![](/screenshots/c813c0b7-05ff-4be6-9683-8fe60fbb9a03.png)
beliveingreenmind.ga
Open in
urlscan Pro
178.128.241.54
Malicious Activity!
Public Scan
Effective URL: https://beliveingreenmind.ga/?p=hbqwczrvmq5gi3bpguytsmy&sub1=bewwickk&sub2=ramil.forloc
Submission: On January 10 via automatic, source openphish
Summary
TLS certificate: Issued by R3 on December 10th 2020. Valid for: 3 months.
This is the only time beliveingreenmind.ga was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 202.138.226.66 202.138.226.66 | 9657 (MELSANET-...) (MELSANET-ID-AP Melsa-i-net AS) | |
1 1 | 176.96.238.226 176.96.238.226 | 207319 (MSKHOST) (MSKHOST) | |
1 | 45.9.148.32 45.9.148.32 | 49447 (NICEIT) (NICEIT) | |
1 | 2606:4700::68... 2606:4700::6812:1634 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 95.181.157.242 95.181.157.242 | 207319 (MSKHOST) (MSKHOST) | |
1 | 178.128.241.54 178.128.241.54 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
14 | 6 |
ASN9657 (MELSANET-ID-AP Melsa-i-net AS, ID)
afitaconsultant.co.id |
ASN207319 (MSKHOST, RU)
PTR: tom.com
port.transandfiestas.ga |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
afitaconsultant.co.id
afitaconsultant.co.id |
19 KB |
1 |
beliveingreenmind.ga
beliveingreenmind.ga |
53 KB |
1 |
lovegreenpencils.ga
irc.lovegreenpencils.ga Failed |
2 KB |
1 |
fontawesome.com
kit.fontawesome.com |
4 KB |
1 |
helpmart.ga
fast.helpmart.ga |
333 B |
1 |
transandfiestas.ga
1 redirects
port.transandfiestas.ga |
255 B |
0 |
googleapis.com
Failed
ajax.googleapis.com Failed |
|
0 |
bootstrapcdn.com
Failed
maxcdn.bootstrapcdn.com Failed stackpath.bootstrapcdn.com Failed |
|
0 |
cloudflare.com
Failed
cdnjs.cloudflare.com Failed |
|
0 |
jquery.com
Failed
code.jquery.com Failed |
|
14 | 10 |
Domain | Requested by | |
---|---|---|
3 | afitaconsultant.co.id |
afitaconsultant.co.id
|
1 | beliveingreenmind.ga |
irc.lovegreenpencils.ga
|
1 | irc.lovegreenpencils.ga |
port.transandfiestas.ga
|
1 | kit.fontawesome.com |
afitaconsultant.co.id
|
1 | fast.helpmart.ga |
afitaconsultant.co.id
|
1 | port.transandfiestas.ga | 1 redirects |
0 | stackpath.bootstrapcdn.com Failed |
afitaconsultant.co.id
|
0 | ajax.googleapis.com Failed |
afitaconsultant.co.id
|
0 | maxcdn.bootstrapcdn.com Failed |
afitaconsultant.co.id
|
0 | cdnjs.cloudflare.com Failed |
afitaconsultant.co.id
|
0 | code.jquery.com Failed |
afitaconsultant.co.id
|
14 | 11 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
fast.helpmart.ga R3 |
2020-12-10 - 2021-03-10 |
3 months | crt.sh |
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2020-11-13 - 2021-12-14 |
a year | crt.sh |
irc.lovegreenpencils.ga R3 |
2020-12-24 - 2021-03-24 |
3 months | crt.sh |
beliveingreenmind.ga R3 |
2020-12-10 - 2021-03-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://beliveingreenmind.ga/?p=hbqwczrvmq5gi3bpguytsmy&sub1=bewwickk&sub2=ramil.forloc
Frame ID: 7629C4446F4436D55F6BD0A3AC5B1B41
Requests: 15 HTTP requests in this frame
Screenshot
![](/screenshots/c813c0b7-05ff-4be6-9683-8fe60fbb9a03.png)
Page URL History Show full URLs
- http://afitaconsultant.co.id/72b1d185542cf096c9b05c9c53335b82cb093170657a560aa633ae793b1b483d10d47e1b06db... Page URL
- https://irc.lovegreenpencils.ga/goto?ad_campaign_id=3262 Page URL
- https://beliveingreenmind.ga/?p=hbqwczrvmq5gi3bpguytsmy&sub1=bewwickk&sub2=ramil.forloc Page URL
Detected technologies
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://afitaconsultant.co.id/72b1d185542cf096c9b05c9c53335b82cb093170657a560aa633ae793b1b483d10d47e1b06db4e57607184d14193ac41/ Page URL
- https://irc.lovegreenpencils.ga/goto?ad_campaign_id=3262 Page URL
- https://beliveingreenmind.ga/?p=hbqwczrvmq5gi3bpguytsmy&sub1=bewwickk&sub2=ramil.forloc Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://port.transandfiestas.ga/stat.js?stat=debug HTTP 301
- https://fast.helpmart.ga/stat.js?stat=debug
