mee6-verification.xyz Open in urlscan Pro
2a06:98c1:3121::c  Malicious Activity! Public Scan

URL: https://mee6-verification.xyz/
Submission Tags: https://sinking.yachts sinking-yachts phishing Search All
Submission: On February 20 via api from US — Scanned from NL

Summary

This website contacted 5 IPs in 4 countries across 4 domains to perform 6 HTTP transactions. The main IP is 2a06:98c1:3121::c, located in United States and belongs to CLOUDFLARENET, US. The main domain is mee6-verification.xyz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 13th 2023. Valid for: a year.
This is the only time mee6-verification.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious1 votes Show Verdicts

Domain & IP information

IP Address AS Autonomous System
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
2 162.159.128.232 13335 (CLOUDFLAR...)
1 2a02:26f0:11a... 20940 (AKAMAI-ASN1)
6 5
Apex Domain
Subdomains
Transfer
2 discordapp.net
media.discordapp.net — Cisco Umbrella Rank: 5781
2 MB
2 typekit.net
use.typekit.net — Cisco Umbrella Rank: 440
p.typekit.net — Cisco Umbrella Rank: 577
1 KB
1 bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2334
25 KB
1 mee6-verification.xyz
mee6-verification.xyz
1 KB
6 4
Domain Requested by
2 media.discordapp.net mee6-verification.xyz
1 p.typekit.net use.typekit.net
1 use.typekit.net mee6-verification.xyz
1 stackpath.bootstrapcdn.com mee6-verification.xyz
1 mee6-verification.xyz
6 5

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-02-13 -
2024-02-12
a year crt.sh
use.typekit.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-09-14 -
2023-10-15
a year crt.sh
discordapp.net
Cloudflare Inc ECC CA-3
2022-10-03 -
2023-10-03
a year crt.sh

This page contains 1 frames:

Primary Page: https://mee6-verification.xyz/
Frame ID: 41FF308C47EB84AE0937CAFC70022D23
Requests: 6 HTTP requests in this frame

Screenshot

Page Title

Discord Confirmation

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Overall confidence: 100%
Detected patterns
  • <link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Page Statistics

6
Requests

100 %
HTTPS

80 %
IPv6

4
Domains

5
Subdomains

5
IPs

4
Countries

2404 kB
Transfer

2538 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
mee6-verification.xyz/
2 KB
1 KB
Document
General
Full URL
https://mee6-verification.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
8c0386b9e97ef5f685a69ebda001e2cc21fd9ca77ed1025bed07bd31ef71ed41

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
public, max-age=0
cf-cache-status
DYNAMIC
cf-ray
79ca76307c033651-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 20 Feb 2023 21:51:06 GMT
last-modified
Thu, 29 Dec 2022 01:40:37 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5aENrtUtsHb%2FrT4cK%2B%2B6XG9tLpdKuLCsQlmlRB3cKZhyhx1nSFuE1iKu3FnTMNzAoFdTfdLmldHTI%2F2gsR1kwJdTbIIjN0l%2B2pHoPM%2BRr43oMoFI0YsmRDHDvRNTD2189Bk5zTkoimDr2UK4463GScdiogI%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/
157 KB
25 KB
Stylesheet
General
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
Requested by
Host: mee6-verification.xyz
URL: https://mee6-verification.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://mee6-verification.xyz/
Origin
https://mee6-verification.xyz
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Mon, 20 Feb 2023 21:51:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
cdn-edgestorageid
845
cdn-cachedat
11/24/2022 02:27:52
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:10 GMT
cdn-proxyver
1.03
cdn-requestpullcode
200
server
cloudflare
etag
W/"3afe15e976734d9daac26310110c4594"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
f52ad519bb9bfdf82b38f0aa1149d309
timing-allow-origin
*
cdn-requestcountrycode
US
cdn-status
200
cf-ray
79ca763159962c7e-FRA
cdn-requestpullsuccess
True
joc7wli.css
use.typekit.net/
6 KB
1 KB
Stylesheet
General
Full URL
https://use.typekit.net/joc7wli.css
Requested by
Host: mee6-verification.xyz
URL: https://mee6-verification.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
82d5c8126fceb14a7c701ee0410044b256bfcdc7aaf147d6c3186bca42709061
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://mee6-verification.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Mon, 20 Feb 2023 21:51:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
895
755244169898885160.gif
media.discordapp.net/attachments/851389970840944640/851390759998586910/
1 MB
1 MB
Image
General
Full URL
https://media.discordapp.net/attachments/851389970840944640/851390759998586910/755244169898885160.gif
Requested by
Host: mee6-verification.xyz
URL: https://mee6-verification.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.128.232 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f81e626efeacfaacbf060eb78a0bbe6daa0d1de15cb9ab4a31578b60d715ef4e

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://mee6-verification.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Mon, 20 Feb 2023 21:51:06 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
361134
content-length
1257502
last-modified
Mon, 07 Jun 2021 09:22:55 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FD3fPpH3ocbSskU9tP9S9KAEFPXPQ3Zf6I%2BbehUSVUxOZDJ%2FNc%2BzmNqFK8Bs2I6Xn3AOhzHpnaQUmf7NXub8FTJtlV%2FGkIQznjby2q9QVe9aEHbB6gGNxUgBOAOf7Z54jHiIL9Hm"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
79ca76315e0e30db-FRA
x-robots-tag
noindex, nofollow, noarchive, nocache, noimageindex, noodp
expires
Tue, 20 Feb 2024 21:51:06 GMT
p.css
p.typekit.net/
5 B
181 B
Stylesheet
General
Full URL
https://p.typekit.net/p.css?s=1&k=joc7wli&ht=tk&f=139.140.173.174.175.176.25136.25137&a=9862910&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/joc7wli.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:11a::6867:4832 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://use.typekit.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Mon, 20 Feb 2023 21:51:06 GMT
last-modified
Sun, 01 May 2022 15:58:42 GMT
server
nginx
etag
"626eae32-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
755243061088616458.gif
media.discordapp.net/attachments/851389970840944640/851390664788934656/
1 MB
1 MB
Image
General
Full URL
https://media.discordapp.net/attachments/851389970840944640/851390664788934656/755243061088616458.gif
Requested by
Host: mee6-verification.xyz
URL: https://mee6-verification.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.128.232 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
114e67405826448c9a4cbde3d543c2382e40dcab06dfa046889a8decfb7cdc57

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://mee6-verification.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Mon, 20 Feb 2023 21:51:06 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
704306
content-length
1172828
last-modified
Mon, 07 Jun 2021 09:22:32 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sNQl7Tl9oQhz%2BdYwg1VPQYmerkg4NRiUBdsHOHOYY6CAjxQGnebIdQPTcpG6IsTqVtEnpkhlhliG0quW7DS0XvW5VksCMq3zlM2Zt%2FActrck3oIYTtBzGfFZvbC8uNPGkqYhRp7V"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
79ca763479e430db-FRA
x-robots-tag
noindex, nofollow, noarchive, nocache, noimageindex, noodp
expires
Tue, 20 Feb 2024 21:51:06 GMT

Verdicts & Comments Add Verdict or Comment


Malicious task.url
Submitted on February 20th 2023, 9:51:15 pm UTC — From United States

Threats: Phishing Scam
Comment: This domain is present in the Sinking Yachts anti-phishing list. More Info: https://sinking.yachts

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange

1 Cookies

Domain/Path Name / Value
.discordapp.net/ Name: __cfruid
Value: 89741a67868731589bf0258c3cd726798e1781ea-1676929866