urlscan.io logo urlscan.io
SecurityTrails logo

videosnew.github.io Open in urlscan Pro
2606:50c0:8000::153  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://videosnew.github.io/pague-1/
Submission: On June 29 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 5 HTTP transactions. The main IP is 2606:50c0:8000::153, located in United States and belongs to FASTLY, US. The main domain is videosnew.github.io.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on April 7th 2022. Valid for: a year.
This is the only time videosnew.github.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 2606:50c0:800... 54113 (FASTLY)
1 3 63.250.38.200 22612 (NAMECHEAP...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 1 67.202.94.86 32748 (STEADFAST)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
5 5
1    2606:50c0:8000::153 (United States)

ASN54113 (FASTLY, US)
videosnew.github.io
3    63.250.38.200 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: business62-4.web-hosting.com
onlinepaknew.site
1    2606:4700:20::681a:164 (United States)

ASN13335 (CLOUDFLARENET, US)
get.geojs.io
1    67.202.94.86 (Chicago, United States)

ASN32748 (STEADFAST, US)
PTR: amung.us
whos.amung.us
1    2606:4700:10::6816:4aab (United States)

ASN13335 (CLOUDFLARENET, US)
widgets.amung.us
Apex Domain
Subdomains		 Transfer
3 onlinepaknew.site
onlinepaknew.site
501 KB
2 amung.us
whos.amung.us — Cisco Umbrella Rank: 14886
widgets.amung.us — Cisco Umbrella Rank: 16044
2 KB
1 geojs.io
get.geojs.io — Cisco Umbrella Rank: 17610
938 B
1 github.io
videosnew.github.io
528 B
5 4
Domain Requested by
3 onlinepaknew.site 1 redirects videosnew.github.io
1 widgets.amung.us
1 whos.amung.us 1 redirects
1 get.geojs.io videosnew.github.io
1 videosnew.github.io
5 5

This site contains no links.

Subject Issuer Validity Valid
*.github.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-04-07 -
2023-04-07		 a year crt.sh
onlinepaknew.site
Sectigo RSA Domain Validation Secure Server CA		 2021-07-23 -
2022-07-23		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-05-11 -
2023-05-11		 a year crt.sh

This page contains 1 frames:

Primary Page: https://videosnew.github.io/pague-1/
Frame ID: 67962F708A2037DD91D94B061F42FCAF
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Facebook-Video-178.162.209.129

Detected technologies

Overall confidence: 100%
Detected patterns
  • ^https?://[^/]+\.github\.io

Page Statistics

5
Requests

60 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

1
Countries

504 kB
Transfer

773 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://onlinepaknew.site/location HTTP 301
  • https://onlinepaknew.site/location/
Request Chain 4
  • https://whos.amung.us/widget/1si0uzxbdr HTTP 307
  • https://widgets.amung.us/classic/00/82.png

