8321039d1f62c91af2de6ba785edab554c161c331ec0564e5458a4a153
f6a1a27a77a15c7a2b15c282b77aac0dbac4b74f229bf2040a5cab9cc56a40b4
f6aef009b719db2e9534695346491b5e72db16c4c8061ba292359ab6f0f5163f
f9e777fbb8118750212fe178fcac76e172e52285b16dd4e49d7b35459bddb317
fe20c8e0becadb7cca8baff387ef47456631b7f72d5674f72ed416a224b7a3e4