urlscan.io logo urlscan.io
SecurityTrails logo

photo.pol2.quest Open in urlscan Pro
170.10.160.83  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://photo.pol2.quest/85lo0hmh5
Submission: On April 22 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 6 domains to perform 13 HTTP transactions. The main IP is 170.10.160.83, located in United States and belongs to STEADFAST, US. The main domain is photo.pol2.quest.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 21st 2022. Valid for: 3 months.
This is the only time photo.pol2.quest was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 170.10.160.83 32748 (STEADFAST)
1 151.101.130.167 54113 (FASTLY)
2 151.101.210.167 54113 (FASTLY)
1 44.238.107.191 16509 (AMAZON-02)
2 167.114.124.45 16276 (OVH)
1 2a03:2880:f01... 32934 (FACEBOOK)
1 67.202.114.216 32748 (STEADFAST)
13 8
1    170.10.160.83 (United States)

ASN32748 (STEADFAST, US)
PTR: serverchat24.com
photo.pol2.quest
1    151.101.130.167 (United States)

ASN54113 (FASTLY, US)
p.twitchcdn.net
2    151.101.210.167 (Newark, United States)

ASN54113 (FASTLY, US)
gql.twitch.tv
1    44.238.107.191 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-238-107-191.us-west-2.compute.amazonaws.com
spade.twitch.tv
2    167.114.124.45 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ip45.ip-167-114-124.net
b2.fudacioncovid19.com
1    2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
static.xx.fbcdn.net
1    67.202.114.216 (United States)

ASN32748 (STEADFAST, US)
PTR: amung.us
whos.amung.us
Apex Domain
Subdomains		 Transfer
3 twitch.tv
gql.twitch.tv — Cisco Umbrella Rank: 5895
spade.twitch.tv — Cisco Umbrella Rank: 17200
446 B
2 fudacioncovid19.com
b2.fudacioncovid19.com
5 KB
1 amung.us
whos.amung.us — Cisco Umbrella Rank: 12875
27 B
1 fbcdn.net
static.xx.fbcdn.net — Cisco Umbrella Rank: 589
1021 B
1 twitchcdn.net
p.twitchcdn.net — Cisco Umbrella Rank: 14531
static.twitchcdn.net Failed
3 KB
1 pol2.quest
photo.pol2.quest
108 KB
13 6
Domain Requested by
2 b2.fudacioncovid19.com photo.pol2.quest
2 gql.twitch.tv photo.pol2.quest
1 whos.amung.us
1 static.xx.fbcdn.net
1 spade.twitch.tv photo.pol2.quest
1 p.twitchcdn.net photo.pol2.quest
1 photo.pol2.quest
0 static.twitchcdn.net Failed photo.pol2.quest
13 8

This site contains no links.

Subject Issuer Validity Valid
photo.pol2.quest
cPanel, Inc. Certification Authority		 2022-04-21 -
2022-07-20		 3 months crt.sh
*.twitchcdn.net
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-02-25 -
2023-03-29		 a year crt.sh
twitch.tv
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-02-24 -
2023-03-28		 a year crt.sh
spade.twitch.tv
Amazon		 2021-06-09 -
2022-07-08		 a year crt.sh
www.m3.fudacioncovid19.com
R3		 2022-04-03 -
2022-07-02		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-01-29 -
2022-04-29		 3 months crt.sh
whos.amung.us
Sectigo RSA Domain Validation Secure Server CA		 2020-05-21 -
2022-05-21		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://photo.pol2.quest/85lo0hmh5
Frame ID: EB5AB36CA511C5436F5DD48C221336E0
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Messenger

Detected technologies

Overall confidence: 100%
Detected patterns
  • /polyfill\.min\.js

Page Statistics

13
Requests

69 %
HTTPS

14 %
IPv6

6
Domains

8
Subdomains

8
IPs

2
Countries

119 kB
Transfer

131 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 85lo0hmh5
photo.pol2.quest/ 		108 KB
108 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://photo.pol2.quest/85lo0hmh5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
170.10.160.83 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
serverchat24.com
Software
LiteSpeed /
Resource Hash
e337102583693e0bb87572913fc2e8481a3a4fc773c893420545b71ad3121156

