alisstag.com Open in urlscan Pro
2a02:4780:33:a15b:397b:754b:d3f6:46db Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://alisstag.com/?utm_medium=paid&utm_source=fb&utm_id=120209097206240010&utm_content=120209097206210010&utm_term...
Submission Tags: falconsandbox
Submission: On June 13 via api (June 13th 2024, 4:14:51 pm UTC) from US — Scanned from DE

Summary HTTP 10 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 10 HTTP transactions. The main IP is 2a02:4780:33:a15b:397b:754b:d3f6:46db, located in Meppel, Netherlands and belongs to AS-HOSTINGER, CY. The main domain is alisstag.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on April 27th 2024. Valid for: 3 months.

This is the only time alisstag.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
4	2a02:4780:33:... 2a02:4780:33:a15b:397b:754b:d3f6:46db	47583 (AS-HOSTINGER) (AS-HOSTINGER)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	191.96.144.103 191.96.144.103	47583 (AS-HOSTINGER) (AS-HOSTINGER)
2	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
10	4

4 2a02:4780:33:a15b:397b:754b:d3f6:46db (Meppel, Netherlands)

ASN47583 (AS-HOSTINGER, CY)

alisstag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 191.96.144.103 (Phoenix, United States)

ASN47583 (AS-HOSTINGER, CY)

alisstag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	alisstag.com alisstag.com	208 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 114	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 205	71 KB
10	3

	Domain	Requested by
6	alisstag.com	alisstag.com
2	www.facebook.com	alisstag.com
2	connect.facebook.net	alisstag.com connect.facebook.net
10	3

This site contains links to these domains. Also see Links.

Domain
telegram.org
wh.komedia.top

Subject Issuer	Validity	Valid
alisstag.com ZeroSSL RSA Domain Secure Site CA	`2024-04-27` - `2024-07-26`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-03-23` - `2024-06-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://alisstag.com/?utm_medium=paid&utm_source=fb&utm_id=120209097206240010&utm_content=120209097206210010&utm_term=120209097206250010&utm_campaign=120209097206240010
Frame ID: 0FD2A2C465A14497316FF7258774FCF9
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telegram

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Page Statistics

10
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

282 kB
Transfer

663 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://telegram.org/
Title: DESCARGA

Search URL Search Domain Scan URL

URL: https://wh.komedia.top/webhook/priemleadcobot?fbclid=
Title: SUSCRIBETE AL CANAL

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
alisstag.com/ 6 KB
3 KB 638ms
581ms Document
text/html 2a02:4780:33:a15b:397b:754b:d3f6:46db
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://alisstag.com/?utm_medium=paid&utm_source=fb&utm_id=120209097206240010&utm_content=120209097206210010&utm_term=120209097206250010&utm_campaign=120209097206240010

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:33:a15b:397b:754b:d3f6:46db Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

hcdn / PHP/8.1.27

Resource Hash

c91600f122fce7cecedd1739142bc7d7365c1ba9a5af25a7cbf3ebd5965e70c4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-encoding: br
content-length: 3061
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Thu, 13 Jun 2024 16:14:46 GMT
platform: hostinger
server: hcdn
x-hcdn-cache-status: DYNAMIC
x-hcdn-request-id: 27ea8960b056e20584bc8934db672cc4-srv-edge4
x-hcdn-upstream-rt: 0.567
x-powered-by: PHP/8.1.27

GET
H2 200 index.css
alisstag.com/ 2 KB
1 KB 575ms
574ms Stylesheet
text/css 2a02:4780:33:a15b:397b:754b:d3f6:46db
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://alisstag.com/index.css

Requested by

Host: alisstag.com
URL: https://alisstag.com/?utm_medium=paid&utm_source=fb&utm_id=120209097206240010&utm_content=120209097206210010&utm_term=120209097206250010&utm_campaign=120209097206240010

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:33:a15b:397b:754b:d3f6:46db Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

hcdn /

Resource Hash

c6590609ad4af5d74cab14e6f65109defdded083a175192d8779a038017ba6bb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://alisstag.com/?utm_medium=paid&utm_source=fb&utm_id=120209097206240010&utm_content=120209097206210010&utm_term=120209097206250010&utm_campaign=120209097206240010
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 16:14:46 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=86400
content-length: 749
x-hcdn-cache-status: MISS
last-modified: Sat, 27 Apr 2024 21:28:34 GMT
server: hcdn
etag: "93f-662d6e02-c73c966f9ec4552b;br"
x-hcdn-request-id: 552cccd77515b609bc2c073dbb881505-srv-edge4
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
x-hcdn-upstream-rt: 0.560
accept-ranges: bytes
platform: hostinger
expires: Thu, 20 Jun 2024 16:14:46 GMT

