acrostics.knuckleheads.world
Open in
urlscan Pro
188.114.96.3
Malicious Activity!
Public Scan
Effective URL: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292
Submission: On August 29 via manual from US — Scanned from AT
Summary
TLS certificate: Issued by WE1 on August 21st 2024. Valid for: 3 months.
This is the only time acrostics.knuckleheads.world was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 104.26.9.129 104.26.9.129 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 52.217.44.62 52.217.44.62 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 104.21.91.30 104.21.91.30 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 194.31.223.88 194.31.223.88 | 39521 (TNGNET) (TNGNET) | |
1 1 | 104.21.3.187 104.21.3.187 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 172.67.142.245 172.67.142.245 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
20 | 5 |
ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com
s3.amazonaws.com |
ASN13335 (CLOUDFLARENET, US)
acrostics.knuckleheads.world | |
trk-elevostra.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
knuckleheads.world
acrostics.knuckleheads.world |
230 KB |
4 |
trk-elevostra.com
trk-elevostra.com — Cisco Umbrella Rank: 357103 event.trk-elevostra.com — Cisco Umbrella Rank: 369321 |
3 KB |
2 |
shorturl.at
2 redirects
shorturl.at — Cisco Umbrella Rank: 78705 www.shorturl.at — Cisco Umbrella Rank: 90327 |
1 KB |
1 |
fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1950 |
426 KB |
1 |
enroutespecial.website
1 redirects
enroutespecial.website |
659 B |
1 |
onestpager.com
onestpager.com |
418 B |
1 |
termine-flohmarkt.com
1 redirects
termine-flohmarkt.com |
516 B |
1 |
amazonaws.com
s3.amazonaws.com |
550 B |
20 | 8 |
Domain | Requested by | |
---|---|---|
13 | acrostics.knuckleheads.world |
onestpager.com
acrostics.knuckleheads.world |
3 | event.trk-elevostra.com |
trk-elevostra.com
|
1 | trk-elevostra.com |
acrostics.knuckleheads.world
|
1 | use.fontawesome.com |
acrostics.knuckleheads.world
|
1 | enroutespecial.website | 1 redirects |
1 | onestpager.com |
s3.amazonaws.com
|
1 | termine-flohmarkt.com | 1 redirects |
1 | s3.amazonaws.com | |
1 | www.shorturl.at | 1 redirects |
1 | shorturl.at | 1 redirects |
20 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
s3.amazonaws.com Amazon RSA 2048 M01 |
2024-05-25 - 2025-05-02 |
a year | crt.sh |
onestpager.com R11 |
2024-08-07 - 2024-11-05 |
3 months | crt.sh |
knuckleheads.world WE1 |
2024-08-21 - 2024-11-19 |
3 months | crt.sh |
use.fontawesome.com Cloudflare Inc ECC CA-3 |
2023-10-12 - 2024-10-10 |
a year | crt.sh |
trk-elevostra.com WE1 |
2024-08-11 - 2024-11-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292
Frame ID: 6EDEB6DF467EF40ECD90844CEC98DCD5
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
Survey RewardsPage URL History Show full URLs
-
https://shorturl.at/c7Rde
HTTP 301
https://www.shorturl.at/c7Rde HTTP 302
https://s3.amazonaws.com/fdsgwffhgfshrqstrsgtfgsgqrgs/fdsgwffhgfshrqstrsgtfgsgqrgs.com Page URL
-
http://termine-flohmarkt.com/cl/31397_sd/107/16516335/364/51/296881
HTTP 307
https://termine-flohmarkt.com/cl/31397_sd/107/16516335/364/51/296881 HTTP 302
https://onestpager.com/0/0/0/e15b2e0c8bfffef79f0223e20f27acdb/107/31397_1/51_296881_717151_sd Page URL
-
https://enroutespecial.website/?id=270&s1=351258&s2=1222244479&s3=7214&p=us5strsweps7a
HTTP 302
https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292 Page URL
Detected technologies
animate.css (Web Frameworks) ExpandDetected patterns
- <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://shorturl.at/c7Rde
HTTP 301
https://www.shorturl.at/c7Rde HTTP 302
https://s3.amazonaws.com/fdsgwffhgfshrqstrsgtfgsgqrgs/fdsgwffhgfshrqstrsgtfgsgqrgs.com Page URL
-
http://termine-flohmarkt.com/cl/31397_sd/107/16516335/364/51/296881
HTTP 307
https://termine-flohmarkt.com/cl/31397_sd/107/16516335/364/51/296881 HTTP 302
https://onestpager.com/0/0/0/e15b2e0c8bfffef79f0223e20f27acdb/107/31397_1/51_296881_717151_sd Page URL
-
https://enroutespecial.website/?id=270&s1=351258&s2=1222244479&s3=7214&p=us5strsweps7a
HTTP 302
https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://shorturl.at/c7Rde HTTP 301
- https://www.shorturl.at/c7Rde HTTP 302
- https://s3.amazonaws.com/fdsgwffhgfshrqstrsgtfgsgqrgs/fdsgwffhgfshrqstrsgtfgsgqrgs.com
- http://termine-flohmarkt.com/cl/31397_sd/107/16516335/364/51/296881 HTTP 307
- https://termine-flohmarkt.com/cl/31397_sd/107/16516335/364/51/296881 HTTP 302
- https://onestpager.com/0/0/0/e15b2e0c8bfffef79f0223e20f27acdb/107/31397_1/51_296881_717151_sd
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
fdsgwffhgfshrqstrsgtfgsgqrgs.com
