pesea.gq Open in urlscan Pro
142.4.10.139  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://jgdf1.app.link/Oi34Sjqz6hb Page URL
2. https://pesea.gq/bbt2021/?_branch_match_id=946866992683186337&utm_medium=marketing Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Oi34Sjqz6hb Show response jgdf1.app.link/	7 KB 2 KB	446ms 422ms	Document text/html	2600:9000:20eb:4000:19:9934:6a80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jgdf1.app.link/Oi34Sjqz6hb Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20eb:4000:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software openresty / Express Resource Hash a167358c8c3e6c9bb6f25209cf0e7a2eb663d826352d0550b72609f6ec42f794 Request headers :method GET :authority jgdf1.app.link :scheme https :path /Oi34Sjqz6hb pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers content-type text/html; charset=utf-8 vary Accept-Encoding server openresty date Thu, 22 Jul 2021 21:21:49 GMT x-powered-by Express set-cookie _s=fj%2BA0PKuS2pGwySlKk1esXvOyd%2FP56RrYHsvHYTgipEST7LA0ozyEDhgIZleDS3r; Max-Age=31536000; Domain=.app.link; Path=/; Expires=Fri, 22 Jul 2022 21:21:49 GMT; Secure; SameSite=None last-modified Thu, 22 Jul 2021 21:21:49 GMT etag W/"1abf-YmbnrS+lZz6CmsMNzcU6rZMphx8" content-encoding gzip x-cache Miss from cloudfront via 1.1 0e75d8f2d484ce463fc04f5c422aa179.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 x-amz-cf-id jbSF6gKDYaiEVHajHAWptbUN-vHS2tR8QgUVuZcbPGGvvLlKm_eGYA==
GET H2	200	css fonts.googleapis.com/	4 KB 744 B	15ms 15ms	Stylesheet text/css	2a00:1450:4001:831::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600 Requested by Host: jgdf1.app.link URL: https://jgdf1.app.link/Oi34Sjqz6hb Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 932060b34fe451f1cb994f3da257f6d2d0f281e1e286e9f3f0e2da63e862fec6 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://jgdf1.app.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Thu, 22 Jul 2021 19:49:57 GMT server ESF date Thu, 22 Jul 2021 21:21:49 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 22 Jul 2021 21:21:49 GMT
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v14/	16 KB 16 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:800::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://jgdf1.app.link Referer https://fonts.googleapis.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 19 Jul 2021 17:54:23 GMT x-content-type-options nosniff age 271646 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15948 x-xss-protection 0 last-modified Tue, 15 Sep 2020 18:10:32 GMT server sffe content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 19 Jul 2022 17:54:23 GMT
GET H2	200	6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 fonts.gstatic.com/s/sourcesanspro/v14/	16 KB 16 KB	7ms 6ms	Font font/woff2	2a00:1450:4001:800::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://jgdf1.app.link Referer https://fonts.googleapis.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 20 Jul 2021 13:27:21 GMT x-content-type-options nosniff age 201268 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 16112 x-xss-protection 0 last-modified Tue, 15 Sep 2020 18:10:09 GMT server sffe content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 20 Jul 2022 13:27:21 GMT
GET H/1.1	404 Not Found	open pesea.gq/bbt2021/:// Frame 2A00	0 194 B	757ms 235ms	Document text/html	142.4.10.139 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://pesea.gq/bbt2021/://open?link_click_id=946866992683186337 Requested by Host: jgdf1.app.link URL: https://jgdf1.app.link/Oi34Sjqz6hb Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.4.10.139 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 142-4-10-139.unifiedlayer.com Software Apache / Resource Hash Request headers Host pesea.gq Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer https://jgdf1.app.link/ Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://jgdf1.app.link/ Response headers Date Thu, 22 Jul 2021 21:21:50 GMT Server Apache Content-Length 0 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	Primary Request Cookie set / Show response pesea.gq/bbt2021/	466 B 786 B	487ms 231ms	Document text/html	142.4.10.139 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://pesea.gq/bbt2021/?_branch_match_id=946866992683186337&utm_medium=marketing Requested by Host: jgdf1.app.link URL: https://jgdf1.app.link/Oi34Sjqz6hb Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.4.10.139 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 142-4-10-139.unifiedlayer.com Software Apache / Resource Hash c33f1d79ff8a5225bb8136d5dc85c3bd138566184a0345b41301f06ff2bbca66 Request headers Host pesea.gq Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer https://jgdf1.app.link/ Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://jgdf1.app.link/ Response headers Date Thu, 22 Jul 2021 21:21:50 GMT Server Apache Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Set-Cookie cazanova=4555d43a98ad6921d4af42e896bf5f4ba838426d; expires=Thu, 22-Jul-2021 23:21:50 GMT; Max-Age=7200; path=/; HttpOnly Vary Accept-Encoding Content-Encoding gzip Content-Length 307 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	captcha.js Show response pesea.gq/bbt2021/assets/js/	118 KB 42 KB	202ms 202ms	Script application/javascript	142.4.10.139 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://pesea.gq/bbt2021/assets/js/captcha.js Requested by Host: pesea.gq URL: https://pesea.gq/bbt2021/?