GET
H2 200 placeholder.jpg
alisstag.com/assets/ 143 KB
144 KB 1237ms
1237ms Image
image/webp 2a02:4780:33:a15b:397b:754b:d3f6:46db
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alisstag.com/assets/placeholder.jpg
Requested by: Host: alisstag.com
URL: https://alisstag.com/?utm_medium=paid&utm_source=fb&utm_id=120209097206240010&utm_content=120209097206210010&utm_term=120209097206250010&utm_campaign=120209097206240010
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:4780:33:a15b:397b:754b:d3f6:46db Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: hcdn /
Resource Hash: d48c327014f4e15c6521e83571beafda6684d574f106fc1e592cbd7916d867a6

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://alisstag.com/?utm_medium=paid&utm_source=fb&utm_id=120209097206240010&utm_content=120209097206210010&utm_term=120209097206250010&utm_campaign=120209097206240010
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 16:14:47 GMT
x-hcdn-cache-status: MISS
server: hcdn
x-hcdn-request-id: 65d37c99ce252bbf3c31abcc82d189e1-srv-edge4
content-type: image/webp
cache-control: public, max-age=604800
x-hcdn-image-optimizer: f:webp q:85 w:1600
x-hcdn-upstream-rt: 1.222
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 146852

GET
H2 200 index.js Show response
alisstag.com/ 150 B
506 B 573ms
573ms Script
application/x-javascript 2a02:4780:33:a15b:397b:754b:d3f6:46db
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://alisstag.com/index.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:33:a15b:397b:754b:d3f6:46db Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

hcdn /

Resource Hash

ab16a7a2215f57bb2ee3945d04a0fd6048aa471f779fb48eae4ae95743bcb2d7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://alisstag.com/?utm_medium=paid&utm_source=fb&utm_id=120209097206240010&utm_content=120209097206210010&utm_term=120209097206250010&utm_campaign=120209097206240010
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 16:14:46 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-hcdn-cache-status: MISS
last-modified: Wed, 22 May 2024 20:45:06 GMT
server: hcdn
etag: W/"96-664e5952-655af69d0abba2af;;;"
vary: Accept-Encoding
x-hcdn-request-id: 9656a6253d54ffe675d7da910a219ac6-srv-edge4
content-type: application/x-javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
x-hcdn-upstream-rt: 0.559
platform: hostinger
expires: Thu, 20 Jun 2024 16:14:46 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 219 KB
59 KB 26ms
9ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0313b0d078dfe6c7ab517c11404b0c01458469006fbf1a0d4d4c5e90517e54f8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://alisstag.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 13 Jun 2024 16:14:46 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58024
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=12, mss=1297, tbw=2780, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: 4/qnz+S9EgOErJ3yzKxs47TRuX+/D2oNpIpiMlTIigYRzHyFjje2KQBWJ1xJIvtcJqy77z8q+yFwjm3etOeObw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 pattern.svg
alisstag.com/assets/ 232 KB
58 KB 142ms
142ms Image
image/svg+xml 191.96.144.103
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alisstag.com/assets/pattern.svg

Requested by

Host: alisstag.com
URL: https://alisstag.com/index.css

Protocol

Security

QUIC, , AES_128_GCM

Server

191.96.144.103 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

hcdn /

Resource Hash

572bfa84bf6c7be9687331d1a8a80e4a70e82d41b36b0123a3f044ce928325d0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://alisstag.com/index.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 16:14:46 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
age: 30931
alt-svc: h3=":443"; ma=86400
content-length: 58687
x-hcdn-cache-status: HIT
last-modified: Sat, 27 Apr 2024 21:28:36 GMT
server: hcdn
etag: "39f79-662d6e04-6788a2b31ec5d91;br"
x-hcdn-request-id: 540816c1e76048c1503d231d8209fe34-phx-edge1
content-type: image/svg+xml
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
platform: hostinger
expires: Thu, 20 Jun 2024 07:39:15 GMT

GET
H2 200 330191060170333 Show response
connect.facebook.net/signals/config/ 57 KB
12 KB 161ms
160ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/330191060170333?v=2.9.158&r=stable&domain=alisstag.com&hme=446fb981c8c3baeb03730fe3cbd404f7f15f64c693f24c7fe75da498bc2c95d8&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C174%2C170%2C171%2C173%2C28%2C94%2C50%2C73%2C172%2C155%2C158%2C167%2C168%2C175%2C122%2C14%2C48%2C180%2C179%2C124%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0d6c8ac76c05048d68c5ac8033c527dd3aba97d3d7be91180841a254f626f863

