fjordextramundane.life
Open in
urlscan Pro
2606:4700:3037::ac43:bfb7
Malicious Activity!
Public Scan
Effective URL: https://fjordextramundane.life/?encoded_value=LF4LQ&sub1=945ddbf4acfc4387be67bdd4f6ddc2e8&sub2=&sub3=&sub4=&sub5=13949&source_i...
Submission: On February 05 via api from US — Scanned from US
Summary
TLS certificate: Issued by GTS CA 1P5 on January 3rd 2024. Valid for: 3 months.
This is the only time fjordextramundane.life was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 194.145.208.238 194.145.208.238 | 200514 (KNOWNSRV) (KNOWNSRV) | |
1 1 | 2606:4700:303... 2606:4700:3034::ac43:ac11 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 20 | 2606:4700:303... 2606:4700:3037::ac43:bfb7 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:e6:... 2606:4700:e6::ac40:cf26 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:e2:... 2606:4700:e2::ac40:8f15 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2606:4700:e2:... 2606:4700:e2::ac40:8e15 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
25 | 4 |
ASN13335 (CLOUDFLARENET, US)
www.redirectingservices.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
fjordextramundane.life
1 redirects
fjordextramundane.life |
1 MB |
5 |
trk-consulatu.com
trk-consulatu.com — Cisco Umbrella Rank: 78920 event.trk-consulatu.com — Cisco Umbrella Rank: 154645 |
3 KB |
1 |
fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 971 |
426 KB |
1 |
redirectingservices.org
1 redirects
www.redirectingservices.org |
850 B |
1 |
upsearching.com
1 redirects
upsearching.com |
645 B |
25 | 5 |
Domain | Requested by | |
---|---|---|
20 | fjordextramundane.life |
1 redirects
fjordextramundane.life
|
4 | event.trk-consulatu.com |
trk-consulatu.com
|
1 | trk-consulatu.com |
fjordextramundane.life
|
1 | use.fontawesome.com |
fjordextramundane.life
|
1 | www.redirectingservices.org | 1 redirects |
1 | upsearching.com | 1 redirects |
25 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
fjordextramundane.life GTS CA 1P5 |
2024-01-03 - 2024-04-02 |
3 months | crt.sh |
use.fontawesome.com Cloudflare Inc ECC CA-3 |
2023-10-12 - 2024-10-10 |
a year | crt.sh |
trk-consulatu.com GTS CA 1P5 |
2023-12-26 - 2024-03-25 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://fjordextramundane.life/?encoded_value=LF4LQ&sub1=945ddbf4acfc4387be67bdd4f6ddc2e8&sub2=&sub3=&sub4=&sub5=13949&source_id=5629&ip=2001%3A550%3A1d05%3A1%3A%3A11
Frame ID: 964D2947BFEE01C30DE0096DFF60A3CE
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
Survey RewardsPage URL History Show full URLs
-
http://upsearching.com/b4jhwh6/26fg9tk3/?sub1=10253502ca0f84a17e9ddd948beec0&sub2=1032
HTTP 302
https://www.redirectingservices.org/24QSBG/TNRTX22/?source_id=5629&sub1=945ddbf4acfc4387be67bdd4f6ddc2e8 HTTP 302
https://fjordextramundane.life/W7ZbTISiOl/?encoded_value=LF4LQ&sub1=945ddbf4acfc4387be67bdd4f6ddc2e8&sub2=&... HTTP 302
http://fjordextramundane.life/?encoded_value=LF4LQ&sub1=945ddbf4acfc4387be67bdd4f6ddc2e8&sub2=&sub3=&sub4=... HTTP 307
https://fjordextramundane.life/?encoded_value=LF4LQ&sub1=945ddbf4acfc4387be67bdd4f6ddc2e8&sub2=&sub3=&sub4=... Page URL
Detected technologies
animate.css (Web Frameworks) ExpandDetected patterns
- <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://upsearching.com/b4jhwh6/26fg9tk3/?sub1=10253502ca0f84a17e9ddd948beec0&sub2=1032
HTTP 302
https://www.redirectingservices.org/24QSBG/TNRTX22/?source_id=5629&sub1=945ddbf4acfc4387be67bdd4f6ddc2e8 HTTP 302
https://fjordextramundane.life/W7ZbTISiOl/?encoded_value=LF4LQ&sub1=945ddbf4acfc4387be67bdd4f6ddc2e8&sub2=&sub3=&sub4=&sub5=13949&source_id=5629&ip=2001%3A550%3A1d05%3A1%3A%3A11 HTTP 302
http://fjordextramundane.life/?encoded_value=LF4LQ&sub1=945ddbf4acfc4387be67bdd4f6ddc2e8&sub2=&sub3=&sub4=&sub5=13949&source_id=5629&ip=2001%3A550%3A1d05%3A1%3A%3A11 HTTP 307
https://fjordextramundane.life/?encoded_value=LF4LQ&sub1=945ddbf4acfc4387be67bdd4f6ddc2e8&sub2=&sub3=&sub4=&sub5=13949&source_id=5629&ip=2001%3A550%3A1d05%3A1%3A%3A11 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
fjordextramundane.life/ Redirect Chain
|
29 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
fjordextramundane.life/css/ |
15 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
animate.min.css
fjordextramundane.life/css/ |
70 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.js
use.fontawesome.com/releases/v5.15.4/js/ |
1 MB 426 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
datehead.js
fjordextramundane.life/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.png
fjordextramundane.life/images/ |