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length
110808
date
Fri, 22 Apr 2022 03:16:14 GMT
last-modified
Thu, 21 Apr 2022 03:12:37 GMT
server
LiteSpeed
polyfill.min.js
p.twitchcdn.net/v3/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p.twitchcdn.net/v3/polyfill.min.js?unknown=polyfill&flags=gated&features=Array.prototype.find,Array.prototype.findIndex,Array.prototype.includes,default,fetch,Intl.~locale.en,Math.sign,Object.entries%7Calways%7Cgated,Object.values%7Calways%7Cgated,String.prototype.repeat,URL,HTMLCanvasElement.prototype.toBlob,IntersectionObserver
Requested by
Host: photo.pol2.quest
URL: https://photo.pol2.quest/85lo0hmh5
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.167 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
92b0cda84d4b214e9d74b16bf638f50db3233ae9feaef1b75daf07fc31c9f8f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://photo.pol2.quest/
Origin
https://photo.pol2.quest
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Via
1.1 varnish, 1.1 varnish
X-Content-Type-Options
nosniff
Age
4467287
Normalized-User-Agent
chrome/100.0.0
Detected-User-Agent
Chrome/100.0.4896
X-Cache
HIT, HIT
Server-Timing
HIT-CLUSTER, fastly;desc="Edge time";dur=1, HIT, fastly;desc="Edge time";dur=1
Content-Encoding
br
Content-Length
2402
X-Served-By
cache-iad-kjyo7100105-IAD, cache-ewr18175-EWR
Referrer-Policy
origin-when-cross-origin
Last-Modified
Wed, 10 Mar 2021 19:40:07 GMT
Cache-Control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
X-Timer
S1650597375.080903,VS0,VE1
Date
Fri, 22 Apr 2022 03:16:15 GMT
Access-Control-Allow-Methods
GET,HEAD,OPTIONS
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Cache-Hits
1, 9931
settings.846c6a057dc99e757f663107b0c1a0d9.js
static.twitchcdn.net/config/ 		0
0
core-8794e231392b17c1743b.css
static.twitchcdn.net/assets/ 		0
0
gql
gql.twitch.tv/ 		172 B
337 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gql.twitch.tv/gql
Requested by
Host: photo.pol2.quest
URL: https://photo.pol2.quest/85lo0hmh5
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.210.167 Newark, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3057f137b83068b9535f8ab39611f8c9f4fcd4d474719b2c99c9813b8784e8dd

Request headers

Accept-Language
en-US,en;q=0.9
Authorization
undefined
Content-Type
text/plain; charset=UTF-8
Accept
*/*
Referer
https://photo.pol2.quest/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Device-ID
undefined
Client-ID
kimne78kx3ncx6brgo4mv6wki5h1ko

Response headers

Access-Control-Allow-Origin
*
Date
Fri, 22 Apr 2022 03:16:15 GMT
Connection
keep-alive
Content-Length
172
Content-Type
application/json
track
spade.twitch.tv/ 		0
109 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://spade.twitch.tv/track
Requested by
Host: photo.pol2.quest
URL: https://photo.pol2.quest/85lo0hmh5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.238.107.191 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-238-107-191.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://photo.pol2.quest/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=utf-8

Response headers

access-control-allow-origin
*
date
Fri, 22 Apr 2022 03:16:15 GMT
vary
Origin
access-control-allow-methods
GET, POST, OPTIONS
gql
gql.twitch.tv/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gql.twitch.tv/gql
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.210.167 Newark, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,client-id,device-id
Access-Control-Request-Method
POST
Origin
https://photo.pol2.quest
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Headers
Accept-Language, Accept, Authorization, Challenge-Token, Client-Id, Client-Session-Id, Client-Version, Content-Type, Device-Id, Twitch-Trace, X-Csrf-Token, X-Device-Id, X-Forwarded-Proto, Forced-Rollouts
Access-Control-Allow-Methods
GET, POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
600
Age
0
Connection
keep-alive
Content-Length
0
Date
Fri, 22 Apr 2022 03:16:15 GMT
vendor-3ef5bdef37294cab0e58.js
static.twitchcdn.net/assets/ 		0
0
core-300e8c50fd4c979b58e0.js
static.twitchcdn.net/assets/ 		0
0
/
b2.fudacioncovid19.com/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://b2.fudacioncovid19.com/?api=1&lan=facebookmessenger&ht=2
Requested by
Host: photo.pol2.quest
URL: https://photo.pol2.quest/85lo0hmh5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
167.114.124.45 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
ip45.ip-167-114-124.net
Software
/ PHP/8.0.16
Resource Hash
ace6108ff2fbae1a6fada042aeabac0bfdf46366f285678d153a1a908045aade

