urlscan.io logo urlscan.io
SecurityTrails logo

blueperfectballon.com Open in urlscan Pro
2606:4700:3033::ac43:8d1e  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://from.forwardstarlight.com/station
Effective URL: https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse
Submission: On January 10 via manual from IT — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 6 HTTP transactions. The main IP is 2606:4700:3033::ac43:8d1e, located in United States and belongs to CLOUDFLARENET, US. The main domain is blueperfectballon.com. The Cisco Umbrella rank of the primary domain is 538955.
TLS certificate: Issued by E1 on November 24th 2023. Valid for: 3 months.
This is the only time blueperfectballon.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 80.66.79.248 60602 (INOVARE-A...)
1 5 2606:4700:303... 13335 (CLOUDFLAR...)
6 3
Apex Domain
Subdomains		 Transfer
5 blueperfectballon.com
blueperfectballon.com — Cisco Umbrella Rank: 538955
16 KB
1 lineferaline.com
goto.lineferaline.com
533 B
1 forwardstarlight.com
from.forwardstarlight.com — Cisco Umbrella Rank: 384927
946 B
6 3
Domain Requested by
5 blueperfectballon.com 1 redirects blueperfectballon.com
1 goto.lineferaline.com
1 from.forwardstarlight.com
6 3

This site contains no links.

Subject Issuer Validity Valid
goto.lineferaline.com
R3		 2024-01-09 -
2024-04-08		 3 months crt.sh
blueperfectballon.com
E1		 2023-11-24 -
2024-02-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse
Frame ID: D29EBEFDF6EBAC8DCEA0C772EF64B580
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Checking your browser

Page URL History Show full URLs

  1. http://from.forwardstarlight.com/station Page URL
  2. https://goto.lineferaline.com/prestart Page URL
  3. https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse Page URL
  4. https://blueperfectballon.com/cdn-cgi/phish-bypass?atok=UwlfrL8MhCZVKLn2IooxvfDD2qRQH4uR_ct7KTAih54-170489... HTTP 301
    https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse Page URL

Page Statistics

6
Requests

83 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

17 kB
Transfer

47 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://from.forwardstarlight.com/station Page URL
  2. https://goto.lineferaline.com/prestart Page URL
  3. https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse Page URL
  4. https://blueperfectballon.com/cdn-cgi/phish-bypass?atok=UwlfrL8MhCZVKLn2IooxvfDD2qRQH4uR_ct7KTAih54-1704895346-0-%2Fgo%2Fmjrtqzruga5dcnrwha4a%3Fsub2%3Dreverse HTTP 301
    https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
station
from.forwardstarlight.com/ 		202 B
946 B 		Document
General
Check archive.org
Download Go to
Full URL
http://from.forwardstarlight.com/station
Protocol
HTTP/1.1
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0a27401c7bffbfff1a2de32252a60710f3d596767420d1e7a76ff936217fb76

