dn.revealpopulation.co.in Open in urlscan Pro
185.246.221.150 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://umdz29db.page.link/JTT6
Effective URL:
http://dn.revealpopulation.co.in/SE/634646cr/?bet=28368923
Submission: On March 14 via manual (March 14th 2023, 12:13:55 pm UTC) from SE — Scanned from SE

Summary HTTP 56 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 6 domains to perform 56 HTTP transactions. The main IP is 185.246.221.150, located in Bulgaria and belongs to AS_DELIS, US. The main domain is dn.revealpopulation.co.in.

This is the only time dn.revealpopulation.co.in was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Investment Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	142.250.74.193 142.250.74.193	15169 (GOOGLE) (GOOGLE)
1 1	18.64.141.5 18.64.141.5	16509 (AMAZON-02) (AMAZON-02)
1 24	185.246.221.150 185.246.221.150	211252 (AS_DELIS) (AS_DELIS)
1	142.250.74.202 142.250.74.202	15169 (GOOGLE) (GOOGLE)
1	69.16.175.10 69.16.175.10	20446 (STACKPATH...) (STACKPATH-CDN)
56	4

1 142.250.74.193 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f1.1e100.net

umdz29db.page.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.64.141.5 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-64-141-5.mct50.r.cloudfront.net

6ln1c.app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 185.246.221.150 (Bulgaria) 1 redirects

ASN211252 (AS_DELIS, US)

sdznn0t5.revealcupboard.co.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dn.revealpopulation.co.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.74.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	revealpopulation.co.in dn.revealpopulation.co.in	4 MB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 686	30 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 34	1016 B
1	revealcupboard.co.in 1 redirects sdznn0t5.revealcupboard.co.in	374 B
1	app.link 1 redirects 6ln1c.app.link	631 B
1	page.link 1 redirects umdz29db.page.link	1 KB
56	6

	Domain	Requested by
23	dn.revealpopulation.co.in	dn.revealpopulation.co.in
1	code.jquery.com	dn.revealpopulation.co.in
1	fonts.googleapis.com	dn.revealpopulation.co.in
1	sdznn0t5.revealcupboard.co.in	1 redirects
1	6ln1c.app.link	1 redirects
1	umdz29db.page.link	1 redirects
56	6

This site contains no links.

Subject Issuer	Validity	Valid
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://dn.revealpopulation.co.in/SE/634646cr/?bet=28368923
Frame ID: 2EDDBAAB244B653A2DBB6FAD0C6FB3CB
Requests: 56 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Dangens Nyheter

Page URL History Show full URLs

https://umdz29db.page.link/JTT6 HTTP 302
https://6ln1c.app.link/1AB1XQpO6xb HTTP 307
http://sdznn0t5.revealcupboard.co.in/34546de4235m342356?_branch_match_id=1164161693839916627&utm_medium=marketing... HTTP 302
http://dn.revealpopulation.co.in/SE/634646cr/?bet=28368923 Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

56
Requests

2 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

4
IPs

2
Countries

4428 kB
Transfer

4736 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://umdz29db.page.link/JTT6 HTTP 302
https://6ln1c.app.link/1AB1XQpO6xb HTTP 307
http://sdznn0t5.revealcupboard.co.in/34546de4235m342356?_branch_match_id=1164161693839916627&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXN8vJM0zWSywo0MvJzMvWN3R0MowILPA3q0gCAK25LvIiAAAA HTTP 302
http://dn.revealpopulation.co.in/SE/634646cr/?bet=28368923 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

56 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
dn.revealpopulation.co.in/SE/634646cr/
Redirect Chain

https://umdz29db.page.link/JTT6
https://6ln1c.app.link/1AB1XQpO6xb
http://sdznn0t5.revealcupboard.co.in/34546de4235m342356?_branch_match_id=1164161693839916627&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXN8vJM0zWSywo0MvJzMvWN3R0MowILPA3q0gCAK25Lv...
http://dn.revealpopulation.co.in/SE/634646cr/?bet=28368923

64 KB
16 KB

285ms
233ms

Document
text/html

185.246.221.150
AS_DELIS

General

			Domain/Path	Expires	Name / Value
			.app.link/	1970-01-20 19:05:32	Name: _s Value: NDbqweT1we8mTli9HqbAq1c4tqN4vV4FkYXfUhtTyjVNEQRq9vVTnpblnOB9d058
			sdznn0t5.revealcupboard.co.in/	1970-01-20 10:21:22	Name: zcknrt_34546de4235m342356 Value: 0

dn.revealpopulation.co.in Open in urlscan Pro 185.246.221.150 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

56 Requests

2 %HTTPS

0 %IPv6

6 Domains

6 Subdomains

4 IPs

2 Countries

4428 kBTransfer

4736 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

56 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

2 Cookies

dn.revealpopulation.co.in Open in urlscan Pro
185.246.221.150 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

56
Requests

2 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

4
IPs

2
Countries

4428 kB
Transfer

4736 kB
Size

2
Cookies

56 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!