s3.amazonaws.com/fdsgwffhgfshrqstrsgtfgsgqrgs/ Redirect Chain
|
156 B 550 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
51_296881_717151_sd
onestpager.com/0/0/0/e15b2e0c8bfffef79f0223e20f27acdb/107/31397_1/ Redirect Chain
|
149 B 418 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
alqet
acrostics.knuckleheads.world/vdmu/mqgc/kgtt/ Redirect Chain
|
45 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
acrostics.knuckleheads.world/master/us191/ |
15 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
animate.min.css
acrostics.knuckleheads.world/master/us191/ |
70 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.js
use.fontawesome.com/releases/v5.15.4/js/ |
1 MB 426 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
datehead.js
acrostics.knuckleheads.world/master/us191/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
msg.js
acrostics.knuckleheads.world/inc/ |
943 B 921 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
script.js
acrostics.knuckleheads.world/master/us191/ |
11 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
v9e118mez8
trk-elevostra.com/scripts/push/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bg.jpg
acrostics.knuckleheads.world/master/us191/ |
80 KB 80 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.png
acrostics.knuckleheads.world/master/us191/ |
17 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
flaglogo.png
acrostics.knuckleheads.world/master/us191/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
product.png
acrostics.knuckleheads.world/master/us191/ |
89 KB 90 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f_guarantee.png
acrostics.knuckleheads.world/master/us191/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f_secure_1.png
acrostics.knuckleheads.world/master/us191/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
v9e118mez8
event.trk-elevostra.com/register/event_log/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H3 |
v9e118mez8
event.trk-elevostra.com/register/event_log/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
acrostics.knuckleheads.world/ |
0 503 B |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
v9e118mez8
event.trk-elevostra.com/register/event_log/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)39 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| datehax function| datenhax function| datenhay function| startTimer function| change object| MYCALL string| s1 string| s2 string| esource string| pshpub string| pshdomain object| answers number| lastQnum function| toNext object| states object| dones object| loadImg object| loadBgCol function| drawloader number| qn number| dsq function| urlBase64ToUint8Array function| pullUrlParams function| push_subscribe function| push_subscribe_promise function| setIfNull function| logPushEvent function| push_unsubscribe function| push_init function| setSessionId function| setUtm function| getSessionId function| getUrlVars function| getDomainName function| getStore function| setAttributes object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
onestpager.com/ | Name: uid7214 Value: 1222244479-20240829142545-51cd74691425c8c2de45052cead6d772-4475 |
|
enroutespecial.website/ | Name: PHPSESSID Value: bf37abba40902855bf305550d135f448 |
|
acrostics.knuckleheads.world/ | Name: PHPSESSID Value: d5f33dbc4d791f4fea256d83d11d8643 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
acrostics.knuckleheads.world
enroutespecial.website
event.trk-elevostra.com
onestpager.com
s3.amazonaws.com
shorturl.at
termine-flohmarkt.com
trk-elevostra.com
use.fontawesome.com
www.shorturl.at
104.21.3.187
104.21.91.30
104.26.9.129
172.67.142.245
188.114.96.3
188.114.97.3
194.31.223.88
52.217.44.62
0023a8f8391b10006ee27598323de8d0e3d019755e8f7a16e88464b1aef00b39
19f7dd15af70121da291e6df75452886b47a5d0e074f2ed422be30e8ec5d9671
3e2767fc3e1f1d7d7f1cc1be37b648b899523deaf8db76953718457f903c20f5
42e62350fb32fd41af399fb846eca09d2dcaa701294f969fd00fdfaa0fc4e48a
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
72e915d8d9710930c81a7fdd6c50d8047b97f76c70a729bd18dfe7dce5e93280
812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf
919d28e776ae8c0f93191abd7022076852fd46aeb3d59fecf0919e64e0ec7729
99c112fdb0e7b3176ac212625cab395f334e54e1233c75990d138ab6fdb6f18d
a45cef5e46aa1a339428e2ad060b97029c6e4470bff8b15d6a04c1d614d7b791
bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b
c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95
ce4adfce68d03582e988696235de9924396dc3c585aa7f29c00c8c11d1c2e7fb
d0153c9609014ff58bf803baebf5e7f076d732144b902a574173d40c02d5b2d7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f40bb858eb22d90a46bf5b15b88f97377413b7915958b0c40599605753f0e7b5