urlscan.io logo urlscan.io
SecurityTrails logo

s01l.li Open in urlscan Pro
2606:4700:3031::6815:2a2  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://s01l.li/2pVKqYn
Submission: On November 01 via manual from FR — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 3 domains to perform 6 HTTP transactions. The main IP is 2606:4700:3031::6815:2a2, located in United States and belongs to CLOUDFLARENET, US. The main domain is s01l.li.
TLS certificate: Issued by R3 on October 20th 2021. Valid for: 3 months.
This is the only time s01l.li was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 4 67.202.94.86 32748 (STEADFAST)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
6 5
Apex Domain
Subdomains		 Transfer
5 amung.us
whos.amung.us
widgets.amung.us
2 KB
1 moglin.xyz
short.moglin.xyz
80 KB
1 s01l.li
s01l.li
791 B
6 3
Domain Requested by
4 whos.amung.us 1 redirects s01l.li
1 widgets.amung.us s01l.li
1 short.moglin.xyz s01l.li
1 s01l.li
6 4

This site contains no links.

Subject Issuer Validity Valid
*.s01l.li
R3		 2021-10-20 -
2022-01-18		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-09-17 -
2022-09-16		 a year crt.sh
whos.amung.us
Sectigo RSA Domain Validation Secure Server CA		 2020-05-21 -
2022-05-21		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://s01l.li/2pVKqYn
Frame ID: 8BBE5FA61645D65258039BA7934B8488
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Facebook

Page Statistics

6
Requests

83 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

5
IPs

1
Countries

83 kB
Transfer

289 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://whos.amung.us/widget/acortadorbr HTTP 307
  • https://widgets.amung.us/classic/15/1550.png

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 2pVKqYn
s01l.li/ 		371 B
791 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s01l.li/2pVKqYn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:2a2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70c241c3755b00ca8923c199e257e3c99c75e41e93841848837a0c9c073428a3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
phone FBAN/MessengerLiteForiOS
Accept-Language
fr-FR,fr;q=0.9

Response headers

date
Mon, 01 Nov 2021 16:48:26 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9VYos45hike4If5FkgRKEh6b2eIhOdSBv9iU4CBs4i3DRJaSBEeu3fditaXrbvlmqPTcVIoRVrZkAcDoVW4dDPYcmTSWenlP3rfS%2FtYLLXozB3j9eALAS%2FGOQh5RU%2FehdY%2FQJRIq"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6a769c54fc953746-MXP
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
/
short.moglin.xyz/ 		235 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://short.moglin.xyz/?id=NaHtnbK/n0XDKkPLZ8in5Q==
Requested by
Host: s01l.li
URL: https://s01l.li/2pVKqYn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3f4a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.31
Resource Hash
21d04c1f3468d3dbad3c2a8f47bc57a572ad26170a5fa4bca20ac538324a1450

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://s01l.li/
User-Agent
phone FBAN/MessengerLiteForiOS

Response headers

pragma
no-cache
date
Mon, 01 Nov 2021 16:48:27 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.3.31
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xwKRdv86h7qgYY0jaUwq97j2%2F5soap%2BGVxBrtCNNlzkdGYV5r3rTJEDXKaZRV%2BY3RRbVBM5CJjbstyqcaxhvCCnFcuRwYyFn3x5BcebXJdfJM8f6gV2EJ7I2RKcKV4qz%2Bs5OhKRO47cL9UMua2tv"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-ray
6a769c5718bb59a1-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
1550.png
widgets.amung.us/classic/15/
Redirect Chain
  • https://whos.amung.us/widget/acortadorbr
  • https://widgets.amung.us/classic/15/1550.png
2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://widgets.amung.us/classic/15/1550.png
Requested by
Host: s01l.li
URL: https://s01l.li/2pVKqYn
Protocol
H2
Server
2606:4700:10::6816:4aab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45e38f098c09f9987bd0b41991917c112578ddf6c031592b29ffa3fc313a9ab6

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://s01l.li/
User-Agent
phone FBAN/MessengerLiteForiOS

Response headers

date
Mon, 01 Nov 2021 16:48:27 GMT
cf-cache-status
HIT
last-modified
Sun, 13 Jun 2010 09:03:11 GMT
server
cloudflare
age
71851
etag
"4c149ecf-649"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=432000
accept-ranges
bytes
cf-ray
6a769c595b735a07-MXP
content-length
1609
expires
Mon, 01 Nov 2021 20:50:56 GMT

Redirect headers

location
https://widgets.amung.us/classic/15/1550.png
date
Mon, 01 Nov 2021 16:48:26 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
/
whos.amung.us/pingjs/ 		27 B
27 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://whos.amung.us/pingjs/?k=teamtabu&t=%F0%9F%94%A5%F0%9F%94%A5%F0%9F%94%A5%20TEAM%20TABU%20%F0%9F%94%A5%F0%9F%94%A5%F0%9F%94%A5&x=https://panelsbr.cc/
Requested by
Host: s01l.li
URL: https://s01l.li/2pVKqYn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.202.94.86 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
amung.us
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://s01l.li/
User-Agent
phone FBAN/MessengerLiteForiOS

Response headers

date
Mon, 01 Nov 2021 16:48:26 GMT
content-encoding
gzip
content-type
text/javascript;charset=UTF-8
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
User-Agent
phone FBAN/MessengerLiteForiOS

Response headers

Content-Type
image/png
truncated
/ 		51 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7281941fed81ed9caf5728727e05da4a94b442c36796e1a5b1d6106f242ed11f

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
User-Agent
phone FBAN/MessengerLiteForiOS

Response headers

Content-Type
image/png
/
whos.amung.us/pingjs/ 		18 B
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://whos.amung.us/pingjs/?k=&t=MOGLIN%20INC&x=https://www.twitch.tv/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.202.94.86 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
amung.us
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://s01l.li/
User-Agent
phone FBAN/MessengerLiteForiOS

Response headers

date
Mon, 01 Nov 2021 16:48:27 GMT
content-encoding
gzip
content-type
text/javascript;charset=UTF-8
/
whos.amung.us/pingjs/ 		29 B
29 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://whos.amung.us/pingjs/?k=moglinteam&t=%F0%9F%A5%B5%20EL%20ANIMAL%20LA%20BESTIA%20THE%20BEST%20%F0%9F%A5%B5&x=https://www.twitch.tv/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.202.94.86 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
amung.us
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://s01l.li/
User-Agent
phone FBAN/MessengerLiteForiOS

Response headers

date
Mon, 01 Nov 2021 16:48:27 GMT
content-encoding
gzip
content-type
text/javascript;charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| dm string| head object| body

0 Cookies