lg-verify-acaunt.ml
Open in
urlscan Pro
2606:4700:3033::ac43:985e
Malicious Activity!
Public Scan
Effective URL: https://lg-verify-acaunt.ml/login.php
Submission: On December 28 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 28th 2020. Valid for: a year.
This is the only time lg-verify-acaunt.ml was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Instagram (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 2606:4700:303... 2606:4700:3033::ac43:985e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 168.119.145.176 168.119.145.176 | 24940 (HETZNER-AS) (HETZNER-AS) | |
2 | 2606:4700::68... 2606:4700::6810:a823 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a01:4f8:151:... 2a01:4f8:151:6117::2 | 24940 (HETZNER-AS) (HETZNER-AS) | |
2 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:1a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
13 | 6 |
ASN24940 (HETZNER-AS, DE)
PTR: static.176.145.119.168.clients.your-server.de
i.imgyukle.com |
ASN20446 (HIGHWINDS3, US)
stackpath.bootstrapcdn.com | |
code.jquery.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
lg-verify-acaunt.ml
lg-verify-acaunt.ml |
146 KB |
2 |
cloudflare.com
ajax.cloudflare.com |
9 KB |
2 |
imgyukle.com
i.imgyukle.com |
7 KB |
1 |
jquery.com
code.jquery.com |
30 KB |
1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com |
7 KB |
1 |
sitekodlari.com
ir.sitekodlari.com ir1.sitekodlari.com Failed |
277 B |
13 | 6 |
Domain | Requested by | |
---|---|---|
5 | lg-verify-acaunt.ml |
lg-verify-acaunt.ml
|
2 | ajax.cloudflare.com |
lg-verify-acaunt.ml
|
2 | i.imgyukle.com |
lg-verify-acaunt.ml
|
1 | code.jquery.com |
ajax.cloudflare.com
|
1 | stackpath.bootstrapcdn.com |
lg-verify-acaunt.ml
|
1 | ir.sitekodlari.com |
ajax.cloudflare.com
|
0 | ir1.sitekodlari.com Failed |
ajax.cloudflare.com
|
13 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-12-28 - 2021-12-27 |
a year | crt.sh |
imgyukle.com R3 |
2020-12-05 - 2021-03-05 |
3 months | crt.sh |
ajax.cloudflare.com DigiCert ECC Secure Server CA |
2020-08-11 - 2022-08-16 |
2 years | crt.sh |
ir.sitekodlari.com R3 |
2020-12-07 - 2021-03-07 |
3 months | crt.sh |
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA |
2020-09-22 - 2021-10-12 |
a year | crt.sh |
jquery.org Sectigo RSA Domain Validation Secure Server CA |
2020-10-06 - 2021-10-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://lg-verify-acaunt.ml/login.php
Frame ID: C2B859BA1DE428CFFCBA744517AD0A0E
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://lg-verify-acaunt.ml/ Page URL
- https://lg-verify-acaunt.ml/login.php Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://lg-verify-acaunt.ml/ Page URL
- https://lg-verify-acaunt.ml/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
lg-verify-acaunt.ml/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SHNOWo.png
i.imgyukle.com/2020/07/17/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SHN2fR.png
i.imgyukle.com/2020/07/17/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rocket-loader.min.js
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ |
12 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sagtusengelleme1.js
ir.sitekodlari.com/ |
99 B 277 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
se1.php
ir1.sitekodlari.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
login.php
lg-verify-acaunt.ml/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xq1.png
lg-verify-acaunt.ml/resim/ |
113 KB 114 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.png
lg-verify-acaunt.ml/resim/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EmirFrom.png
lg-verify-acaunt.ml/resim/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rocket-loader.min.js
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.min.js
code.jquery.com/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ir1.sitekodlari.com
- URL
- http://ir1.sitekodlari.com/se1.php
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Instagram (Social Network)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| __cfQR function| $ function| jQuery boolean| __cfRLUnblockHandlers2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.lg-verify-acaunt.ml/ | Name: ARRAffinity Value: 7440c77fb9070c689603bd1cb1046a5b6d1fe48b1a29fac627939c5498ebe8d4 |
|
.lg-verify-acaunt.ml/ | Name: __cfduid Value: d015ff1347167330fb10de8f90f8fddf91609195862 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.cloudflare.com
code.jquery.com
i.imgyukle.com
ir.sitekodlari.com
ir1.sitekodlari.com
lg-verify-acaunt.ml
stackpath.bootstrapcdn.com
ir1.sitekodlari.com
168.119.145.176
2001:4de0:ac19::1:b:1a
2606:4700:3033::ac43:985e
2606:4700::6810:a823
2a01:4f8:151:6117::2
028b80e458d14e6133c4c0dd79cb832e7f2e9d4a3f02b67e01e1edf132a33003
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
327e73564b60ea2d3122db13eba3a07abf9f122bb76763150077190860b9a187
4371cb561526ebbcebdd5c4ee856b402807f68cf02b049bdb281a1c7fb9f72c8
735f7ebf6e827db314649423976c7d3d2f8c19e286e95106a19cf6ff69389ff1
7490b765baed1bde18bf2e63e947474acebdd28ab5bd08bbedf32717edc48aa9
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
9b71c4347aeb8f5775ae8d7df6a6b4d690d639b8f0574a9378879da79209a0d5
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
e0bd957ccfef739d618b4e1a8ac1c2b19f90037065cee1641427e705ef1debad
e2d39b0d1a837645fe4d41ed4d67e4e8ef4b753c550ab4e6c45642e3d56589be