help-verifybadgebussines.cf Open in urlscan Pro
95.181.172.45  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response help-verifybadgebussines.cf/	3 KB 2 KB	194ms 58ms	Document text/html	95.181.172.45 SERVERIUS-AS
General Check archive.org Show headers Download Go to Full URL https://help-verifybadgebussines.cf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 95.181.172.45 , Russian Federation, ASN50673 (SERVERIUS-AS, NL), Reverse DNS kurtoglubilisim.web.tr Software LiteSpeed / Resource Hash 95e088cb4d483968ad0b7b49f768e8bb9af8601f8c571515092b01dc5508f862 Request headers :method GET :authority help-verifybadgebussines.cf :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers content-type text/html; charset=UTF-8 content-encoding gzip vary Accept-Encoding content-length 1399 date Mon, 21 Dec 2020 02:02:09 GMT server LiteSpeed alt-svc quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
GET H2	200	images encrypted-tbn0.gstatic.com/	6 KB 6 KB	64ms 40ms	Image image/png	2a00:1450:4001:806::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn0.gstatic.com/images?q=tbn%3AANd9GcTjtjBw4xwF01ZdKL1cmnYZD3vdavlQPOWA7w&usqp=CAU Requested by Host: help-verifybadgebussines.cf URL: https://help-verifybadgebussines.cf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 98f05227be484074f46ceadea84463b984100426e231d5267862ed0b8afd7f64 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://help-verifybadgebussines.cf/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 21 Dec 2020 02:02:09 GMT x-content-type-options nosniff last-modified Tue, 30 Jul 2019 11:17:00 GMT server sffe content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6187 x-xss-protection 0 expires Tue, 21 Dec 2021 02:02:09 GMT
GET H2	200	1-instagram.gif cdn.dribbble.com/users/2475489/screenshots/9553468/	523 KB 524 KB	220ms 55ms	Image image/gif	192.229.220.206 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.dribbble.com/users/2475489/screenshots/9553468/1-instagram.gif Requested by Host: help-verifybadgebussines.cf URL: https://help-verifybadgebussines.cf/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.229.220.206 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (ama/8B52) / Resource Hash 11b4c1b5bd083683bfa2f61ce15fd849d3dbf4fbabd365b6f75bdbb7d8b51e61 Request headers Referer https://help-verifybadgebussines.cf/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 21 Dec 2020 02:02:09 GMT via 1.1 e7311287a3a52035e5fcaf9a58791105.cloudfront.net (CloudFront) last-modified Fri, 17 Jan 2020 12:43:59 GMT server ECAcc (ama/8B52) age 11949431 etag "962980cb229082d7981bfd510885421b" x-cache HIT content-type image/gif cache-control max-age=315576000 x-amz-version-id AZ2BVyO84zEYC7OEr35FnDSF3cwep1o7 x-amz-cf-pop IAD79-C1 accept-ranges bytes content-length 536008 x-amz-cf-id pEMRWAhLL24FbhZZdBBa2D58CKSQbIvqwj2jLC2lqhpzIsEjTp2SrQ== expires Tue, 04 Jun 2030 19:58:19 GMT
GET H2	200	1nzWmt3zgNYueUHtay9q_z3jdPD7IfplMhToVaTNHeqFGmzl-OeOo0KjN7EE5gAllJPpdiiz=s0-d-e1-ft ci6.googleusercontent.com/proxy/	304 KB 305 KB	707ms 684ms	Image image/gif	2a00:1450:4001:809::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://ci6.googleusercontent.com/proxy/1nzWmt3zgNYueUHtay9q_z3jdPD7IfplMhToVaTNHeqFGmzl-OeOo0KjN7EE5gAllJPpdiiz=s0-d-e1-ft Requested by Host: help-verifybadgebussines.cf URL: https://help-verifybadgebussines.cf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software fife / Resource Hash 766eba871c4341d668c6f9e901b97daedaf7e11dca64e2695ff8811a4ba1e318 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://help-verifybadgebussines.cf/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 21 Dec 2020 02:02:10 GMT x-content-type-options nosniff server fife vary Origin content-type image/gif access-control-allow-origin * access-control-expose-headers Content-Length cache-control max-age=31556926 content-disposition attachment;filename="unnamed.gif" timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 311800 x-xss-protection 0
GET H3-Q050	200	fbgif.gif help-verifybadgebussines.cf/	418 KB 418 KB	127ms 63ms	Image image/gif	95.181.172.45 SERVERIUS-AS
General Check archive.org Show headers Download Go to Show image Full URL https://help-verifybadgebussines.cf/fbgif.gif Requested by Host: help-verifybadgebussines.cf URL: https://help-verifybadgebussines.cf/ Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 95.181.172.45 , Russian Federation, ASN50673 (SERVERIUS-AS, NL), Reverse DNS kurtoglubilisim.web.tr Software LiteSpeed / Resource Hash 6364f8ae43e00b02c1cfcb4c62f4d8bd7b2871b36056877908798dbd6f89b279 Request headers Referer https://help-verifybadgebussines.cf/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 21 Dec 2020 02:02:09 GMT last-modified Sun, 20 Dec 2020 06:14:42 GMT server LiteSpeed etag "6861e-5fdeebd2-c06a8;;;" content-type image/gif cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000 content-length 427550 expires Mon, 28 Dec 2020 02:02:09 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Instagram (Social Network)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://help-verifybadgebussines.cf/(Line 109) Message: Script Created by Borislav Qenzy

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.dribbble.com
ci6.googleusercontent.com
encrypted-tbn0.gstatic.com
help-verifybadgebussines.cf
192.229.220.206
2a00:1450:4001:806::200e
2a00:1450:4001:809::2001
95.181.172.45
11b4c1b5bd083683bfa2f61ce15fd849d3dbf4fbabd365b6f75bdbb7d8b51e61
6364f8ae43e00b02c1cfcb4c62f4d8bd7b2871b36056877908798dbd6f89b279
766eba871c4341d668c6f9e901b97daedaf7e11dca64e2695ff8811a4ba1e318
95e088cb4d483968ad0b7b49f768e8bb9af8601f8c571515092b01dc5508f862
98f05227be484074f46ceadea84463b984100426e231d5267862ed0b8afd7f64