a3b8.c11.e2-5.dev Open in urlscan Pro
66.114.108.55 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://a3b8.c11.e2-5.dev/domai/index.htm
Effective URL:
https://a3b8.c11.e2-5.dev/domai/index.htm
Submission: On March 10 via api (March 10th 2024, 8:55:17 pm UTC) from US — Scanned from US

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 13 HTTP transactions. The main IP is 66.114.108.55, located in United States and belongs to ASN-FLEXENTIAL, US. The main domain is a3b8.c11.e2-5.dev.
TLS certificate: Issued by R3 on January 20th 2024. Valid for: 3 months.

This is the only time a3b8.c11.e2-5.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
4	66.114.108.55 66.114.108.55	13649 (ASN-FLEXE...) (ASN-FLEXENTIAL)
4	2607:f8b0:400... 2607:f8b0:4006:80a::200a	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
2	107.150.33.19 107.150.33.19	33387 (NOCIX) (NOCIX)
13	5

4 66.114.108.55 (United States)

ASN13649 (ASN-FLEXENTIAL, US)

a3b8.c11.e2-5.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:80a::200a (United States)

ASN15169 (GOOGLE, US)

firebasestorage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.150.33.19 (United States)

ASN33387 (NOCIX, US)

www.vhv.rs	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	googleapis.com firebasestorage.googleapis.com — Cisco Umbrella Rank: 6266	189 KB
4	e2-5.dev a3b8.c11.e2-5.dev	26 KB
2	vhv.rs www.vhv.rs — Cisco Umbrella Rank: 210735	229 KB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 760	171 KB
13	4

	Domain	Requested by
4	firebasestorage.googleapis.com	a3b8.c11.e2-5.dev
4	a3b8.c11.e2-5.dev	a3b8.c11.e2-5.dev
2	www.vhv.rs	a3b8.c11.e2-5.dev
2	code.jquery.com	a3b8.c11.e2-5.dev
13	4

This site contains no links.

Subject Issuer	Validity	Valid
*.c11.e2-5.dev R3	`2024-01-20` - `2024-04-19`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
vhv.rs R3	`2024-02-25` - `2024-05-25`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://a3b8.c11.e2-5.dev/domai/index.htm
Frame ID: 5A49B4BFDCF454BAB063A4376FC482C6
Requests: 7 HTTP requests in this frame

Frame: https://a3b8.c11.e2-5.dev/domai/index.htm
Frame ID: 241A6A78798CD05FE8ACB166877A8FCF
Requests: 7 HTTP requests in this frame

Frame: https://a3b8.c11.e2-5.dev/cdn-cgi/challenge-platform/scripts/jsd/main.js
Frame ID: 4B7663BA82947B89D27237C6848EDB61
Requests: 1 HTTP requests in this frame

Frame: https://a3b8.c11.e2-5.dev/cdn-cgi/challenge-platform/scripts/jsd/main.js
Frame ID: 86C5AD0971999279D6894E9E7211E0BE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Webmail Portal Login

Page URL History Show full URLs

http://a3b8.c11.e2-5.dev/domai/index.htm HTTP 307
https://a3b8.c11.e2-5.dev/domai/index.htm Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

92 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

616 kB
Transfer

1024 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://a3b8.c11.e2-5.dev/domai/index.htm HTTP 307
https://a3b8.c11.e2-5.dev/domai/index.htm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request index.htm Show response
a3b8.c11.e2-5.dev/domai/
Redirect Chain

http://a3b8.c11.e2-5.dev/domai/index.htm
https://a3b8.c11.e2-5.dev/domai/index.htm

13 KB
13 KB

498ms
214ms

Document
text/html

66.114.108.55
ASN-FLEXENTIAL

General

Check archive.org

Show headers Download Go to

Full URL

https://a3b8.c11.e2-5.dev/domai/index.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