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
afitaconsultant.co.id/72b1d185542cf096c9b05c9c53335b82cb093170657a560aa633ae793b1b483d10d47e1b06db4e57607184d14193ac41/ |
15 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stat.js
fast.helpmart.ga/ Redirect Chain
|
296 B 333 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
34wtddjp0q1v1dtu2elv5jwg4yf.css
afitaconsultant.co.id/72b1d185542cf096c9b05c9c53335b82cb093170657a560aa633ae793b1b483d10d47e1b06db4e57607184d14193ac41/css/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
signin-render-ZiemCn4H.css
afitaconsultant.co.id/72b1d185542cf096c9b05c9c53335b82cb093170657a560aa633ae793b1b483d10d47e1b06db4e57607184d14193ac41/css/ |
14 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
585b051251.js
kit.fontawesome.com/ |
10 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
fxxj3ttftm5ltcqnto1o4baovyl.png
afitaconsultant.co.id/72b1d185542cf096c9b05c9c53335b82cb093170657a560aa633ae793b1b483d10d47e1b06db4e57607184d14193ac41/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery-3.2.1.slim.min.js
code.jquery.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
goto
irc.lovegreenpencils.ga/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
![]() irc.lovegreenpencils.ga/ |
788 B 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
beliveingreenmind.ga/ |
52 KB 53 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- afitaconsultant.co.id
- URL
- http://afitaconsultant.co.id/72b1d185542cf096c9b05c9c53335b82cb093170657a560aa633ae793b1b483d10d47e1b06db4e57607184d14193ac41/images/fxxj3ttftm5ltcqnto1o4baovyl.png
- Domain
- code.jquery.com
- URL
- https://code.jquery.com/jquery-3.2.1.slim.min.js
- Domain
- cdnjs.cloudflare.com
- URL
- https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
- Domain
- maxcdn.bootstrapcdn.com
- URL
- https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
- Domain
- ajax.googleapis.com
- URL
- https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
- Domain
- stackpath.bootstrapcdn.com
- URL
- https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
- Domain
- irc.lovegreenpencils.ga
- URL
- https://irc.lovegreenpencils.ga/goto?ad_campaign_id=3262
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)32 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| languages undefined| text string| relevanteLang string| lang boolean| guardEnabled boolean| isChrome function| compareVersion function| getLanguage object| rootElement boolean| canStart function| disableHistory function| disableIncognito function| denied function| getWorkerRegistration function| SubS function| CheckS function| urlB64ToUint8Array function| j4ee function| L0zz boolean| j string| title string| holder function| before_redirect_block1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.beliveingreenmind.ga/ | Name: uuid Value: e5fc002d-9765-457b-ad44-93ad3f1e5287 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
afitaconsultant.co.id
ajax.googleapis.com
beliveingreenmind.ga
cdnjs.cloudflare.com
code.jquery.com
fast.helpmart.ga
irc.lovegreenpencils.ga
kit.fontawesome.com
maxcdn.bootstrapcdn.com
port.transandfiestas.ga
stackpath.bootstrapcdn.com
afitaconsultant.co.id
ajax.googleapis.com
cdnjs.cloudflare.com
code.jquery.com
irc.lovegreenpencils.ga
maxcdn.bootstrapcdn.com
stackpath.bootstrapcdn.com
176.96.238.226
178.128.241.54
202.138.226.66
2606:4700::6812:1634
45.9.148.32
95.181.157.242
59353116bc1f25f3f68d1b3751642d1d28113a050060315a32c81f8c52edb4b4
5a85d0a7e04d050a3d3b956970f32038b7b0495492f156bd8d4627afff9bfa42
6600e628d105299a9954bb85edc818356f1ec6136ba5d503dc39b2b3de8526c7
704e83d712675ef5372b082bc11dce00c8e498836b383c4514099ba5e0b9f833
7c59bf372b4fff46945e4c5171f5d440c7cc8e4f69f6363ae89599971d95b30f
876045ef69f877e7337369953d66d3b14d989941c6c7ef3c3a9a6048c2f3c600
ddd6e288270268de6b427fb4760e0d1384fff8e72a643faa642d4f51203b0efe