login-form-6g1p9.kinsta.page
Open in
urlscan Pro
162.159.153.245
Malicious Activity!
Public Scan
Submission: On February 15 via automatic, source certstream-suspicious — Scanned from GE
Summary
TLS certificate: Issued by E1 on February 15th 2024. Valid for: 3 months.
This is the only time login-form-6g1p9.kinsta.page was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 162.159.153.245 162.159.153.245 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.181.234 142.250.181.234 | 15169 (GOOGLE) (GOOGLE) | |
1 | 172.67.69.203 172.67.69.203 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 52.218.29.216 52.218.29.216 | 16509 (AMAZON-02) (AMAZON-02) | |
1 9 | 104.21.77.20 104.21.77.20 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.26.5.120 104.26.5.120 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 142.250.184.227 142.250.184.227 | 15169 (GOOGLE) (GOOGLE) | |
19 | 8 |
ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f10.1e100.net
fonts.googleapis.com |
ASN16509 (AMAZON-02, US)
PTR: s3-eu-west-1-r-w.amazonaws.com
unamdev.s3.eu-west-1.amazonaws.com |
ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
esm.sh
1 redirects
esm.sh — Cisco Umbrella Rank: 211543 |
34 KB |
3 |
gstatic.com
fonts.gstatic.com |
37 KB |
3 |
splitbee.io
cdn.splitbee.io — Cisco Umbrella Rank: 536766 hive.splitbee.io — Cisco Umbrella Rank: 414638 |
5 KB |
3 |
kinsta.page
login-form-6g1p9.kinsta.page |
5 KB |
1 |
amazonaws.com
unamdev.s3.eu-west-1.amazonaws.com |
2 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 48 |
1 KB |
19 | 6 |
Domain | Requested by | |
---|---|---|
9 | esm.sh |
1 redirects
login-form-6g1p9.kinsta.page
|
3 | fonts.gstatic.com |
fonts.googleapis.com
|
3 | login-form-6g1p9.kinsta.page |
login-form-6g1p9.kinsta.page
|
2 | hive.splitbee.io |
cdn.splitbee.io
|
1 | unamdev.s3.eu-west-1.amazonaws.com |
login-form-6g1p9.kinsta.page
|
1 | cdn.splitbee.io |
login-form-6g1p9.kinsta.page
|
1 | fonts.googleapis.com |
login-form-6g1p9.kinsta.page
|
19 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
login-form-1y0dd.kinsta.page |
Subject Issuer | Validity | Valid | |
---|---|---|---|
login-form-6g1p9.kinsta.page E1 |
2024-02-15 - 2024-05-15 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-01-29 - 2024-04-22 |
3 months | crt.sh |
cdn.splitbee.io Cloudflare Inc ECC CA-3 |
2023-11-19 - 2024-11-18 |
a year | crt.sh |
*.s3-eu-west-1.amazonaws.com Amazon RSA 2048 M01 |
2024-01-31 - 2025-01-15 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-12 - 2024-05-11 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2024-01-29 - 2024-04-22 |
3 months | crt.sh |
esm.sh E1 |
2024-01-17 - 2024-04-16 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://login-form-6g1p9.kinsta.page/
Frame ID: 19043DD2CF42CAC25C5F559ECEBC672B
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
Iniciar seiónDetected technologies
Google Font API (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: ¿Has olvidado tu contraseña?
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- https://esm.sh/@supabase/supabase-js@2 HTTP 302
- https://esm.sh/@supabase/supabase-js@2.39.6
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
login-form-6g1p9.kinsta.page/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
login-form-6g1p9.kinsta.page/assets/css/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sb.js
cdn.splitbee.io/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
first-letter-user.png
unamdev.s3.eu-west-1.amazonaws.com/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
login-form-6g1p9.kinsta.page/assets/js/ |
1 KB 884 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
supabase-js@2.39.6
esm.sh/@supabase/ Redirect Chain
|
519 B 767 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
i
hive.splitbee.io/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
i
hive.splitbee.io/ |
65 B 749 B |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
220 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu7WxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ |
5 KB 6 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gotrue-js.mjs
esm.sh/v135/@supabase/gotrue-js@2.62.2/es2022/ |
45 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
functions-js.mjs
esm.sh/v135/@supabase/functions-js@2.1.5/es2022/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
realtime-js.mjs
esm.sh/v135/@supabase/realtime-js@2.9.3/es2022/ |
21 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
postgrest-js.mjs
esm.sh/v135/@supabase/postgrest-js@1.9.2/es2022/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
storage-js.mjs
esm.sh/v135/@supabase/storage-js@2.5.5/es2022/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
node-fetch.mjs
esm.sh/v135/@supabase/node-fetch@2.6.15/es2022/ |
514 B 823 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
supabase-js.mjs
esm.sh/v135/@supabase/supabase-js@2.39.6/es2022/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| splitbee string| sbCtx boolean| splitbeeLoaded1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
login-form-6g1p9.kinsta.page/ | Name: sb_uid Value: r3sxfhj761 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.splitbee.io
esm.sh
fonts.googleapis.com
fonts.gstatic.com
hive.splitbee.io
login-form-6g1p9.kinsta.page
unamdev.s3.eu-west-1.amazonaws.com
104.21.77.20
104.26.5.120
142.250.181.234
142.250.184.227
162.159.153.245
172.67.69.203
52.218.29.216
0341c2ae9ddeca2238f33aabb22837bb8ad884f20887a2bf6e69a90617f19194
1ceff49ed4b1675622109f6922d1b347b224e697be3c594e025991b85e57a035
243523b91b7e8943acf8737c64f0db2574ff8e6d25dd0a9ee56d72e54012108d
2a275157dc3a6ea4cd477b5050f0a49eea7cc8e5d0c31a00b2859ffb3c4cb460
2cede80b5a4479e49a415eb52c9b07345050703e2017b752d8a121d6ac0459de
37b96f1d51199b0273e0d1c763cb3db7b85dc7e86f1115e97525f4d56db7593f
3b8aa2311d3d785a225afe46d73cbb380739529ffbdaff1d301c7b72bb6ffddc
54806ef024daa0f215207b62116275b6952270d07251b5b6c744c83226096040
5bffba3d356ce97f17c7fb94f3e8e56230baabe5d86f3092728878d06c9b489a
77b24796a3d4ab521f66765651875338ed50cb9306cfe4603a3e79618e429cec
8753541a3a44842cd815d81c4f8c589e0a0d763112d622f3088cd6f064e825fd
8d531e475e2502d2021fbce4ec6377b4a9c6bf9d9f566c7dacfbac54ad62c2c0
9db0e23ab32de0660619b73acbb5a100212b3bd5ee76520ae01fc9e5cb7ddc40
a2fc3e7e0cbb5b104f14cbc580831fb51841b0ccea38fd38befab4eb56b113a7
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1a78e0df0ac0b609aa1558ca90fcd65b6fb8829f88fb5f19bc908faf4bcb73d
d396f6f190c37a16fce4c70a0aa3d0e8435d1e3d0fe66e234bd36d36dd0fd50a
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fd1f10e8fa085f7702aa839346fa45a593d4a075cfe9c93786df3538561f789c