a3b8.c11.e2-5.dev
Open in
urlscan Pro
66.114.108.55
Malicious Activity!
Public Scan
Effective URL: https://a3b8.c11.e2-5.dev/domai/index.htm
Submission: On March 10 via api from US — Scanned from US
Summary
TLS certificate: Issued by R3 on January 20th 2024. Valid for: 3 months.
This is the only time a3b8.c11.e2-5.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 66.114.108.55 66.114.108.55 | 13649 (ASN-FLEXE...) (ASN-FLEXENTIAL) | |
4 | 2607:f8b0:400... 2607:f8b0:4006:80a::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a04:4e42:400... 2a04:4e42:400::649 | 54113 (FASTLY) (FASTLY) | |
2 | 107.150.33.19 107.150.33.19 | 33387 (NOCIX) (NOCIX) | |
13 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
googleapis.com
firebasestorage.googleapis.com — Cisco Umbrella Rank: 6266 |
189 KB |
4 |
e2-5.dev
a3b8.c11.e2-5.dev |
26 KB |
2 |
vhv.rs
www.vhv.rs — Cisco Umbrella Rank: 210735 |
229 KB |
2 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 760 |
171 KB |
13 | 4 |
Domain | Requested by | |
---|---|---|
4 | firebasestorage.googleapis.com |
a3b8.c11.e2-5.dev
|
4 | a3b8.c11.e2-5.dev |
a3b8.c11.e2-5.dev
|
2 | www.vhv.rs |
a3b8.c11.e2-5.dev
|
2 | code.jquery.com |
a3b8.c11.e2-5.dev
|
13 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.c11.e2-5.dev R3 |
2024-01-20 - 2024-04-19 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-02-19 - 2024-05-13 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
vhv.rs R3 |
2024-02-25 - 2024-05-25 |
3 months | crt.sh |
This page contains 4 frames:
Primary Page:
https://a3b8.c11.e2-5.dev/domai/index.htm
Frame ID: 5A49B4BFDCF454BAB063A4376FC482C6
Requests: 7 HTTP requests in this frame
Frame:
https://a3b8.c11.e2-5.dev/domai/index.htm
Frame ID: 241A6A78798CD05FE8ACB166877A8FCF
Requests: 7 HTTP requests in this frame
Frame:
https://a3b8.c11.e2-5.dev/cdn-cgi/challenge-platform/scripts/jsd/main.js
Frame ID: 4B7663BA82947B89D27237C6848EDB61
Requests: 1 HTTP requests in this frame
Frame:
https://a3b8.c11.e2-5.dev/cdn-cgi/challenge-platform/scripts/jsd/main.js
Frame ID: 86C5AD0971999279D6894E9E7211E0BE
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Webmail Portal LoginPage URL History Show full URLs
-
http://a3b8.c11.e2-5.dev/domai/index.htm
HTTP 307
https://a3b8.c11.e2-5.dev/domai/index.htm Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://a3b8.c11.e2-5.dev/domai/index.htm
HTTP 307
https://a3b8.c11.e2-5.dev/domai/index.htm Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.htm
a3b8.c11.e2-5.dev/domai/ Redirect Chain
|
13 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.js
firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/ |
94 KB 94 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.12.4.js
code.jquery.com/ |
287 KB 86 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicons.png
firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/ |
492 B 803 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
494-4948700_mcafee-norton-accredited-business-hd-png-download.png
www.vhv.rs/dpng/d/ |
118 KB 115 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.htm
a3b8.c11.e2-5.dev/domai/ Frame 241A |
13 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
558 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
520 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
a3b8.c11.e2-5.dev/cdn-cgi/challenge-platform/scripts/jsd/ Frame 4B76 |
0 0 |
Script
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.js
firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/ Frame 241A |
94 KB 94 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.12.4.js
code.jquery.com/ Frame 241A |
287 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicons.png
firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/ Frame 241A |
492 B 626 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
494-4948700_mcafee-norton-accredited-business-hd-png-download.png
www.vhv.rs/dpng/d/ Frame 241A |
118 KB 115 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 241A |
558 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 241A |
520 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
a3b8.c11.e2-5.dev/cdn-cgi/challenge-platform/scripts/jsd/ Frame 86C5 |
0 0 |
Script
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 function| $ function| jQuery string| usertelegram string| token object| _0x29a3 function| _0x40b2 function| _0x2e20a0 string| hash number| n function| goNow object| input0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | block-all-mixed-content |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a3b8.c11.e2-5.dev
code.jquery.com
firebasestorage.googleapis.com
www.vhv.rs
107.150.33.19
2607:f8b0:4006:80a::200a
2a04:4e42:400::649
66.114.108.55
2172033cc841f94e32ca4412cd380e43d873a9e74e54aee03f0d26ed72d20be5
2e30ff33270fd8687b0eb4d12652bfd967f23975f158bf8da93bece2ba4ab947
430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575
49e82b0564770af8a7edb94067bba52fbcc17324d86ca6e8ed3151c2f1546719
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
578254b8c8e53db6ffe80754d29a9db454d8818885ac826b11e9b95389618b5b
a98f519f54bf5d0a7e3f586232946a1f3f832753ef5c7f7db008b04001b66931