s01l.li
Open in
urlscan Pro
2606:4700:3031::6815:2a2
Malicious Activity!
Public Scan
Submission: On November 01 via manual from FR — Scanned from FR
Summary
TLS certificate: Issued by R3 on October 20th 2021. Valid for: 3 months.
This is the only time s01l.li was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700:303... 2606:4700:3031::6815:2a2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:303... 2606:4700:3034::6815:3f4a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 4 | 67.202.94.86 67.202.94.86 | 32748 (STEADFAST) (STEADFAST) | |
1 | 2606:4700:10:... 2606:4700:10::6816:4aab | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
amung.us
1 redirects
whos.amung.us widgets.amung.us |
2 KB |
1 |
moglin.xyz
short.moglin.xyz |
80 KB |
1 |
s01l.li
s01l.li |
791 B |
6 | 3 |
Domain | Requested by | |
---|---|---|
4 | whos.amung.us |
1 redirects
s01l.li
|
1 | widgets.amung.us |
s01l.li
|
1 | short.moglin.xyz |
s01l.li
|
1 | s01l.li | |
6 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s01l.li R3 |
2021-10-20 - 2022-01-18 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-17 - 2022-09-16 |
a year | crt.sh |
whos.amung.us Sectigo RSA Domain Validation Secure Server CA |
2020-05-21 - 2022-05-21 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://s01l.li/2pVKqYn
Frame ID: 8BBE5FA61645D65258039BA7934B8488
Requests: 8 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://whos.amung.us/widget/acortadorbr HTTP 307
- https://widgets.amung.us/classic/15/1550.png
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
2pVKqYn
s01l.li/ |
371 B 791 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
short.moglin.xyz/ |
235 KB 80 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1550.png
widgets.amung.us/classic/15/ Redirect Chain
|
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
27 B 27 B |
Image
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
51 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
18 B 18 B |
Image
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
29 B 29 B |
Image
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| dm string| head object| body0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
s01l.li
short.moglin.xyz
whos.amung.us
widgets.amung.us
2606:4700:10::6816:4aab
2606:4700:3031::6815:2a2
2606:4700:3034::6815:3f4a
67.202.94.86
1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b
21d04c1f3468d3dbad3c2a8f47bc57a572ad26170a5fa4bca20ac538324a1450
45e38f098c09f9987bd0b41991917c112578ddf6c031592b29ffa3fc313a9ab6
70c241c3755b00ca8923c199e257e3c99c75e41e93841848837a0c9c073428a3
7281941fed81ed9caf5728727e05da4a94b442c36796e1a5b1d6106f242ed11f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855