urlscan.io logo urlscan.io
SecurityTrails logo

malicious.link Open in urlscan Pro
161.35.59.126  Public Scan

Go To Rescan Add Verdict Report
URL: https://malicious.link/
Submission: On November 02 via manual from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 6 HTTP transactions. The main IP is 161.35.59.126, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is malicious.link.
TLS certificate: Issued by R3 on September 3rd 2022. Valid for: 3 months.
This is the only time malicious.link was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 161.35.59.126 14061 (DIGITALOC...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
6 2
Apex Domain
Subdomains		 Transfer
5 malicious.link
malicious.link
514 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 361
2 KB
6 2
Domain Requested by
5 malicious.link malicious.link
1 cdnjs.cloudflare.com malicious.link
6 2

This site contains links to these domains. Also see Links.

Domain
gohugo.io
github.com
Subject Issuer Validity Valid
malicious.link
R3		 2022-09-03 -
2022-12-02		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://malicious.link/
Frame ID: F0BA7C439BF052F7D47025ACC4325656
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

malicious.link — welcome

Page Statistics

6
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

516 kB
Transfer

548 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
malicious.link/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://malicious.link/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.35.59.126 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
d5396412f09c973aea8502a9ac47b7bb0266af77026f2675a8b3ecc97de818d2
Security Headers
Name Value
Content-Security-Policy default-src https:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

content-encoding
gzip
content-security-policy
default-src https:
content-type
text/html
date
Wed, 02 Nov 2022 15:42:59 GMT
etag
W/"6316d3c4-114a"
last-modified
Tue, 06 Sep 2022 04:59:48 GMT
referrer-policy
no-referrer-when-downgrade
server
nginx/1.18.0 (Ubuntu)
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
flag-icon.min.css
cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.5.0/css/ 		33 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.5.0/css/flag-icon.min.css
Requested by
Host: malicious.link
URL: https://malicious.link/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d27e980d821ec562661f24cab514474d7be86a742b5e915fa6c7efd21e77aaf9
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://malicious.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 15:42:59 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
4216082
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1482
last-modified
Wed, 10 Jun 2020 12:02:32 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5ee0cbd8-84a9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rKo0uYM0ekBwm5m7AF417uWZJ7Xmwp0dGfeb2D5MjkUM4XEvTYGquVz5Yk2yu3yJFSaJUQohxAfmxgYy%2Fo1NPlA6decr6FXQidd72TLxIf0dAOlDy3FAEDBHEkkBliyEOZs1zgCGJsBFAB%2FdKwWXDfy0"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
763dfbb6ebc374ad-LHR
expires
Mon, 23 Oct 2023 15:42:59 GMT
main.a6537515292628f292bc89dc1bb6a3480b72f307b458bdd65364ae5b8b20399d.css
malicious.link/ 		16 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://malicious.link/main.a6537515292628f292bc89dc1bb6a3480b72f307b458bdd65364ae5b8b20399d.css
Requested by
Host: malicious.link
URL: https://malicious.link/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.35.59.126 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
1e2fb3bf9aee4d8638513f6c8d5ddf021ae5f00932e7036bd67f213db690553c
Security Headers
Name Value
Content-Security-Policy default-src https:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://malicious.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 15:42:59 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
content-security-policy
default-src https:
last-modified
Tue, 06 Sep 2022 04:59:48 GMT
server
nginx/1.18.0 (Ubuntu)
x-content-type-options
nosniff
etag
"6316d3c4-3fb3"
x-frame-options
DENY
content-type
text/css
accept-ranges
bytes
content-length
16307
x-xss-protection
1; mode=block
bundle.min.188af889e916d7182e7bf4af7bed9ff4c9b70dd61a69188cb044d25745a4ffc32b82cbec846336503520a7716e619cb46848931205cfa3176a691ff9152d4947.js
malicious.link/ 		315 KB
316 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://malicious.link/bundle.min.188af889e916d7182e7bf4af7bed9ff4c9b70dd61a69188cb044d25745a4ffc32b82cbec846336503520a7716e619cb46848931205cfa3176a691ff9152d4947.js
Requested by
Host: malicious.link
URL: https://malicious.link/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.35.59.126 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
0f0a4e85d029da926665305441ece011b184f55a65eb316c05a7d10aa7526155
Security Headers
Name Value
Content-Security-Policy default-src https:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://malicious.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 15:42:59 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
content-security-policy
default-src https:
last-modified
Tue, 06 Sep 2022 04:59:47 GMT
server
nginx/1.18.0 (Ubuntu)
x-content-type-options
nosniff
etag
"6316d3c3-4ec02"
x-frame-options
DENY
content-type
application/javascript
accept-ranges
bytes
content-length
322562
x-xss-protection
1; mode=block
Inter-UI-Regular.woff2
malicious.link/fonts/ 		86 KB
87 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://malicious.link/fonts/Inter-UI-Regular.woff2
Requested by
Host: malicious.link
URL: https://malicious.link/main.a6537515292628f292bc89dc1bb6a3480b72f307b458bdd65364ae5b8b20399d.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.35.59.126 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
49838d7356542f97ad5cfedd3dcd442c7bb412930ee6c2fbc0dd3537b72077b4
Security Headers
Name Value
Content-Security-Policy default-src https:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://malicious.link/main.a6537515292628f292bc89dc1bb6a3480b72f307b458bdd65364ae5b8b20399d.css
Origin
https://malicious.link
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 15:42:59 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
content-security-policy
default-src https:
last-modified
Tue, 06 Sep 2022 04:59:47 GMT
server
nginx/1.18.0 (Ubuntu)
x-content-type-options
nosniff
etag
"6316d3c3-158cc"
x-frame-options
DENY
content-type
application/octet-stream
accept-ranges
bytes
content-length
88268
x-xss-protection
1; mode=block
Inter-UI-Bold.woff2
malicious.link/fonts/ 		93 KB
94 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://malicious.link/fonts/Inter-UI-Bold.woff2
Requested by
Host: malicious.link
URL: https://malicious.link/main.a6537515292628f292bc89dc1bb6a3480b72f307b458bdd65364ae5b8b20399d.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.35.59.126 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
801af1a2d0347e385f784b33bacd30bc75f5e3f8ef728773a2994ba2611db251
Security Headers
Name Value
Content-Security-Policy default-src https:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://malicious.link/main.a6537515292628f292bc89dc1bb6a3480b72f307b458bdd65364ae5b8b20399d.css
Origin
https://malicious.link
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 02 Nov 2022 15:42:59 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
content-security-policy
default-src https:
last-modified
Tue, 06 Sep 2022 04:59:47 GMT
server
nginx/1.18.0 (Ubuntu)
x-content-type-options
nosniff
etag
"6316d3c3-1755c"
x-frame-options
DENY
content-type
application/octet-stream
accept-ranges
bytes
content-length
95580
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| _self object| Prism object| typescript object| metaThemeColor

0 Cookies

2 Console Messages

Source Level URL
Text
security error URL: https://malicious.link/(Line 60)
Message:
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src https:". Either the 'unsafe-inline' keyword, a hash ('sha256-tIs8OfjWm8MHgPJrHv7mM4wvA/FDFcra3Pd5icRMX+k='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
security error URL: https://malicious.link/(Line 68)
Message:
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src https:". Either the 'unsafe-inline' keyword, a hash ('sha256-xO+hXaH/jp6aaSpXgnQNvMgjRVyS3Hhgp+ZGrOzDU5A='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block