blueperfectballon.com
Open in
urlscan Pro
2606:4700:3033::ac43:8d1e
Malicious Activity!
Public Scan
Effective URL: https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse
Submission: On January 10 via manual from IT — Scanned from NL
Summary
TLS certificate: Issued by E1 on November 24th 2023. Valid for: 3 months.
This is the only time blueperfectballon.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 80.66.79.248 80.66.79.248 | 60602 (INOVARE-A...) (INOVARE-AS str. Uzinelor 21 of. 37) | |
1 5 | 2606:4700:303... 2606:4700:3033::ac43:8d1e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 3 |
ASN60602 (INOVARE-AS str. Uzinelor 21 of. 37, MD)
goto.lineferaline.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
blueperfectballon.com
1 redirects
blueperfectballon.com — Cisco Umbrella Rank: 538955 |
16 KB |
1 |
lineferaline.com
goto.lineferaline.com |
533 B |
1 |
forwardstarlight.com
from.forwardstarlight.com — Cisco Umbrella Rank: 384927 |
946 B |
6 | 3 |
Domain | Requested by | |
---|---|---|
5 | blueperfectballon.com |
1 redirects
blueperfectballon.com
|
1 | goto.lineferaline.com | |
1 | from.forwardstarlight.com | |
6 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
goto.lineferaline.com R3 |
2024-01-09 - 2024-04-08 |
3 months | crt.sh |
blueperfectballon.com E1 |
2023-11-24 - 2024-02-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse
Frame ID: D29EBEFDF6EBAC8DCEA0C772EF64B580
Requests: 6 HTTP requests in this frame
Screenshot
Page Title
Checking your browserPage URL History Show full URLs
- http://from.forwardstarlight.com/station Page URL
- https://goto.lineferaline.com/prestart Page URL
- https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse Page URL
-
https://blueperfectballon.com/cdn-cgi/phish-bypass?atok=UwlfrL8MhCZVKLn2IooxvfDD2qRQH4uR_ct7KTAih54-170489...
HTTP 301
https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://from.forwardstarlight.com/station Page URL
- https://goto.lineferaline.com/prestart Page URL
- https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse Page URL
-
https://blueperfectballon.com/cdn-cgi/phish-bypass?atok=UwlfrL8MhCZVKLn2IooxvfDD2qRQH4uR_ct7KTAih54-1704895346-0-%2Fgo%2Fmjrtqzruga5dcnrwha4a%3Fsub2%3Dreverse
HTTP 301
https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
station
from.forwardstarlight.com/ |
202 B 946 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prestart
goto.lineferaline.com/ |
230 B 533 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mjrtqzruga5dcnrwha4a
blueperfectballon.com/go/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cf.errors.css
blueperfectballon.com/cdn-cgi/styles/ |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-exclamation.png
blueperfectballon.com/cdn-cgi/images/ |
452 B 670 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
mjrtqzruga5dcnrwha4a
blueperfectballon.com/go/ Redirect Chain
|
18 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| urlB64ToUint8Array2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.blueperfectballon.com/ | Name: __cf_mw_byp Value: UwlfrL8MhCZVKLn2IooxvfDD2qRQH4uR_ct7KTAih54-1704895346-0-/go/mjrtqzruga5dcnrwha4a?sub2=reverse |
|
.blueperfectballon.com/ | Name: uuid Value: 32cf709b-3c18-47b6-9bf0-e330b16e7a28 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
blueperfectballon.com
from.forwardstarlight.com
goto.lineferaline.com
2606:4700:3033::ac43:8d1e
2a06:98c1:3121::3
80.66.79.248
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
1a09812dd25118bc50144c0c972df0cd36f1d51e79bf455257b05ea5f513825e
693f7b46821fe4e3532c2d09ff22fc40cac28202f5e9eef59de7caf92f3c02bb
95dd52ed6e89e7f3ba9d10c69343d3e3084fa6c6faf48c15dbf851c3d382d160
e0a27401c7bffbfff1a2de32252a60710f3d596767420d1e7a76ff936217fb76
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016