29 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
flaglogo.png
fjordextramundane.life/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
product.png
fjordextramundane.life/images/ |
369 KB 370 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
loadingBL.gif
fjordextramundane.life/images/ |
118 KB 118 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
prize1.png
fjordextramundane.life/images/ |
551 KB 552 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1.jpg
fjordextramundane.life/images/ |
45 KB 45 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2.jpg
fjordextramundane.life/images/ |
48 KB 48 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3.jpg
fjordextramundane.life/images/ |
49 KB 49 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4.jpg
fjordextramundane.life/images/ |
38 KB 38 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
5.jpg
fjordextramundane.life/images/ |
36 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f_guarantee.png
fjordextramundane.life/images/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f_secure_1.png
fjordextramundane.life/images/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo2.png
fjordextramundane.life/images/ |
29 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
script.js
fjordextramundane.life/js/ |
10 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
64d5p99gj0
trk-consulatu.com/scripts/push/script/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bg.png
fjordextramundane.life/images/ |
173 KB 173 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
zqd20w74ek
event.trk-consulatu.com/register/event_log/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
zqd20w74ek
event.trk-consulatu.com/register/event_log/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
zqd20w74ek
event.trk-consulatu.com/register/event_log/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
zqd20w74ek
event.trk-consulatu.com/register/event_log/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)32 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| datehax function| datenhax function| datenhay function| startTimer function| urlBase64ToUint8Array function| pullUrlParams function| push_subscribe function| push_subscribe_promise function| setIfNull function| logPushEvent function| push_unsubscribe function| push_init function| setSessionId function| setUtm function| getSessionId function| getUrlVars function| getDomainName function| getStore object| answers number| lastQnum function| toNext object| states object| dones object| loadImg object| loadBgCol function| drawloader number| qn number| dsq number| incq object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.redirectingservices.org/ | Name: uniqueClick_TNRTX22 Value: b22f6d01-7fd4-4848-806a-9c6e1c17c63f:1707173834 |
|
www.redirectingservices.org/ | Name: transaction_id Value: ab706b4f5a4940a3887eb6dd930e37cb |
|
fjordextramundane.life/ | Name: SESSIONIDS Value: W7ZbTISiOl |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
event.trk-consulatu.com
fjordextramundane.life
trk-consulatu.com
upsearching.com
use.fontawesome.com
www.redirectingservices.org
194.145.208.238
2606:4700:3034::ac43:ac11
2606:4700:3037::ac43:bfb7
2606:4700:e2::ac40:8e15
2606:4700:e2::ac40:8f15
2606:4700:e6::ac40:cf26
113295f08f078fa06ef8632edd09b5f70bf9309e472fe2640030fd5d58e6d310
204928c8b1cbaf5a3e846e0616dbb17af95a0fbe4846008c1b1f771620114b33
27a144b3c249b7ce08248cfd7b766dfa74de3841e2d9c9afd71dfe83eb92a38c
2de97776b8851b17a9848f6bc3e2497ac2b9d9ac3ac544f054bfe9b1911e81d8
32444886364c971cff1c32a7f2b0a81ec06c739cc5a1780dc8c26bfd39d2a447
3e5737a7a9e0d9588443dd20d2c4cda5034ee79b4caf2d2d61daa8a811196d64
4319caf485edd71c270a7ec98e0e0beeb70a69ba4d775ae345fc1b808ce56f86
58669c15b15430de02d4aa06b4e725ad0763e1edcd99f946d998dfa9b350c699
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf
8e7dc85c3520478d73fe61832297fec8e37955e03ee8a87108030f50582841fe
9e3edbcf2348ebf5dd1ecc6dce7d1f4f482be84a0148459991da3813e7f7f673
a45cef5e46aa1a339428e2ad060b97029c6e4470bff8b15d6a04c1d614d7b791
af80355db9198002ab1473de17ce4074a9e1acc7c60e33aadc65b192af8da4ab
be11a552e947432fc6bda78ce366ff8b05bffc7c7c22310ed5463e7bffc3e4ab
bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b
c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95
d7be9e8a2a42c6296ec989ea3cdafbc1f145eb8169c3b40ee634996b9f2c7ec8
db0200467d85ede9ac0e20989b704f72553573d4c25fdb8eb64d4644fa9572e1
eb97f1ceb86cf65febe6fc09278d503747f140e18297b6da6ee4bdcd41479f43
ffb56d3b6cdef0fa30cf2f5c6c944efc65f832fbf0c2b796426657470428c923