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://alisstag.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 13 Jun 2024 16:14:46 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=12, rtx=0, c=64, mss=1297, tbw=63561, tp=-1, tpl=-1, uplat=151, ullat=1
pragma: public
x-fb-debug: qsi1LszuxHSKvrol0ipt3WRSjnmbhPu4HIduFH2c8fqJsQ7cObJIeuGjKgY5yKic3SLpCgD4ptYctpf0nJg6Rw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 25ms
8ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=330191060170333&ev=PageView&dl=https%3A%2F%2Falisstag.com%2F%3Futm_medium%3Dpaid%26utm_source%3Dfb%26utm_id%3D120209097206240010%26utm_content%3D120209097206210010%26utm_term%3D120209097206250010%26utm_campaign%3D120209097206240010&rl=&if=false&ts=1718295286816&sw=1600&sh=1200&v=2.9.158&r=stable&ec=0&o=4126&fbp=fb.1.1718295286815.367093429632227074&ler=empty&cdl=API_unavailable&it=1718295286646&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://alisstag.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=10, mss=1297, tbw=2786, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 13 Jun 2024 16:14:46 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 324ms
308ms Image
image/png 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=330191060170333&ev=PageView&dl=https%3A%2F%2Falisstag.com%2F%3Futm_medium%3Dpaid%26utm_source%3Dfb%26utm_id%3D120209097206240010%26utm_content%3D120209097206210010%26utm_term%3D120209097206250010%26utm_campaign%3D120209097206240010&rl=&if=false&ts=1718295286816&sw=1600&sh=1200&v=2.9.158&r=stable&ec=0&o=4126&fbp=fb.1.1718295286815.367093429632227074&ler=empty&cdl=API_unavailable&it=1718295286646&coo=false&rqm=FGET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://alisstag.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xdcb198d14deac655","source_keys":["1","2"]},{"key_piece":"0xe861bda8d8e49156","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding: zstd
x-content-type-options: nosniff
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
date: Thu, 13 Jun 2024 16:14:47 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7380022059553976082", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=11, rtx=0, c=10, mss=1297, tbw=3104, tp=-1, tpl=-1, uplat=298, ullat=0
pragma: no-cache
x-fb-debug: mx/WbMi/7xyASIYiUnf4zbDmiFV/MkHV72M4BpWTYBMFqx0VMFsgv8gUlSC7xaTl8JMP2IRWYzP86WyZq+UT0g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7380022059553976082"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 404 favicon.ico
alisstag.com/ 2 KB
1 KB 649ms
649ms Other
text/html 191.96.144.103
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: https://alisstag.com/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 191.96.144.103 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: hcdn /
Resource Hash: 3d70ce95eb1eb78620cc57fe1a6a479e6f2d70508bf813238e573863df000d6e

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://alisstag.com/?utm_medium=paid&utm_source=fb&utm_id=120209097206240010&utm_content=120209097206210010&utm_term=120209097206250010&utm_campaign=120209097206240010
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 16:14:47 GMT
content-encoding: br
last-modified: Wed, 06 Dec 2023 20:18:07 GMT
server: hcdn
etag: "999-6570d6ff-4b52a1fda9be6948;br"
x-hcdn-request-id: 40351910002642afcc7c8dfa0766ea7a-phx-edge1
content-type: text/html
x-turbo-charged-by: LiteSpeed
platform: hostinger
alt-svc: h3=":443"; ma=86400
content-length: 912

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.alisstag.com/	1970-01-20 23:27:51	Name: _fbp Value: fb.1.1718295286815.367093429632227074

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://alisstag.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alisstag.com
connect.facebook.net
www.facebook.com
191.96.144.103
2a02:4780:33:a15b:397b:754b:d3f6:46db
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
0313b0d078dfe6c7ab517c11404b0c01458469006fbf1a0d4d4c5e90517e54f8
0d6c8ac76c05048d68c5ac8033c527dd3aba97d3d7be91180841a254f626f863
3d70ce95eb1eb78620cc57fe1a6a479e6f2d70508bf813238e573863df000d6e
572bfa84bf6c7be9687331d1a8a80e4a70e82d41b36b0123a3f044ce928325d0
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab16a7a2215f57bb2ee3945d04a0fd6048aa471f779fb48eae4ae95743bcb2d7
c6590609ad4af5d74cab14e6f65109defdded083a175192d8779a038017ba6bb
c91600f122fce7cecedd1739142bc7d7365c1ba9a5af25a7cbf3ebd5965e70c4
d48c327014f4e15c6521e83571beafda6684d574f106fc1e592cbd7916d867a6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

alisstag.com Open in urlscan Pro 2a02:4780:33:a15b:397b:754b:d3f6:46db Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

75 %IPv6

3 Domains

3 Subdomains

4 IPs

3 Countries

282 kBTransfer

663 kBSize

1 Cookies

2 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

alisstag.com Open in urlscan Pro
2a02:4780:33:a15b:397b:754b:d3f6:46db Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

282 kB
Transfer

663 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!