kingfaisalprize.org
Open in
urlscan Pro
2606:4700:20::ac43:4430
Malicious Activity!
Public Scan
Effective URL: https://kingfaisalprize.org/wp-email/webmail/?client_id=l0psj4qZUft8vrJ1iWAcg7&redirect_uri=https%3A%2F%2Fwww.undefined%2F&p...
Submission: On June 26 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 29th 2021. Valid for: a year.
This is the only time kingfaisalprize.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
1 13 | 2606:4700:20:... 2606:4700:20::ac43:4430 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2404:6800:400... 2404:6800:4004:823::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 143.204.86.125 143.204.86.125 | 16509 (AMAZON-02) (AMAZON-02) | |
15 | 4 |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-86-125.nrt12.r.cloudfront.net
logo.clearbit.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
kingfaisalprize.org
1 redirects
kingfaisalprize.org |
258 KB |
1 |
clearbit.com
logo.clearbit.com — Cisco Umbrella Rank: 23660 |
|
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 307 |
30 KB |
1 |
web.app
nets-7be83.web.app |
622 B |
15 | 4 |
Domain | Requested by | |
---|---|---|
13 | kingfaisalprize.org |
1 redirects
nets-7be83.web.app
kingfaisalprize.org |
1 | logo.clearbit.com |
kingfaisalprize.org
|
1 | ajax.googleapis.com |
kingfaisalprize.org
|
1 | nets-7be83.web.app | |
15 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.undefined |
Subject Issuer | Validity | Valid | |
---|---|---|---|
web.app GTS CA 1D4 |
2022-06-13 - 2022-09-11 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-11-29 - 2022-11-28 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-06-06 - 2022-08-29 |
3 months | crt.sh |
clearbit.com Amazon |
2022-03-23 - 2023-04-21 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://kingfaisalprize.org/wp-email/webmail/?client_id=l0psj4qZUft8vrJ1iWAcg7&redirect_uri=https%3A%2F%2Fwww.undefined%2F&protectedtoken=false&id=&Country=&x=dW5kZWZpbmVk
Frame ID: 94C20170138E13A9FB4A874B67E649F9
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
Undefined WebClientPage URL History Show full URLs
- https://nets-7be83.web.app/ Page URL
-
https://kingfaisalprize.org/wp-email/?email=undefined
HTTP 302
https://kingfaisalprize.org/wp-email/webmail/?client_id=l0psj4qZUft8vrJ1iWAcg7&redirect_uri=https%3A%2F%... Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: www.undefined
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://nets-7be83.web.app/ Page URL
-
https://kingfaisalprize.org/wp-email/?email=undefined
HTTP 302
https://kingfaisalprize.org/wp-email/webmail/?client_id=l0psj4qZUft8vrJ1iWAcg7&redirect_uri=https%3A%2F%2Fwww.undefined%2F&protectedtoken=false&id=&Country=&x=dW5kZWZpbmVk Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
nets-7be83.web.app/ |
617 B 622 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
kingfaisalprize.org/wp-email/webmail/ Redirect Chain
|
7 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.css
kingfaisalprize.org/wp-email/webmail/css/ |
2 KB 971 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
config.js
kingfaisalprize.org/wp-email/webmail/js/ |
37 B 395 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
kingfaisalprize.org/wp-email/webmail/css/ |
46 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pikaday.css
kingfaisalprize.org/wp-email/webmail/css/ |
3 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ |
82 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
undefined
logo.clearbit.com/ |
0 0 |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
framework.min.js
kingfaisalprize.org/wp-email/webmail/js/ |
33 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.min.js
kingfaisalprize.org/wp-email/webmail/js/ |
402 KB 99 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.svg
kingfaisalprize.org/wp-email/webmail/images/icons/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
kingfaisalprize.org/icewarpapi/ |
25 KB 7 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
background.svg
kingfaisalprize.org/wp-email/webmail/images/ |
2 KB 1005 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Roboto-Medium.woff2
kingfaisalprize.org/wp-email/webmail/fonts/ |
62 KB 63 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Roboto-Regular.woff2
kingfaisalprize.org/wp-email/webmail/fonts/ |
62 KB 62 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| config function| $ function| jQuery function| require object| hashChange function| __ object| Debugger object| _me1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
kingfaisalprize.org/ | Name: PHPSESSID Value: f1163dc791672b18e9647c58cf270277 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
kingfaisalprize.org
logo.clearbit.com
nets-7be83.web.app
143.204.86.125
2404:6800:4004:823::200a
2606:4700:20::ac43:4430
2620:0:890::100
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
1f4044eaec2f2fbcbc6bff8303e7f7245c77ea92251c34e8d81edfd5a31dd912
24ea28de4024f1f149a5883d400c102b021cdb0dd0af6a759d9d139b2d7685e1
2fea2f2aa913b7aa163f45c897a463ba47a00fba670f747ead3d73c44c0d61bd
43c812e91778bed6e73a73a0fde5fda61b793930ada817126abc015587f53a50
63a602d76f364623cb6477ff9237f60df0bd2c5948658207974864c1c2275793
65de8a3e5c4e0307b538ebe97df4dbcae0303b7a7afc5753aba95c218ae33a8e
687c54662b84844c54be2a5a39421290e7ccc05bc8298983d304f28af7e11083
8675c05f29ef8e202ed9da0280043a284772f8124459cfdcb6726b8bf978582d
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
8e3cd8cdbb636d4285ff2edec5f9fb696f03cd5f7d7de598718185968e017d06
b71202778447163f1477808454c94378d0cb882f6950abcdae140770bc0ddb43
e32d955bba99f69239105a5e6b26d7ed3115363bee2f4a088a28a7cb927e51d4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855