dlaurorazone.top - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 3 HTTP transactions. The main IP is 172.67.214.183, located in United States and belongs to CLOUDFLARENET, US. The main domain is dlaurorazone.top.
TLS certificate: Issued by E6 on June 7th 2024. Valid for: 3 months.

This is the only time dlaurorazone.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PKN Orlen (Extraction)

Domain & IP information

	IP Address	AS Autonomous System
2	172.67.214.183 172.67.214.183	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	188.208.196.89 188.208.196.89	49981 (WORLDSTREAM) (WORLDSTREAM)
1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2

2 172.67.214.183 (United States)

ASN13335 (CLOUDFLARENET, US)

dlaurorazone.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.208.196.89 (Naaldwijk, Netherlands) 1 redirects

ASN49981 (WORLDSTREAM, NL)

dgtlt-direction.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

dltechguruspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	dlaurorazone.top dlaurorazone.top	1 KB
1	dltechguruspot.com dltechguruspot.com
1	dgtlt-direction.com 1 redirects dgtlt-direction.com	469 B
3	3

	Domain	Requested by
2	dlaurorazone.top
1	dltechguruspot.com	dlaurorazone.top
1	dgtlt-direction.com	1 redirects
3	3

This site contains no links.

Subject Issuer	Validity	Valid
dlaurorazone.top E6	`2024-06-07` - `2024-09-05`	3 months	crt.sh
dltechguruspot.com WE1	`2024-06-07` - `2024-09-05`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://dlaurorazone.top/?ckey=7af2be9d5dd4d6de1d6d&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972781480981855
Frame ID: 81CEFED1D5E7547450B7AF49BD46E31E
Requests: 2 HTTP requests in this frame

Frame: https://dltechguruspot.com/all/pl/orlen-native_pl/?clickid=cppt0g0ia5ls73csboe0&campaign_id=131&fbpixel=972781480981855&ympixel=972781480981855&gtpixel=972781480981855&sub3=ID17&sub4={{ad.name}}&sub5=orlen&offer_id=158&campaign_key=7af2be9d5dd4d6de1d6d&landing=&etc=&source=1
Frame ID: 67BEBB6F63FA10AA9BA75F8F161C2079
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Welcome!

Page URL History Show full URLs

http://dlaurorazone.top/?ckey=7af2be9d5dd4d6de1d6d&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972... HTTP 307
https://dlaurorazone.top/?ckey=7af2be9d5dd4d6de1d6d&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972... Page URL

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

1 kB
Transfer

1 kB
Size

11
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://dlaurorazone.top/?ckey=7af2be9d5dd4d6de1d6d&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972781480981855 HTTP 307
https://dlaurorazone.top/?ckey=7af2be9d5dd4d6de1d6d&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972781480981855 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://dgtlt-direction.com/click?key=7af2be9d5dd4d6de1d6d&domain=dlaurorazone.top&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972781480981855 HTTP 307
https://dltechguruspot.com/all/pl/orlen-native_pl/?clickid=cppt0g0ia5ls73csboe0&campaign_id=131&fbpixel=972781480981855&ympixel=972781480981855&gtpixel=972781480981855&sub3=ID17&sub4={{ad.name}}&sub5=orlen&offer_id=158&campaign_key=7af2be9d5dd4d6de1d6d&landing=&etc=&source=1