66.114.108.55 , United States, ASN13649 (ASN-FLEXENTIAL, US),

Reverse DNS

Software

nginx /

Resource Hash

49e82b0564770af8a7edb94067bba52fbcc17324d86ca6e8ed3151c2f1546719

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 12819
Content-Security-Policy: block-all-mixed-content
Content-Type: text/html
Date: Sun, 10 Mar 2024 20:55:12 GMT
ETag: "d00dca83335052f019aa38aeda8a05e1"
Last-Modified: Sun, 10 Mar 2024 20:26:49 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin Accept-Encoding
X-Amz-Meta-Erid: 3
X-Amz-Request-Id: 17BB82A14FEAC01A
X-Content-Type-Options: nosniff
X-Minio-Compressed: s2
X-Xss-Protection: 1; mode=block

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://a3b8.c11.e2-5.dev/domai/index.htm
Non-Authoritative-Reason: HSTS

GET
H2 200 jquery-1.js Show response
firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/ 94 KB
94 KB 363ms
214ms Script
text/javascript 2607:f8b0:4006:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/jquery-1.js?alt=media&token=be637750-133e-4219-9149-f23352276b75
Requested by: Host: a3b8.c11.e2-5.dev
URL: https://a3b8.c11.e2-5.dev/domai/index.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80a::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

accept-language: en-US,en;q=0.9
Referer: https://a3b8.c11.e2-5.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 20:55:13 GMT
x-guploader-uploadid: ABPtcPoSLFgG775oinO8FHDF3V4zutR91ynSdzmtkeQv-fp1A_ZLZN8pt9BvmBOtfIxN8gYlQXk
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''jquery-1.js
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95786
last-modified: Mon, 01 Nov 2021 22:20:03 GMT
server: UploadServer
etag: "8101d596b2b8fa35fe3a634ea342d7c3"
x-goog-generation: 1635805203955006
content-type: text/javascript
x-goog-hash: crc32c=Xhs7LA==, md5=gQHVlrK4+jX+OmNOo0LXww==
cache-control: private, max-age=0
x-goog-stored-content-length: 95786
x-goog-meta-firebasestoragedownloadtokens: be637750-133e-4219-9149-f23352276b75
accept-ranges: bytes
expires: Sun, 10 Mar 2024 20:55:13 GMT

GET
H2 200 jquery-1.12.4.js Show response
code.jquery.com/ 287 KB
86 KB 308ms
106ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.12.4.js
Requested by: Host: a3b8.c11.e2-5.dev
URL: https://a3b8.c11.e2-5.dev/domai/index.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575

Request headers

Referer: https://a3b8.c11.e2-5.dev/
Origin: https://a3b8.c11.e2-5.dev
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 20:55:13 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 15301913
x-cache: HIT, HIT
content-length: 87176
x-served-by: cache-lga21970-LGA, cache-nyc-kteb1890086-NYC
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1710104113.400254,VS0,VE0
etag: W/"28feccc0-47a36"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 87, 5809

GET
H2 200 favicons.png
firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/ 492 B
803 B 450ms
301ms Image
image/png 2607:f8b0:4006:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media&token=805fb0ef-a2d9-4a7f-85e6-d68384e166e3
Requested by: Host: a3b8.c11.e2-5.dev
URL: https://a3b8.c11.e2-5.dev/domai/index.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80a::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 2e30ff33270fd8687b0eb4d12652bfd967f23975f158bf8da93bece2ba4ab947

Request headers

accept-language: en-US,en;q=0.9
Referer: https://a3b8.c11.e2-5.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 20:55:13 GMT
x-guploader-uploadid: ABPtcPo1LVTHtVSXqjjXoAIj2HhuczLnMb5wlInH0fufyPCQF_Oa8geC0HNmEVRqJ6WHrRguofM
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''favicons.png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 492
last-modified: Mon, 01 Nov 2021 22:20:02 GMT
server: UploadServer
etag: "3ca64f83fdcf25135d87e08af65e68c9"
x-goog-generation: 1635805202317844
content-type: image/png
x-goog-hash: crc32c=8ZCI3A==, md5=PKZPg/3PJRNdh+CK9l5oyQ==
cache-control: private, max-age=0
x-goog-stored-content-length: 492
x-goog-meta-firebasestoragedownloadtokens: 805fb0ef-a2d9-4a7f-85e6-d68384e166e3
accept-ranges: bytes
expires: Sun, 10 Mar 2024 20:55:13 GMT