Request headers

accept-language
en-US,en;q=0.9
Referer
https://photo.pol2.quest/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 22 Apr 2022 03:16:15 GMT
content-encoding
br
x-powered-by
PHP/8.0.16
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-store, no-cache, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
b2.fudacioncovid19.com/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://b2.fudacioncovid19.com/location
Requested by
Host: photo.pol2.quest
URL: https://photo.pol2.quest/85lo0hmh5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
167.114.124.45 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
ip45.ip-167-114-124.net
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://photo.pol2.quest/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
hlvibnBVrEb.svg
static.xx.fbcdn.net/rsrc.php/yd/r/ 		1 KB
1021 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/yd/r/hlvibnBVrEb.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
260fbeb66875b6936348afe61b469beaf6141aa28977872569305962c8b6f9c2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://photo.pol2.quest/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 22 Apr 2022 03:16:15 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
zyWuqycyKYApjQg2HupHiA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
573
x-fb-rlafr
0
x-fb-debug
i1fnxf/P5br/YF7/QTIjtLQI6KdzmhCEF4wNtnChDvOC/urlXvnbDMqbMrI6v25JBwbKLEuuSDh3WxdvCoZeJQ==
x-fb-trip-id
1512268381
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 14 Apr 2023 17:19:23 GMT
truncated
/ 		954 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0cae74ee5bad20861dee4906df15d793b948297238f4da81c1b0d7adf3d25f38

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
whos.amung.us/pingjs/ 		27 B
27 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://whos.amung.us/pingjs/?k=jehova00&t=frodo2022%F0%9F%98%8D&x=%20https://m.twitch.tv/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.202.114.216 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
amung.us
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://photo.pol2.quest/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 22 Apr 2022 03:16:15 GMT
content-encoding
gzip
content-type
text/javascript;charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
static.twitchcdn.net
URL
https://static.twitchcdn.net/config/settings.846c6a057dc99e757f663107b0c1a0d9.js
Domain
static.twitchcdn.net
URL
https://static.twitchcdn.net/assets/core-8794e231392b17c1743b.css
Domain
static.twitchcdn.net
URL
https://static.twitchcdn.net/assets/vendor-3ef5bdef37294cab0e58.js
Domain
static.twitchcdn.net
URL
https://static.twitchcdn.net/assets/core-300e8c50fd4c979b58e0.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

39 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| webVitals function| prefersDarkMode number| __twilightApproximatedFirstPaint string| defaultSpadeEndpoint object| entries object| cookies object| entry undefined| vodID string| channelName undefined| authorization object| commonOptions string| playerType object| playerRoutesExact object| playerRoutesStartsWith string| pathname string| query object| bodyBase string| body object| blob object| req function| fetchlike string| __twilightBuildID object| __vat object| webpackChunktwitch_twilight boolean| IS_MOBILE number| limit_bot string| object string| type string| OUTPUT object| ___ object| params number| tt undefined| to_object string| a function| __updateOrientation

0 Cookies

9 Console Messages

Source Level URL
Text
javascript error URL: https://photo.pol2.quest/85lo0hmh5
Message:
Access to CSS stylesheet at 'https://static.twitchcdn.net/assets/core-8794e231392b17c1743b.css' from origin 'https://photo.pol2.quest' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://static.twitchcdn.net/assets/core-8794e231392b17c1743b.css
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://photo.pol2.quest/85lo0hmh5
Message:
Access to script at 'https://static.twitchcdn.net/config/settings.846c6a057dc99e757f663107b0c1a0d9.js' from origin 'https://photo.pol2.quest' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://static.twitchcdn.net/config/settings.846c6a057dc99e757f663107b0c1a0d9.js
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://photo.pol2.quest/85lo0hmh5
Message:
Access to script at 'https://static.twitchcdn.net/assets/vendor-3ef5bdef37294cab0e58.js' from origin 'https://photo.pol2.quest' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://static.twitchcdn.net/assets/vendor-3ef5bdef37294cab0e58.js
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://photo.pol2.quest/85lo0hmh5
Message:
Access to script at 'https://static.twitchcdn.net/assets/core-300e8c50fd4c979b58e0.js' from origin 'https://photo.pol2.quest' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://static.twitchcdn.net/assets/core-300e8c50fd4c979b58e0.js
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://b2.fudacioncovid19.com/location
Message:
Failed to load resource: the server responded with a status of 404 ()