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response dlaurorazone.top/ Redirect Chain http://dlaurorazone.top/?ckey=7af2be9d5dd4d6de1d6d&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972781480981855 https://dlaurorazone.top/?ckey=7af2be9d5dd4d6de1d6d&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972781480981855	478 B 750 B	256ms 115ms	Document text/html	172.67.214.183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dlaurorazone.top/?ckey=7af2be9d5dd4d6de1d6d&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972781480981855 Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.214.183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4f0492bdb29eb242eb80cf5035da1e947b9bb5102151e0c653c8478f06ddc792` Request headers Accept-Language pl-PL,pl;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8969cd2ec9e8bbb1-WAW content-encoding br content-type text/html; charset=UTF-8 date Thu, 20 Jun 2024 06:46:23 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LZAfRcKG4UkJ7XRU2xmuokBKjjXXmyQPj6XamfnHhtLLzpo6QjglLRffn%2BaKtIkHyrDgVHdCAgEaEnoiFHuAZvPAPYHAJmp6hWfvsc5kCcsbnOhyBg2IkwHY7k%2BGNLapO5Sc"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers Location https://dlaurorazone.top/?ckey=7af2be9d5dd4d6de1d6d&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972781480981855 Non-Authoritative-Reason HttpsUpgrades
GET H3	200	/ dltechguruspot.com/all/pl/orlen-native_pl/ Frame 67BE Redirect Chain https://dgtlt-direction.com/click?key=7af2be9d5dd4d6de1d6d&domain=dlaurorazone.top&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972781480981855 https://dltechguruspot.com/all/pl/orlen-native_pl/?clickid=cppt0g0ia5ls73csboe0&campaign_id=131&fbpixel=972781480981855&ympixel=972781480981855&gtpixel=972781480981855&sub3=ID17&sub4={{ad.name}}&su...	0 0	188ms 143ms	Document text/html	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dltechguruspot.com/all/pl/orlen-native_pl/?clickid=cppt0g0ia5ls73csboe0&campaign_id=131&fbpixel=972781480981855&ympixel=972781480981855&gtpixel=972781480981855&sub3=ID17&sub4={{ad.name}}&sub5=orlen&offer_id=158&campaign_key=7af2be9d5dd4d6de1d6d&landing=&etc=&source=1 Requested by Host: dlaurorazone.top URL: https://dlaurorazone.top/?ckey=7af2be9d5dd4d6de1d6d&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972781480981855 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Accept-Language pl-PL,pl;q=0.9;q=0.9 Referer https://dlaurorazone.top/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8969cd31096c70ba-WAW content-encoding br content-type text/html; charset=UTF-8 date Thu, 20 Jun 2024 06:46:24 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6QmipfUdk6EH%2B%2FgjM0nOqzwBTGRcDLYfkCKVBlEpZjYhBwgBQ1LbVAQww%2B4O8vnBH%2Ftsxav1d1zKfgR3MO4bLFVNg%2BZUyJ%2Fc5mBUOMiaxcsXYLqm9zs1L1cEhymMNa%2BI7MHchIQ%3D"}],"group":"cf-nel","max_age":604800} server cloudflare Redirect headers content-length 0 date Thu, 20 Jun 2024 06:46:24 GMT location https://dltechguruspot.com/all/pl/orlen-native_pl/?clickid=cppt0g0ia5ls73csboe0&campaign_id=131&fbpixel=972781480981855&ympixel=972781480981855&gtpixel=972781480981855&sub3=ID17&sub4={{ad.name}}&sub5=orlen&offer_id=158&campaign_key=7af2be9d5dd4d6de1d6d&landing=&etc=&source=1 server Caddy x-request-id 5190ff20-85b7-4df5-aaaf-08b90ce0c23d
GET H3	404	favicon.ico dlaurorazone.top/	278 B 648 B	153ms 145ms	Other text/html	172.67.214.183 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dlaurorazone.top/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.214.183 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `70912b7fbde0a828ad2a384a313da1f298b0844af1960edacf529adff67ba7f8` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://dlaurorazone.top/?ckey=7af2be9d5dd4d6de1d6d&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972781480981855 Accept-Language pl-PL,pl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 06:46:26 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OTHrthDrtkp51knv7UB%2FnTAl2FH8TVrsk0YzDDRvsOnzhyvvJrnkooc0uZmG9lATP9IVVTmpf7PAzCFfj0MhFxrnqpRmO2A4dvTJfBGGuJBLl0RvlG2kfzv0ICBdwnxrC9JH"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 8969cd3ceeebbbb1-WAW alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PKN Orlen (Extraction)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 undefined| event object| fence object| sharedStorage

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.yandex.ru/	1970-01-21 07:03:45	Name: i Value: 0p1qSx4TX13xas0wk08uwcb9PpUKSVn8u33KMg/oSMP+BrHTgjzZR1WENxVXzRx+qPPuoGT1u00/RrlUjDdkBtY3pCE=
.yandex.ru/	1970-01-21 07:03:45	Name: yandexuid Value: 4430746131718865985
.yandex.ru/	1970-01-21 06:13:21	Name: yashr Value: 5271594231718865985
mc.yandex.ru/	1970-01-21 06:13:21	Name: bh Value: EkAiTm90L0EpQnJhbmQiO3Y9IjgiLCAiQ2hyb21pdW0iO3Y9IjEyNiIsICJHb29nbGUgQ2hyb21lIjt2PSIxMjYiKgI/MDoHIkxpbnV4Ig==
.dltechguruspot.com/	1970-01-21 06:13:21	Name: _ym_uid Value: 1718865985659610221
.dltechguruspot.com/	1970-01-21 06:13:21	Name: _ym_d Value: 1718865985
mc.yandex.com/	1970-01-21 06:13:21	Name: bh Value: EkAiTm90L0EpQnJhbmQiO3Y9IjgiLCAiQ2hyb21pdW0iO3Y9IjEyNiIsICJHb29nbGUgQ2hyb21lIjt2PSIxMjYiKgI/MDoHIkxpbnV4Ig==
.yandex.com/	1970-01-21 07:03:45	Name: i Value: dTYUN2yLkHooBuFEf9xZdRj+br78q8hACuL5V6NtCdbmZ1WeYZcEZDju1lhHjOAr/hGxiWZY4bUgRVb0tQm+Xi6ApdU=
.yandex.com/	1970-01-21 07:03:45	Name: yandexuid Value: 373268321718865985
.yandex.com/	1970-01-21 06:13:21	Name: yashr Value: 7224471551718865985
.dltechguruspot.com/	1970-01-20 21:28:57	Name: _ym_isad Value: 2

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://dlaurorazone.top/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dgtlt-direction.com
dlaurorazone.top
dltechguruspot.com
172.67.214.183
188.114.97.3
188.208.196.89
4f0492bdb29eb242eb80cf5035da1e947b9bb5102151e0c653c8478f06ddc792
70912b7fbde0a828ad2a384a313da1f298b0844af1960edacf529adff67ba7f8

dlaurorazone.top Open in urlscan Pro 172.67.214.183 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

3 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

1 kBTransfer

1 kBSize

11 Cookies

0 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

11 Cookies

1 Console Messages

Indicators

dlaurorazone.top Open in urlscan Pro
172.67.214.183 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

1 kB
Transfer

1 kB
Size

11
Cookies

3 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!