GET
H/1.1 200
OK 494-4948700_mcafee-norton-accredited-business-hd-png-download.png
www.vhv.rs/dpng/d/ 118 KB
115 KB 480ms
271ms Image
image/png 107.150.33.19
NOCIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.vhv.rs/dpng/d/494-4948700_mcafee-norton-accredited-business-hd-png-download.png
Requested by: Host: a3b8.c11.e2-5.dev
URL: https://a3b8.c11.e2-5.dev/domai/index.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.150.33.19 , United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: nginx/1.14.0 /
Resource Hash: a98f519f54bf5d0a7e3f586232946a1f3f832753ef5c7f7db008b04001b66931

Request headers

accept-language: en-US,en;q=0.9
Referer: https://a3b8.c11.e2-5.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sun, 10 Mar 2024 20:55:13 GMT
Content-Encoding: gzip
Last-Modified: Fri, 15 May 2020 11:16:08 GMT
Server: nginx/1.14.0
ETag: W/"5ebe79f8-1d6ee"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/png
Connection: keep-alive

GET
H/1.1 200
OK index.htm Show response
a3b8.c11.e2-5.dev/domai/ Frame 241A 13 KB
13 KB 230ms
229ms Document
text/html 66.114.108.55
ASN-FLEXENTIAL

General

Check archive.org

Show headers Download Go to

Full URL

https://a3b8.c11.e2-5.dev/domai/index.htm

Requested by

Host: a3b8.c11.e2-5.dev
URL: https://a3b8.c11.e2-5.dev/domai/index.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

66.114.108.55 , United States, ASN13649 (ASN-FLEXENTIAL, US),

Reverse DNS

Software

nginx /

Resource Hash

49e82b0564770af8a7edb94067bba52fbcc17324d86ca6e8ed3151c2f1546719

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://a3b8.c11.e2-5.dev/domai/index.htm
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 12819
Content-Security-Policy: block-all-mixed-content
Content-Type: text/html
Date: Sun, 10 Mar 2024 20:55:13 GMT
ETag: "d00dca83335052f019aa38aeda8a05e1"
Last-Modified: Sun, 10 Mar 2024 20:26:49 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin Accept-Encoding
X-Amz-Meta-Erid: 3
X-Amz-Request-Id: 17BB82A1845B7618
X-Content-Type-Options: nosniff
X-Minio-Compressed: s2
X-Xss-Protection: 1; mode=block

GET
DATA 200
OK truncated
/ 558 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 578254b8c8e53db6ffe80754d29a9db454d8818885ac826b11e9b95389618b5b

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 520 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2172033cc841f94e32ca4412cd380e43d873a9e74e54aee03f0d26ed72d20be5

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 403
Forbidden main.js
a3b8.c11.e2-5.dev/cdn-cgi/challenge-platform/scripts/jsd/ Frame 4B76 0
0 386ms
184ms Script
application/xml 66.114.108.55
ASN-FLEXENTIAL

General

Check archive.org

Show headers Download Go to

Full URL

https://a3b8.c11.e2-5.dev/cdn-cgi/challenge-platform/scripts/jsd/main.js

Requested by

Host: a3b8.c11.e2-5.dev
URL: https://a3b8.c11.e2-5.dev/domai/index.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

66.114.108.55 , United States, ASN13649 (ASN-FLEXENTIAL, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sun, 10 Mar 2024 20:55:13 GMT
Content-Security-Policy: block-all-mixed-content
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Server: nginx
X-Amz-Request-Id: 17BB82A192BDCD71
Vary: Origin, Accept-Encoding
Content-Type: application/xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 353
X-Xss-Protection: 1; mode=block