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
videosnew.github.io/pague-1/ 		114 B
528 B 		Document
General
Check archive.org
Download Go to
Full URL
https://videosnew.github.io/pague-1/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8000::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
71226868a04e86f9595ab837fa93e2aec575555513b22860eaa8279159bcbe70
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
0
cache-control
max-age=600
content-length
114
content-type
text/html; charset=utf-8
date
Wed, 29 Jun 2022 13:16:18 GMT
etag
"62bbaab4-72"
expires
Wed, 29 Jun 2022 12:26:55 GMT
last-modified
Wed, 29 Jun 2022 01:28:20 GMT
permissions-policy
interest-cohort=()
server
GitHub.com
strict-transport-security
max-age=31556952
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
1
x-fastly-request-id
d40c4ca0895554b711d2acfb620edfc1b76a9824
x-github-request-id
A9CA:BAC5:21EB4D7:231AEA9:62BC42B7
x-proxy-cache
MISS
x-served-by
cache-fra19161-FRA
x-timer
S1656508579.624394,VS0,VE101
/
onlinepaknew.site/ 		717 KB
500 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onlinepaknew.site/?api=1&lan=facebooknew&ht=1
Requested by
Host: videosnew.github.io
URL: https://videosnew.github.io/pague-1/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
63.250.38.200 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business62-4.web-hosting.com
Software
LiteSpeed / PHP/7.2.34
Resource Hash
e489d64a1225803516af9a2d450f96d8fc6a934ae0bf947d612d17457cd70225
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://videosnew.github.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Jun 2022 13:16:19 GMT
content-encoding
br
x-content-type-options
nosniff
server
LiteSpeed
x-powered-by
PHP/7.2.34
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
no-store, no-cache, must-revalidate
x-turbo-charged-by
LiteSpeed
strict-transport-security
max-age=31536000; includeSubDomains; preload;
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
expires
Thu, 19 Nov 1981 08:52:00 GMT
/
onlinepaknew.site/location/
Redirect Chain
  • https://onlinepaknew.site/location
  • https://onlinepaknew.site/location/
1 KB
832 B 		Script
General
Check archive.org
Download Go to
Full URL
https://onlinepaknew.site/location/
Protocol
H2
Server
63.250.38.200 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business62-4.web-hosting.com
Software
LiteSpeed / PHP/7.2.34
Resource Hash
ce0b3cc4048b5dd27f352533ac47cbdef8f4bb9a5170a7fa6d2a917428946599
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://videosnew.github.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Wed, 29 Jun 2022 13:16:20 GMT
content-encoding
br
referrer-policy
no-referrer-when-downgrade
server
LiteSpeed
x-powered-by
PHP/7.2.34
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-xss-protection
1; mode=block
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
strict-transport-security
max-age=31536000; includeSubDomains; preload;
vary
Accept-Encoding
content-length
428
x-content-type-options
nosniff
expires
Wed, 06 Jul 2022 13:16:20 GMT

Redirect headers

date
Wed, 29 Jun 2022 13:16:20 GMT
referrer-policy
no-referrer-when-downgrade
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
text/html
location
https://onlinepaknew.site/location/
x-xss-protection
1; mode=block
x-turbo-charged-by
LiteSpeed
strict-transport-security
max-age=31536000; includeSubDomains; preload;
content-length
707
x-content-type-options
nosniff
geo.json
get.geojs.io/v1/ip/ 		329 B
938 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://get.geojs.io/v1/ip/geo.json
Requested by
Host: videosnew.github.io
URL: https://videosnew.github.io/pague-1/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:164 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5af637c7bc1f5dcf442acc214c758e234165380453e33c18803347be7e0df58f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://videosnew.github.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Wed, 29 Jun 2022 13:16:20 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id
1e2728c2913ef31596a35749168da96c-AMS
x-geojs-location
AMS
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EBoFclHt0Ntz34gSAtVc0aspu8LmnXG4hYAWC%2BgjMC78RgUoJh4FiiwrItejq5E8hcV%2BsQI%2FYM6atzkuWt1JxLjtM6aXvnqf5uOg6cSLN%2BT1ZkEjdWxBaviLRXY9zV9NCdfpL62jgT83EQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, private, max-age=0
cf-ray
722eefa29bcc905b-FRA
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
image/png
82.png
widgets.amung.us/classic/00/
Redirect Chain
  • https://whos.amung.us/widget/1si0uzxbdr
  • https://widgets.amung.us/classic/00/82.png
1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://widgets.amung.us/classic/00/82.png
Protocol
H2
Server
2606:4700:10::6816:4aab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57f4748e7559a1d929842bf88465bd12e2f8b4a2b472aaced3a1cbe4ca20eb3c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://videosnew.github.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Wed, 29 Jun 2022 13:16:20 GMT
cf-cache-status
HIT
last-modified
Sun, 13 Jun 2010 09:03:09 GMT
server
cloudflare
age
1535858
etag
"4c149ecd-5f7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
722eefa4bd5c9188-FRA
content-length
1527
expires
Sun, 12 Jun 2022 18:38:42 GMT

Redirect headers

location
https://widgets.amung.us/classic/00/82.png
date
Wed, 29 Jun 2022 13:16:20 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
truncated
/ 		51 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7281941fed81ed9caf5728727e05da4a94b442c36796e1a5b1d6106f242ed11f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| sh boolean| IS_MOBILE number| limit_bot string| object string| type string| OUTPUT object| ___ object| params number| tt undefined| to_object string| a function| checking function| creatingInput function| searchingForms

0 Cookies

1 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556952