pesea.gq
Open in
urlscan Pro
142.4.10.139
Malicious Activity!
Public Scan
Effective URL: https://pesea.gq/bbt2021/?_branch_match_id=946866992683186337&utm_medium=marketing
Submission: On July 22 via manual from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 22nd 2021. Valid for: 3 months.
This is the only time pesea.gq was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BB&T Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2600:9000:20e... 2600:9000:20eb:4000:19:9934:6a80:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:831::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:800::2003 | 15169 (GOOGLE) (GOOGLE) | |
5 | 142.4.10.139 142.4.10.139 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
9 | 4 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 142-4-10-139.unifiedlayer.com
pesea.gq |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
pesea.gq
pesea.gq |
54 KB |
2 |
gstatic.com
fonts.gstatic.com |
32 KB |
1 |
googleapis.com
fonts.googleapis.com |
744 B |
1 |
app.link
jgdf1.app.link |
2 KB |
9 | 4 |
Domain | Requested by | |
---|---|---|
5 | pesea.gq |
jgdf1.app.link
pesea.gq |
2 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
jgdf1.app.link
|
1 | jgdf1.app.link | |
9 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
appipv4.link Amazon |
2021-06-24 - 2022-07-23 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-06-28 - 2021-09-20 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-06-28 - 2021-09-20 |
3 months | crt.sh |
pesea.gq cPanel, Inc. Certification Authority |
2021-07-22 - 2021-10-20 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://pesea.gq/bbt2021/?_branch_match_id=946866992683186337&utm_medium=marketing
Frame ID: 83DD6CE8C2711CD3992E0524C37F9F12
Requests: 8 HTTP requests in this frame
Frame:
https://pesea.gq/bbt2021/://open?link_click_id=946866992683186337
Frame ID: 2A00A337892272069918AF769089E42E
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://jgdf1.app.link/Oi34Sjqz6hb Page URL
- https://pesea.gq/bbt2021/?_branch_match_id=946866992683186337&utm_medium=marketing Page URL
Detected technologies
Lua (Programming Languages) ExpandDetected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
OpenResty (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Amazon Web Services (PaaS) Expand
Detected patterns
- headers via /\(CloudFront\)$/i
Amazon Cloudfront (CDN) Expand
Detected patterns
- headers via /\(CloudFront\)$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://jgdf1.app.link/Oi34Sjqz6hb Page URL
- https://pesea.gq/bbt2021/?_branch_match_id=946866992683186337&utm_medium=marketing Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Oi34Sjqz6hb
jgdf1.app.link/ |
7 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
4 KB 744 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
open
pesea.gq/bbt2021/:// Frame 2A00 |
0 194 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
/
pesea.gq/bbt2021/ |
466 B 786 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
captcha.js
pesea.gq/bbt2021/assets/js/ |
118 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
captcha.png
pesea.gq/bbt2021/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2134651.png
pesea.gq/bbt2021/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BB&T Bank (Banking)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| setImmediate function| clearImmediate function| Vue1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
pesea.gq/ | Name: cazanova Value: 4555d43a98ad6921d4af42e896bf5f4ba838426d |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
jgdf1.app.link
pesea.gq
142.4.10.139
2600:9000:20eb:4000:19:9934:6a80:93a1
2a00:1450:4001:800::2003
2a00:1450:4001:831::200a
6f7d1dc4867c2df3a57e5ab46e45d755e11eee0abbefa53a22e56219fcd89c61
932060b34fe451f1cb994f3da257f6d2d0f281e1e286e9f3f0e2da63e862fec6
9b177076f6a7a97bc4d4372c1fc58c6ad7b647c827eaa4b7ee6c62d8dfc029c1
a167358c8c3e6c9bb6f25209cf0e7a2eb663d826352d0550b72609f6ec42f794
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
c33f1d79ff8a5225bb8136d5dc85c3bd138566184a0345b41301f06ff2bbca66
d80353db58e2c6be8a2a5649191a2cc72aaa54e3dcea63e243f2fc76d2284b05
efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309