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Access-Control-Allow-Origin
*
CF-Cache-Status
DYNAMIC
CF-RAY
84357528b97e3680-FRA
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Wed, 10 Jan 2024 14:02:26 GMT
Expires
Wed, 10 Jan 2024 14:02:26 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K3MbvYhqY79iZxs9h8UKIeggBSatEkKntuK8cFZOPgTli7CbEw0c5esi29RM1eRDYLqjYH7mWyngXDQGk0wYPJBT8AgyWScCSfUeQH0sfHNCRrJ%2F0QLs6MbPzAaR4IgpI0Q1oqZzMLWTpnLPmwhAahvJlyrPutmK"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400
prestart
goto.lineferaline.com/ 		230 B
533 B 		Document
General
Check archive.org
Download Go to
Full URL
https://goto.lineferaline.com/prestart
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
80.66.79.248 Chisinau, Moldova, ASN60602 (INOVARE-AS str. Uzinelor 21 of. 37, MD),
Reverse DNS
Software
nginx /
Resource Hash
1a09812dd25118bc50144c0c972df0cd36f1d51e79bf455257b05ea5f513825e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
230
Content-Type
text/html; charset=utf-8
Date
Wed, 10 Jan 2024 14:02:26 GMT
Expires
Wed, 10 Jan 2024 14:02:26 GMT
Server
nginx
Vary
Accept-Encoding
mjrtqzruga5dcnrwha4a
blueperfectballon.com/go/ 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:8d1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
693f7b46821fe4e3532c2d09ff22fc40cac28202f5e9eef59de7caf92f3c02bb
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-ray
8435752d99a437eb-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 10 Jan 2024 14:02:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HxAHJiMRcMaXp5AcXkfknaOuGrLF4kwHFYbugT40sHprE%2BsKHkKVf7Kse3SwrkBQwI8EF0Va4xK7VKKHldXfyhgVxLF1IzsFugLAcZivXcsRl0RClUOwnR7Qffwha%2Frg%2BCWqtsxrNBjE2hdXQ0fFGtbJQiI%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cf.errors.css
blueperfectballon.com/cdn-cgi/styles/ 		24 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blueperfectballon.com/cdn-cgi/styles/cf.errors.css
Requested by
Host: blueperfectballon.com
URL: https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:8d1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Wed, 10 Jan 2024 14:02:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 19 Dec 2023 14:09:38 GMT
server
cloudflare
etag
W/"6581a422-5e44"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=7200, public
cf-ray
843575386ea837eb-FRA
expires
Wed, 10 Jan 2024 16:02:28 GMT
icon-exclamation.png
blueperfectballon.com/cdn-cgi/images/ 		452 B
670 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blueperfectballon.com/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: blueperfectballon.com
URL: https://blueperfectballon.com/cdn-cgi/styles/cf.errors.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:8d1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://blueperfectballon.com/cdn-cgi/styles/cf.errors.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Wed, 10 Jan 2024 14:02:28 GMT
x-content-type-options
nosniff
last-modified
Tue, 19 Dec 2023 14:09:38 GMT
server
cloudflare
etag
"6581a422-1c4"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
843575399a600076-CDG
content-length
452
expires
Wed, 10 Jan 2024 16:02:28 GMT
Primary Request mjrtqzruga5dcnrwha4a
blueperfectballon.com/go/
Redirect Chain
  • https://blueperfectballon.com/cdn-cgi/phish-bypass?atok=UwlfrL8MhCZVKLn2IooxvfDD2qRQH4uR_ct7KTAih54-1704895346-0-%2Fgo%2Fmjrtqzruga5dcnrwha4a%3Fsub2%3Dreverse
  • https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse
18 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:8d1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95dd52ed6e89e7f3ba9d10c69343d3e3084fa6c6faf48c15dbf851c3d382d160

Request headers

Referer
https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
843575590cc10076-CDG
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 10 Jan 2024 14:02:33 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DA9M9K%2F6lg0BRj7nD2ypRy5mM%2Bosfk3kvTkxh9BS%2F3HUEtejX3xiiqFcZsUpk67S8d1qRJEmtwPNLvJgz9H0Uslc2wHHny7jklh%2F8LVTjW0BZDrwswQkqhr8E5x4cGm9aLJaXNzSC7sGIiDgmABX8DO3fCA%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

cache-control
private, no-cache
cf-ray
84357558dc8a0076-CDG
content-length
167
content-type
text/html
date
Wed, 10 Jan 2024 14:02:33 GMT
location
https://blueperfectballon.com/go/mjrtqzruga5dcnrwha4a?sub2=reverse
server
cloudflare
x-content-type-options
nosniff
x-frame-options
DENY

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| urlB64ToUint8Array

2 Cookies

Domain/Path Name / Value
.blueperfectballon.com/ Name: __cf_mw_byp
Value: UwlfrL8MhCZVKLn2IooxvfDD2qRQH4uR_ct7KTAih54-1704895346-0-/go/mjrtqzruga5dcnrwha4a?sub2=reverse
.blueperfectballon.com/ Name: uuid
Value: 32cf709b-3c18-47b6-9bf0-e330b16e7a28

1 Console Messages

Source Level URL
Text
network error
Message:
The script has an unsupported MIME type ('text/html').