positively-model-cat.ngrok-free.app Open in urlscan Pro
3.125.102.39 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://reloadbcr3492psdasasd8882731jhd.vercel.app/
Effective URL:
https://positively-model-cat.ngrok-free.app/hotmail/
Submission: On November 22 via automatic, source openphish (November 22nd 2023, 11:22:28 pm UTC) — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 12 HTTP transactions. The main IP is 3.125.102.39, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is positively-model-cat.ngrok-free.app.
TLS certificate: Issued by R3 on October 11th 2023. Valid for: 3 months.

This is the only time positively-model-cat.ngrok-free.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	76.76.21.93 76.76.21.93	16509 (AMAZON-02) (AMAZON-02)
8	3.125.102.39 3.125.102.39	16509 (AMAZON-02) (AMAZON-02)
1	216.58.212.138 216.58.212.138	15169 (GOOGLE) (GOOGLE)
1	151.101.66.137 151.101.66.137	() ()
1	34.117.59.81 34.117.59.81	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
12	5

1 76.76.21.93 (Walnut, United States)

ASN16509 (AMAZON-02, US)

reloadbcr3492psdasasd8882731jhd.vercel.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.125.102.39 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-102-39.eu-central-1.compute.amazonaws.com

positively-model-cat.ngrok-free.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.138 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.137 (None, )

ASN- ()

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.59.81 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 81.59.117.34.bc.googleusercontent.com

ipinfo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	ngrok-free.app positively-model-cat.ngrok-free.app	140 KB
1	ipinfo.io ipinfo.io — Cisco Umbrella Rank: 7097	514 B
1	jquery.com code.jquery.com	30 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 364	31 KB
1	vercel.app reloadbcr3492psdasasd8882731jhd.vercel.app	1 KB
12	5

	Domain	Requested by
8	positively-model-cat.ngrok-free.app	reloadbcr3492psdasasd8882731jhd.vercel.app positively-model-cat.ngrok-free.app
1	ipinfo.io	ajax.googleapis.com
1	code.jquery.com	positively-model-cat.ngrok-free.app
1	ajax.googleapis.com	positively-model-cat.ngrok-free.app
1	reloadbcr3492psdasasd8882731jhd.vercel.app
12	5

This site contains no links.

Subject Issuer	Validity	Valid
*.vercel.app R3	`2023-09-25` - `2023-12-24`	3 months	crt.sh
*.ngrok-free.app R3	`2023-10-11` - `2024-01-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
ipinfo.io R3	`2023-11-07` - `2024-02-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://positively-model-cat.ngrok-free.app/hotmail/
Frame ID: 04F41DF22B465AC241045B9D349D92DA
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Iniciar

Page URL History Show full URLs

http://reloadbcr3492psdasasd8882731jhd.vercel.app/ HTTP 307
https://reloadbcr3492psdasasd8882731jhd.vercel.app/ Page URL
https://positively-model-cat.ngrok-free.app/hotmail/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

203 kB
Transfer

316 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://reloadbcr3492psdasasd8882731jhd.vercel.app/ HTTP 307
https://reloadbcr3492psdasasd8882731jhd.vercel.app/ Page URL
https://positively-model-cat.ngrok-free.app/hotmail/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://reloadbcr3492psdasasd8882731jhd.vercel.app/ HTTP 307
https://reloadbcr3492psdasasd8882731jhd.vercel.app/

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
reloadbcr3492psdasasd8882731jhd.vercel.app/
Redirect Chain

http://reloadbcr3492psdasasd8882731jhd.vercel.app/
https://reloadbcr3492psdasasd8882731jhd.vercel.app/

2 KB
1 KB

246ms
60ms

Document
text/html

76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reloadbcr3492psdasasd8882731jhd.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

2931aa471fde3a48f5d9524359bd15d4ff1c15e1594d0dbf412c9e563ec82240

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
age: 369271
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 22 Nov 2023 23:22:23 GMT
etag: W/"3a69e23406491a5b3d721690a69f965f"
server: Vercel
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-vercel-cache: HIT
x-vercel-id: fra1::rj28m-1700695343635-42131b7e4d9a

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://reloadbcr3492psdasasd8882731jhd.vercel.app/
Non-Authoritative-Reason: HSTS

GET
H2 200 Primary Request / Show response
positively-model-cat.ngrok-free.app/hotmail/ 6 KB
6 KB 729ms
338ms Document
text/html 3.125.102.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://positively-model-cat.ngrok-free.app/hotmail/
Requested by: Host: reloadbcr3492psdasasd8882731jhd.vercel.app
URL: https://reloadbcr3492psdasasd8882731jhd.vercel.app/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.125.102.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-125-102-39.eu-central-1.compute.amazonaws.com
Software: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.3.31 /
Resource Hash: 07797a3dc44a28b9046ca84713eb325673e8d7500f608e8d44d1c8b1e6c118dd