GET
H2 200 jquery-1.js Show response
firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/ Frame 241A 94 KB
94 KB 199ms
198ms Script
text/javascript 2607:f8b0:4006:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/jquery-1.js?alt=media&token=be637750-133e-4219-9149-f23352276b75
Requested by: Host: a3b8.c11.e2-5.dev
URL: https://a3b8.c11.e2-5.dev/domai/index.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80a::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

accept-language: en-US,en;q=0.9
Referer: https://a3b8.c11.e2-5.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 20:55:14 GMT
x-guploader-uploadid: ABPtcPoqezKZKbNX9o3ncDA1g1NSubMoU7d_eud0amyMq-dAmbB3Bmjm4zT9Z0liyXldxoIqC4g
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''jquery-1.js
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95786
last-modified: Mon, 01 Nov 2021 22:20:03 GMT
server: UploadServer
etag: "8101d596b2b8fa35fe3a634ea342d7c3"
x-goog-generation: 1635805203955006
content-type: text/javascript
x-goog-hash: crc32c=Xhs7LA==, md5=gQHVlrK4+jX+OmNOo0LXww==
cache-control: private, max-age=0
x-goog-stored-content-length: 95786
x-goog-meta-firebasestoragedownloadtokens: be637750-133e-4219-9149-f23352276b75
accept-ranges: bytes
expires: Sun, 10 Mar 2024 20:55:14 GMT

GET
H2 200 jquery-1.12.4.js Show response
code.jquery.com/ Frame 241A 287 KB
85 KB 101ms
100ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.12.4.js
Requested by: Host: a3b8.c11.e2-5.dev
URL: https://a3b8.c11.e2-5.dev/domai/index.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575

Request headers

Referer: https://a3b8.c11.e2-5.dev/
Origin: https://a3b8.c11.e2-5.dev
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 20:55:13 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 15301914
x-cache: HIT, HIT
content-length: 87176
x-served-by: cache-lga21970-LGA, cache-nyc-kteb1890086-NYC
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1710104114.954667,VS0,VE0
etag: W/"28feccc0-47a36"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 87, 5810

GET
H2 200 favicons.png
firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/ Frame 241A 492 B
626 B 213ms
213ms Image
image/png 2607:f8b0:4006:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media&token=805fb0ef-a2d9-4a7f-85e6-d68384e166e3
Requested by: Host: a3b8.c11.e2-5.dev
URL: https://a3b8.c11.e2-5.dev/domai/index.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80a::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 2e30ff33270fd8687b0eb4d12652bfd967f23975f158bf8da93bece2ba4ab947

Request headers

accept-language: en-US,en;q=0.9
Referer: https://a3b8.c11.e2-5.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 20:55:14 GMT
x-guploader-uploadid: ABPtcPpZVFrdgs6DtwdVQlYa8jNVu_Gei2gYvbC6HiT2DVQkSHrQaFzW1GDaxSbltVTvQPLENPc
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''favicons.png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 492
last-modified: Mon, 01 Nov 2021 22:20:02 GMT
server: UploadServer
etag: "3ca64f83fdcf25135d87e08af65e68c9"
x-goog-generation: 1635805202317844
content-type: image/png
x-goog-hash: crc32c=8ZCI3A==, md5=PKZPg/3PJRNdh+CK9l5oyQ==
cache-control: private, max-age=0
x-goog-stored-content-length: 492
x-goog-meta-firebasestoragedownloadtokens: 805fb0ef-a2d9-4a7f-85e6-d68384e166e3
accept-ranges: bytes
expires: Sun, 10 Mar 2024 20:55:14 GMT

