dlaurorazone.top
Open in
urlscan Pro
172.67.214.183
Malicious Activity!
Public Scan
Effective URL: https://dlaurorazone.top/?ckey=7af2be9d5dd4d6de1d6d&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972781480981855
Submission: On June 20 via api from PL — Scanned from PL
Summary
TLS certificate: Issued by E6 on June 7th 2024. Valid for: 3 months.
This is the only time dlaurorazone.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PKN Orlen (Extraction)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 172.67.214.183 172.67.214.183 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 188.208.196.89 188.208.196.89 | 49981 (WORLDSTREAM) (WORLDSTREAM) | |
1 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
dlaurorazone.top
dlaurorazone.top |
1 KB |
1 |
dltechguruspot.com
dltechguruspot.com |
|
1 |
dgtlt-direction.com
1 redirects
dgtlt-direction.com |
469 B |
3 | 3 |
Domain | Requested by | |
---|---|---|
2 | dlaurorazone.top | |
1 | dltechguruspot.com |
dlaurorazone.top
|
1 | dgtlt-direction.com | 1 redirects |
3 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
dlaurorazone.top E6 |
2024-06-07 - 2024-09-05 |
3 months | crt.sh |
dltechguruspot.com WE1 |
2024-06-07 - 2024-09-05 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://dlaurorazone.top/?ckey=7af2be9d5dd4d6de1d6d&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972781480981855
Frame ID: 81CEFED1D5E7547450B7AF49BD46E31E
Requests: 2 HTTP requests in this frame
Frame:
https://dltechguruspot.com/all/pl/orlen-native_pl/?clickid=cppt0g0ia5ls73csboe0&campaign_id=131&fbpixel=972781480981855&ympixel=972781480981855>pixel=972781480981855&sub3=ID17&sub4={{ad.name}}&sub5=orlen&offer_id=158&campaign_key=7af2be9d5dd4d6de1d6d&landing=&etc=&source=1
Frame ID: 67BEBB6F63FA10AA9BA75F8F161C2079
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Welcome!Page URL History Show full URLs
-
http://dlaurorazone.top/?ckey=7af2be9d5dd4d6de1d6d&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972...
HTTP 307
https://dlaurorazone.top/?ckey=7af2be9d5dd4d6de1d6d&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://dlaurorazone.top/?ckey=7af2be9d5dd4d6de1d6d&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972781480981855
HTTP 307
https://dlaurorazone.top/?ckey=7af2be9d5dd4d6de1d6d&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972781480981855 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://dgtlt-direction.com/click?key=7af2be9d5dd4d6de1d6d&domain=dlaurorazone.top&sub3=ID17&sub5=orlen&sub4={{ad.name}}&fbpixel=972781480981855 HTTP 307
- https://dltechguruspot.com/all/pl/orlen-native_pl/?clickid=cppt0g0ia5ls73csboe0&campaign_id=131&fbpixel=972781480981855&ympixel=972781480981855>pixel=972781480981855&sub3=ID17&sub4={{ad.name}}&sub5=orlen&offer_id=158&campaign_key=7af2be9d5dd4d6de1d6d&landing=&etc=&source=1
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
dlaurorazone.top/ Redirect Chain
|
478 B 750 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
dltechguruspot.com/all/pl/orlen-native_pl/ Frame 67BE Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
dlaurorazone.top/ |
278 B 648 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PKN Orlen (Extraction)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 undefined| event object| fence object| sharedStorage11 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.yandex.ru/ | Name: i Value: 0p1qSx4TX13xas0wk08uwcb9PpUKSVn8u33KMg/oSMP+BrHTgjzZR1WENxVXzRx+qPPuoGT1u00/RrlUjDdkBtY3pCE= |
|
.yandex.ru/ | Name: yandexuid Value: 4430746131718865985 |
|
.yandex.ru/ | Name: yashr Value: 5271594231718865985 |
|
mc.yandex.ru/ | Name: bh Value: EkAiTm90L0EpQnJhbmQiO3Y9IjgiLCAiQ2hyb21pdW0iO3Y9IjEyNiIsICJHb29nbGUgQ2hyb21lIjt2PSIxMjYiKgI/MDoHIkxpbnV4Ig== |
|
.dltechguruspot.com/ | Name: _ym_uid Value: 1718865985659610221 |
|
.dltechguruspot.com/ | Name: _ym_d Value: 1718865985 |
|
mc.yandex.com/ | Name: bh Value: EkAiTm90L0EpQnJhbmQiO3Y9IjgiLCAiQ2hyb21pdW0iO3Y9IjEyNiIsICJHb29nbGUgQ2hyb21lIjt2PSIxMjYiKgI/MDoHIkxpbnV4Ig== |
|
.yandex.com/ | Name: i Value: dTYUN2yLkHooBuFEf9xZdRj+br78q8hACuL5V6NtCdbmZ1WeYZcEZDju1lhHjOAr/hGxiWZY4bUgRVb0tQm+Xi6ApdU= |
|
.yandex.com/ | Name: yandexuid Value: 373268321718865985 |
|
.yandex.com/ | Name: yashr Value: 7224471551718865985 |
|
.dltechguruspot.com/ | Name: _ym_isad Value: 2 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dgtlt-direction.com
dlaurorazone.top
dltechguruspot.com
172.67.214.183
188.114.97.3
188.208.196.89
4f0492bdb29eb242eb80cf5035da1e947b9bb5102151e0c653c8478f06ddc792
70912b7fbde0a828ad2a384a313da1f298b0844af1960edacf529adff67ba7f8