_branch_match_id=946866992683186337&utm_medium=marketing Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.4.10.139 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 142-4-10-139.unifiedlayer.com Software Apache / Resource Hash 6f7d1dc4867c2df3a57e5ab46e45d755e11eee0abbefa53a22e56219fcd89c61 Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host pesea.gq Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Sec-Fetch-Mode no-cors Accept */* Cache-Control no-cache Sec-Fetch-Dest script Referer https://pesea.gq/bbt2021/?_branch_match_id=946866992683186337&utm_medium=marketing Cookie cazanova=4555d43a98ad6921d4af42e896bf5f4ba838426d Connection keep-alive Referer https://pesea.gq/bbt2021/?_branch_match_id=946866992683186337&utm_medium=marketing User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Thu, 22 Jul 2021 21:21:50 GMT Content-Encoding gzip Last-Modified Tue, 15 Sep 2020 23:59:38 GMT Server Apache Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 43144
GET H/1.1	200 OK	Cookie set captcha.png pesea.gq/bbt2021/	4 KB 5 KB	236ms 235ms	Image image/png	142.4.10.139 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://pesea.gq/bbt2021/captcha.png?_1626988913374 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.4.10.139 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 142-4-10-139.unifiedlayer.com Software Apache / Resource Hash 9b177076f6a7a97bc4d4372c1fc58c6ad7b647c827eaa4b7ee6c62d8dfc029c1 Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host pesea.gq Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Sec-Fetch-Mode no-cors Accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 Cache-Control no-cache Sec-Fetch-Dest image Referer https://pesea.gq/bbt2021/?_branch_match_id=946866992683186337&utm_medium=marketing Connection keep-alive Referer https://pesea.gq/bbt2021/?_branch_match_id=946866992683186337&utm_medium=marketing User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Thu, 22 Jul 2021 21:21:53 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding Content-Type image/png Set-Cookie cazanova=e057b16717f84b5ab6dd8e0276b3dc6329eba123; expires=Thu, 22-Jul-2021 23:21:53 GMT; Max-Age=7200; path=/; HttpOnly Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Keep-Alive timeout=5, max=97 Content-Length 4375 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	2134651.png pesea.gq/bbt2021/	6 KB 6 KB	202ms 202ms	Image image/png	142.4.10.139 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://pesea.gq/bbt2021/2134651.png Requested by Host: pesea.gq URL: https://pesea.gq/bbt2021/?_branch_match_id=946866992683186337&utm_medium=marketing Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 142.4.10.139 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 142-4-10-139.unifiedlayer.com Software Apache / Resource Hash d80353db58e2c6be8a2a5649191a2cc72aaa54e3dcea63e243f2fc76d2284b05 Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host pesea.gq Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Sec-Fetch-Mode no-cors Accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 Cache-Control no-cache Sec-Fetch-Dest image Referer https://pesea.gq/bbt2021/?_branch_match_id=946866992683186337&utm_medium=marketing Connection keep-alive Referer https://pesea.gq/bbt2021/?_branch_match_id=946866992683186337&utm_medium=marketing User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Thu, 22 Jul 2021 21:21:53 GMT Content-Encoding gzip Last-Modified Mon, 04 Jan 2021 10:36:38 GMT Server Apache Vary Accept-Encoding Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 6222

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BB&T Bank (Banking)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| setImmediate function| clearImmediate function| Vue

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			pesea.gq/	1970-01-19 19:56:36	Name: cazanova Value: 4555d43a98ad6921d4af42e896bf5f4ba838426d

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
jgdf1.app.link
pesea.gq
142.4.10.139
2600:9000:20eb:4000:19:9934:6a80:93a1
2a00:1450:4001:800::2003
2a00:1450:4001:831::200a
6f7d1dc4867c2df3a57e5ab46e45d755e11eee0abbefa53a22e56219fcd89c61
932060b34fe451f1cb994f3da257f6d2d0f281e1e286e9f3f0e2da63e862fec6
9b177076f6a7a97bc4d4372c1fc58c6ad7b647c827eaa4b7ee6c62d8dfc029c1
a167358c8c3e6c9bb6f25209cf0e7a2eb663d826352d0550b72609f6ec42f794
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
c33f1d79ff8a5225bb8136d5dc85c3bd138566184a0345b41301f06ff2bbca66
d80353db58e2c6be8a2a5649191a2cc72aaa54e3dcea63e243f2fc76d2284b05
efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309