Request headers

Referer: https://reloadbcr3492psdasasd8882731jhd.vercel.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
content-length: 6036
content-type: text/html
date: Wed, 22 Nov 2023 23:22:25 GMT
etag: "1794-602e3a4ba4dbd"
last-modified: Mon, 14 Aug 2023 15:23:24 GMT
ngrok-trace-id: 47db952d0707ced1ff810e4b8aeb42bb
server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.3.31

GET
H2 200 5416546546540006540.css
positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/06540351354135403500/ 105 KB
105 KB 242ms
239ms Stylesheet
text/css 3.125.102.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/06540351354135403500/5416546546540006540.css
Requested by: Host: positively-model-cat.ngrok-free.app
URL: https://positively-model-cat.ngrok-free.app/hotmail/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.125.102.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-125-102-39.eu-central-1.compute.amazonaws.com
Software: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.3.31 /
Resource Hash: 7efe329b9e0f04dd626ba4521aa34b37c18dc43a1afdf5e424ac60bd71fd5961

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://positively-model-cat.ngrok-free.app/hotmail/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 22 Nov 2023 23:22:25 GMT
last-modified: Fri, 28 Jul 2023 04:41:51 GMT
server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.3.31
etag: "1a292-60184b30c620d"
content-type: text/css
ngrok-trace-id: e509aaa4abf525924d194fa77747d1c4
accept-ranges: bytes
content-length: 107154

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 510ms
50ms Script
text/javascript 216.58.212.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: positively-model-cat.ngrok-free.app
URL: https://positively-model-cat.ngrok-free.app/hotmail/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f10.1e100.net

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://positively-model-cat.ngrok-free.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 22 Nov 2023 22:18:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3849
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Nov 2024 22:18:17 GMT

GET
H2 200 6542434062534400654423.png
positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/65466544566544560000/ 2 KB
2 KB 345ms
344ms Image
image/png 3.125.102.39
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/65466544566544560000/6542434062534400654423.png
Requested by: Host: positively-model-cat.ngrok-free.app
URL: https://positively-model-cat.ngrok-free.app/hotmail/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.125.102.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-125-102-39.eu-central-1.compute.amazonaws.com
Software: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.3.31 /
Resource Hash: 175986272200fb72da9a598d30016bbda9ddcaa9e6e3f07eb94bc74196d4b805

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://positively-model-cat.ngrok-free.app/hotmail/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 22 Nov 2023 23:22:25 GMT
last-modified: Wed, 26 Jul 2023 04:39:33 GMT
server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.3.31
etag: "665-6015c6f2677cf"
content-type: image/png
ngrok-trace-id: cb34425b978aadea6248fd1f49f06e5f
accept-ranges: bytes
content-length: 1637

GET
H2 200 52352122414156566.png
positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/65466544566544560000/ 664 B
768 B 346ms
345ms Image
image/png 3.125.102.39
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/65466544566544560000/52352122414156566.png
Requested by: Host: positively-model-cat.ngrok-free.app
URL: https://positively-model-cat.ngrok-free.app/hotmail/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.125.102.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-125-102-39.eu-central-1.compute.amazonaws.com
Software: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.3.31 /
Resource Hash: 54f77d244ad5a2f16c4df17889aa24728bba5c6185ba58f5d36562170d3c6cde

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://positively-model-cat.ngrok-free.app/hotmail/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 22 Nov 2023 23:22:25 GMT
last-modified: Mon, 14 Aug 2023 15:17:28 GMT
server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.3.31
etag: "298-602e38f779b2b"
content-type: image/png
ngrok-trace-id: f7f2ae1903db6c2a25d2d7679c55a2ab
accept-ranges: bytes
content-length: 664

GET
H2 200 455456450065400.png
positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/65466544566544560000/ 359 B
486 B 251ms
250ms Image
image/png 3.125.102.39
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/65466544566544560000/455456450065400.png
Requested by: Host: positively-model-cat.ngrok-free.app
URL: https://positively-model-cat.ngrok-free.app/hotmail/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.125.102.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-125-102-39.eu-central-1.compute.amazonaws.com
Software: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.3.31 /
Resource Hash: f7e035e1911b354f39bbcec18c2ea41efdddc14f63ee8ac7b20a54beb8c1f1f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://positively-model-cat.ngrok-free.app/hotmail/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 22 Nov 2023 23:22:26 GMT
last-modified: Mon, 14 Aug 2023 15:16:41 GMT
server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.3.31
etag: "167-602e38cb1d83f"
content-type: image/png
ngrok-trace-id: 183aca8a384690236611e5334211f04c
accept-ranges: bytes
content-length: 359

GET
H2 200 423452304512334540000.js Show response
positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/53244503545460046554/ 1 KB
1 KB 251ms
250ms Script
application/javascript 3.125.102.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/53244503545460046554/423452304512334540000.js
Requested by: Host: positively-model-cat.ngrok-free.app
URL: https://positively-model-cat.ngrok-free.app/hotmail/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.125.102.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-125-102-39.eu-central-1.compute.amazonaws.com
Software: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.3.31 /
Resource Hash: 5cf9a706e5f84e45df311f826787aa7ed6d63112b30ae78b891dceb5c7fde230

