match.fussballfixedmatch.com
Open in
urlscan Pro
93.157.63.150
Malicious Activity!
Public Scan
Submission: On April 04 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R3 on February 19th 2024. Valid for: 3 months.
This is the only time match.fussballfixedmatch.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 93.157.63.150 93.157.63.150 | 43350 (NFORCE) (NFORCE) | |
1 | 162.19.58.161 162.19.58.161 | 16276 (OVH) (OVH) | |
2 | 2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 5 |
ASN43350 (NFORCE, NL)
PTR: server.dnsfreedomhosting.ru
match.fussballfixedmatch.com |
ASN32934 (FACEBOOK, US)
connect.facebook.net |
ASN32934 (FACEBOOK, US)
www.facebook.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
fussballfixedmatch.com
match.fussballfixedmatch.com |
59 KB |
2 |
facebook.net
connect.facebook.net — Cisco Umbrella Rank: 176 |
72 KB |
1 |
userstatics.com
userstatics.com — Cisco Umbrella Rank: 92069 |
641 B |
1 |
facebook.com
www.facebook.com — Cisco Umbrella Rank: 99 |
273 B |
1 |
ibb.co
i.ibb.co — Cisco Umbrella Rank: 11706 |
102 KB |
14 | 5 |
Domain | Requested by | |
---|---|---|
9 | match.fussballfixedmatch.com |
match.fussballfixedmatch.com
|
2 | connect.facebook.net |
match.fussballfixedmatch.com
connect.facebook.net |
1 | userstatics.com |
match.fussballfixedmatch.com
|
1 | www.facebook.com |
match.fussballfixedmatch.com
|
1 | i.ibb.co |
match.fussballfixedmatch.com
|
14 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
telegram.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
match.fussballfixedmatch.com R3 |
2024-02-19 - 2024-05-19 |
3 months | crt.sh |
ibb.co R3 |
2024-02-07 - 2024-05-07 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2024-01-12 - 2024-04-11 |
3 months | crt.sh |
userstatics.com E1 |
2024-03-28 - 2024-06-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://match.fussballfixedmatch.com/
Frame ID: 760D229F736431BBAA8CE9F0F9B282EA
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
Telegram: Join Group ChatDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Facebook (Widgets) Expand
Detected patterns
- //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Download for Mac
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
match.fussballfixedmatch.com/ |
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-roboto.css
match.fussballfixedmatch.com/css/ |
6 KB 672 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
match.fussballfixedmatch.com/css/ |
42 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
telegram.css
match.fussballfixedmatch.com/css/ |
112 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
photo-2024-02-15-23-53-00.jpg
i.ibb.co/QdcVZv2/ |
101 KB 102 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tgwallpaper.min.js
match.fussballfixedmatch.com/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fbevents.js
connect.facebook.net/en_US/ |
218 KB 59 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pattern.svg
match.fussballfixedmatch.com/images/ |
708 B 708 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
match.fussballfixedmatch.com/fonts/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
match.fussballfixedmatch.com/fonts/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
416973794126635
connect.facebook.net/signals/config/ |
64 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.facebook.com/tr/ |
0 273 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
match.fussballfixedmatch.com/ |
15 KB 3 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
script.js
userstatics.com/get/ |
133 B 641 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| fbq function| _fbq function| gtag object| dataLayer object| TWallpaper object| tme_bg2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
match.fussballfixedmatch.com/ | Name: PHPREFS Value: full |
|
.fussballfixedmatch.com/ | Name: _fbp Value: fb.1.1712193641378.1043495083 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
connect.facebook.net
i.ibb.co
match.fussballfixedmatch.com
userstatics.com
www.facebook.com
162.19.58.161
188.114.97.3
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
93.157.63.150
047e3259b6f0b42d781532fa122b2d8de9aed187d766fd45efcf119450eeb4c4
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44
1d724dbc182d52d1b7b367fcf6fa14a9ffac4a63c1de1d52648cf123f6c50593
1e7d2120361036751037cc446d7cec89e45aa6ff43468a921438b0b6dc707dea
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
423e9081376b4b115c812fb981188b81c2cd649d40fb6fb771023acb5600f6d5
4ff54bc38c267dc3a8c95f6ed4590336baaec70433ef15d027ddca608c391e78
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
7dc681d034591a7547af531a6c9d5a757a37179f9d9796db25a990a510e51182
8a0fe2cc44aad1844445a72797ae951b59800f70cc78c04cd5c22c41dc7ceb05
df9690fea031319de38a437cb6d393026c4aae70642ed394c4254ed64f035b26
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3
f44440c36cb561358755c95e56253149baee94742f879f54e61c5f318b9a6cb7