positively-model-cat.ngrok-free.app
Open in
urlscan Pro
3.125.102.39
Malicious Activity!
Public Scan
Effective URL: https://positively-model-cat.ngrok-free.app/hotmail/
Submission: On November 22 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R3 on October 11th 2023. Valid for: 3 months.
This is the only time positively-model-cat.ngrok-free.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 76.76.21.93 76.76.21.93 | 16509 (AMAZON-02) (AMAZON-02) | |
8 | 3.125.102.39 3.125.102.39 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 216.58.212.138 216.58.212.138 | 15169 (GOOGLE) (GOOGLE) | |
1 | 151.101.66.137 151.101.66.137 | () () | |
1 | 34.117.59.81 34.117.59.81 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
12 | 5 |
ASN16509 (AMAZON-02, US)
reloadbcr3492psdasasd8882731jhd.vercel.app |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-102-39.eu-central-1.compute.amazonaws.com
positively-model-cat.ngrok-free.app |
ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f10.1e100.net
ajax.googleapis.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 81.59.117.34.bc.googleusercontent.com
ipinfo.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
ngrok-free.app
positively-model-cat.ngrok-free.app |
140 KB |
1 |
ipinfo.io
ipinfo.io — Cisco Umbrella Rank: 7097 |
514 B |
1 |
jquery.com
code.jquery.com |
30 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 364 |
31 KB |
1 |
vercel.app
reloadbcr3492psdasasd8882731jhd.vercel.app |
1 KB |
12 | 5 |
Domain | Requested by | |
---|---|---|
8 | positively-model-cat.ngrok-free.app |
reloadbcr3492psdasasd8882731jhd.vercel.app
positively-model-cat.ngrok-free.app |
1 | ipinfo.io |
ajax.googleapis.com
|
1 | code.jquery.com |
positively-model-cat.ngrok-free.app
|
1 | ajax.googleapis.com |
positively-model-cat.ngrok-free.app
|
1 | reloadbcr3492psdasasd8882731jhd.vercel.app | |
12 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.vercel.app R3 |
2023-09-25 - 2023-12-24 |
3 months | crt.sh |
*.ngrok-free.app R3 |
2023-10-11 - 2024-01-09 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-10-23 - 2024-01-15 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
ipinfo.io R3 |
2023-11-07 - 2024-02-05 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://positively-model-cat.ngrok-free.app/hotmail/
Frame ID: 04F41DF22B465AC241045B9D349D92DA
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
IniciarPage URL History Show full URLs
-
http://reloadbcr3492psdasasd8882731jhd.vercel.app/
HTTP 307
https://reloadbcr3492psdasasd8882731jhd.vercel.app/ Page URL
- https://positively-model-cat.ngrok-free.app/hotmail/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://reloadbcr3492psdasasd8882731jhd.vercel.app/
HTTP 307
https://reloadbcr3492psdasasd8882731jhd.vercel.app/ Page URL
- https://positively-model-cat.ngrok-free.app/hotmail/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://reloadbcr3492psdasasd8882731jhd.vercel.app/ HTTP 307
- https://reloadbcr3492psdasasd8882731jhd.vercel.app/
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
reloadbcr3492psdasasd8882731jhd.vercel.app/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
positively-model-cat.ngrok-free.app/hotmail/ |
6 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5416546546540006540.css
positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/06540351354135403500/ |
105 KB 105 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6542434062534400654423.png
positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/65466544566544560000/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
52352122414156566.png
positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/65466544566544560000/ |
664 B 768 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
455456450065400.png
positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/65466544566544560000/ |
359 B 486 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
423452304512334540000.js
positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/53244503545460046554/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
546544623544006544230.js
positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/53244503545460046554/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
ipinfo.io/ |
261 B 514 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
foto.jpeg
positively-model-cat.ngrok-free.app/hotmail/654006546003100210000/ |
22 KB 23 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery function| continuar22 function| continuar2 function| msgError function| ValidateEmail function| validatePhoneNumber0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
code.jquery.com
ipinfo.io
positively-model-cat.ngrok-free.app
reloadbcr3492psdasasd8882731jhd.vercel.app
151.101.66.137
216.58.212.138
3.125.102.39
34.117.59.81
76.76.21.93
07797a3dc44a28b9046ca84713eb325673e8d7500f608e8d44d1c8b1e6c118dd
175986272200fb72da9a598d30016bbda9ddcaa9e6e3f07eb94bc74196d4b805
2931aa471fde3a48f5d9524359bd15d4ff1c15e1594d0dbf412c9e563ec82240
31a2fc806263ae71163506922ebeae0b125ddf61e485520b975db64583b2c1fd
54f77d244ad5a2f16c4df17889aa24728bba5c6185ba58f5d36562170d3c6cde
5cf9a706e5f84e45df311f826787aa7ed6d63112b30ae78b891dceb5c7fde230
7efe329b9e0f04dd626ba4521aa34b37c18dc43a1afdf5e424ac60bd71fd5961
cf535bf3191ca15d61ff0585cf4f915f405face8f1f5937b437c4597cc3ff4a8
eeff940dc8f052d6c0c9b43825cec843980b0087b3db87f9b10ef22eb1d605ca
f7e035e1911b354f39bbcec18c2ea41efdddc14f63ee8ac7b20a54beb8c1f1f3
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d