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://positively-model-cat.ngrok-free.app/hotmail/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 22 Nov 2023 23:22:26 GMT
last-modified: Mon, 14 Aug 2023 06:17:31 GMT
server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.3.31
etag: "4cf-602dc0473e533"
content-type: application/javascript
ngrok-trace-id: 7c37f9ff8b334de184c51ee9c5d5e007
accept-ranges: bytes
content-length: 1231

GET
H2 200 546544623544006544230.js Show response
positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/53244503545460046554/ 2 KB
2 KB 261ms
261ms Script
application/javascript 3.125.102.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/53244503545460046554/546544623544006544230.js
Requested by: Host: positively-model-cat.ngrok-free.app
URL: https://positively-model-cat.ngrok-free.app/hotmail/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.125.102.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-125-102-39.eu-central-1.compute.amazonaws.com
Software: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.3.31 /
Resource Hash: cf535bf3191ca15d61ff0585cf4f915f405face8f1f5937b437c4597cc3ff4a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://positively-model-cat.ngrok-free.app/hotmail/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 22 Nov 2023 23:22:26 GMT
last-modified: Tue, 25 Jul 2023 05:35:02 GMT
server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.3.31
etag: "733-6014917be06f8"
content-type: application/javascript
ngrok-trace-id: a696960642e217fd78166b1ed561476a
accept-ranges: bytes
content-length: 1843

GET
H2 200 jquery-3.5.1.min.js Show response
code.jquery.com/ 87 KB
30 KB 688ms
119ms Script
application/javascript 151.101.66.137

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.5.1.min.js
Requested by: Host: positively-model-cat.ngrok-free.app
URL: https://positively-model-cat.ngrok-free.app/hotmail/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://positively-model-cat.ngrok-free.app/
Origin: https://positively-model-cat.ngrok-free.app
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 22 Nov 2023 23:22:27 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 2240660
x-cache: HIT, HIT
content-length: 30879
x-served-by: cache-lga13628-LGA, cache-fra-eddf8230098-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1700695347.197962,VS0,VE0
etag: W/"28feccc0-15d84"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 31, 378483

GET
H2 200 / Show response
ipinfo.io/ 261 B
514 B 377ms
185ms XHR
application/json 34.117.59.81
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://ipinfo.io/

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.117.59.81 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

81.59.117.34.bc.googleusercontent.com

Software

Resource Hash

eeff940dc8f052d6c0c9b43825cec843980b0087b3db87f9b10ef22eb1d605ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://positively-model-cat.ngrok-free.app/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 22 Nov 2023 23:22:26 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
via: 1.1 google
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H2 200 foto.jpeg
positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/ 22 KB
23 KB 261ms
261ms Image
image/jpeg 3.125.102.39
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/foto.jpeg
Requested by: Host: positively-model-cat.ngrok-free.app
URL: https://positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/06540351354135403500/5416546546540006540.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.125.102.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-125-102-39.eu-central-1.compute.amazonaws.com
Software: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.3.31 /
Resource Hash: 31a2fc806263ae71163506922ebeae0b125ddf61e485520b975db64583b2c1fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/06540351354135403500/5416546546540006540.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 22 Nov 2023 23:22:26 GMT
last-modified: Tue, 25 Jul 2023 02:03:30 GMT
server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.3.31
etag: "59f3-6014623315dbb"
content-type: image/jpeg
ngrok-trace-id: 02c21de96b6e05ae74e464aaaaf8a1e6
accept-ranges: bytes
content-length: 23027

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
code.jquery.com
ipinfo.io
positively-model-cat.ngrok-free.app
reloadbcr3492psdasasd8882731jhd.vercel.app
151.101.66.137
216.58.212.138
3.125.102.39
34.117.59.81
76.76.21.93
07797a3dc44a28b9046ca84713eb325673e8d7500f608e8d44d1c8b1e6c118dd
175986272200fb72da9a598d30016bbda9ddcaa9e6e3f07eb94bc74196d4b805
2931aa471fde3a48f5d9524359bd15d4ff1c15e1594d0dbf412c9e563ec82240
31a2fc806263ae71163506922ebeae0b125ddf61e485520b975db64583b2c1fd
54f77d244ad5a2f16c4df17889aa24728bba5c6185ba58f5d36562170d3c6cde
5cf9a706e5f84e45df311f826787aa7ed6d63112b30ae78b891dceb5c7fde230
7efe329b9e0f04dd626ba4521aa34b37c18dc43a1afdf5e424ac60bd71fd5961
cf535bf3191ca15d61ff0585cf4f915f405face8f1f5937b437c4597cc3ff4a8
eeff940dc8f052d6c0c9b43825cec843980b0087b3db87f9b10ef22eb1d605ca
f7e035e1911b354f39bbcec18c2ea41efdddc14f63ee8ac7b20a54beb8c1f1f3
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

positively-model-cat.ngrok-free.app Open in urlscan Pro 3.125.102.39 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

5 IPs

2 Countries

203 kBTransfer

316 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

positively-model-cat.ngrok-free.app Open in urlscan Pro
3.125.102.39 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

203 kB
Transfer

316 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!