GET
H/1.1 200
OK 494-4948700_mcafee-norton-accredited-business-hd-png-download.png
www.vhv.rs/dpng/d/ Frame 241A 118 KB
115 KB 322ms
115ms Image
image/png 107.150.33.19
NOCIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.vhv.rs/dpng/d/494-4948700_mcafee-norton-accredited-business-hd-png-download.png
Requested by: Host: a3b8.c11.e2-5.dev
URL: https://a3b8.c11.e2-5.dev/domai/index.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.150.33.19 , United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: nginx/1.14.0 /
Resource Hash: a98f519f54bf5d0a7e3f586232946a1f3f832753ef5c7f7db008b04001b66931

Request headers

accept-language: en-US,en;q=0.9
Referer: https://a3b8.c11.e2-5.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sun, 10 Mar 2024 20:55:14 GMT
Content-Encoding: gzip
Last-Modified: Fri, 15 May 2020 11:16:08 GMT
Server: nginx/1.14.0
ETag: W/"5ebe79f8-1d6ee"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/png
Connection: keep-alive

GET
DATA 200
OK truncated
/ Frame 241A 558 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 578254b8c8e53db6ffe80754d29a9db454d8818885ac826b11e9b95389618b5b

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 241A 520 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2172033cc841f94e32ca4412cd380e43d873a9e74e54aee03f0d26ed72d20be5

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 403
Forbidden main.js
a3b8.c11.e2-5.dev/cdn-cgi/challenge-platform/scripts/jsd/ Frame 86C5 0
0 128ms
128ms Script
application/xml 66.114.108.55
ASN-FLEXENTIAL

General

Check archive.org

Show headers Download Go to

Full URL

https://a3b8.c11.e2-5.dev/cdn-cgi/challenge-platform/scripts/jsd/main.js

Requested by

Host: a3b8.c11.e2-5.dev
URL: https://a3b8.c11.e2-5.dev/domai/index.htm

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

66.114.108.55 , United States, ASN13649 (ASN-FLEXENTIAL, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Sun, 10 Mar 2024 20:55:14 GMT
Content-Security-Policy: block-all-mixed-content
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Server: nginx
X-Amz-Request-Id: 17BB82A1A2C729A8
Vary: Origin, Accept-Encoding
Content-Type: application/xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 353
X-Xss-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://a3b8.c11.e2-5.dev/cdn-cgi/challenge-platform/scripts/jsd/main.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
security	error	URL: about:blank Message: Refused to execute script from 'https://a3b8.c11.e2-5.dev/cdn-cgi/challenge-platform/scripts/jsd/main.js' because its MIME type ('application/xml') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://a3b8.c11.e2-5.dev/cdn-cgi/challenge-platform/scripts/jsd/main.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
security	error	URL: about:blank Message: Refused to execute script from 'https://a3b8.c11.e2-5.dev/cdn-cgi/challenge-platform/scripts/jsd/main.js' because its MIME type ('application/xml') is not executable, and strict MIME type checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a3b8.c11.e2-5.dev
code.jquery.com
firebasestorage.googleapis.com
www.vhv.rs
107.150.33.19
2607:f8b0:4006:80a::200a
2a04:4e42:400::649
66.114.108.55
2172033cc841f94e32ca4412cd380e43d873a9e74e54aee03f0d26ed72d20be5
2e30ff33270fd8687b0eb4d12652bfd967f23975f158bf8da93bece2ba4ab947
430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575
49e82b0564770af8a7edb94067bba52fbcc17324d86ca6e8ed3151c2f1546719
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
578254b8c8e53db6ffe80754d29a9db454d8818885ac826b11e9b95389618b5b
a98f519f54bf5d0a7e3f586232946a1f3f832753ef5c7f7db008b04001b66931

a3b8.c11.e2-5.dev Open in urlscan Pro 66.114.108.55 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

92 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

5 IPs

1 Countries

616 kBTransfer

1024 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

0 Cookies

4 Console Messages

Security Headers

Indicators

a3b8.c11.e2-5.dev Open in urlscan Pro
66.114.108.55 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

92 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

616 kB
Transfer

1024 kB
Size

0
Cookies

13 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!