plains.cloudns.be
Open in
urlscan Pro
162.240.168.222
Malicious Activity!
Public Scan
Submission: On June 21 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by ZeroSSL ECC Domain Secure Site CA on June 19th 2024. Valid for: 3 months.
This is the only time plains.cloudns.be was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Chase (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 162.240.168.222 162.240.168.222 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 2a00:1450:400... 2a00:1450:4001:810::200a | 15169 (GOOGLE) (GOOGLE) | |
5 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2606:4700:303... 2606:4700:3036::6815:1b98 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 45.130.231.204 45.130.231.204 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
2 | 2a00:1450:400... 2a00:1450:4001:808::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 23.222.16.139 23.222.16.139 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
21 | 8 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-240-168-222.unifiedlayer.com
plains.cloudns.be |
ASN47583 (AS-HOSTINGER, CY)
PTR: srv102.niagahoster.com
idevcorner.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-222-16-139.deploy.static.akamaitechnologies.com
static.chasecdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 268 |
105 KB |
4 |
idevcorner.com
idevcorner.com |
57 KB |
4 |
cloudns.be
plains.cloudns.be |
505 KB |
3 |
fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1381 |
93 KB |
2 |
gstatic.com
fonts.gstatic.com |
32 KB |
1 |
chasecdn.com
static.chasecdn.com — Cisco Umbrella Rank: 8320 |
3 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 83 |
1 KB |
21 | 7 |
Domain | Requested by | |
---|---|---|
5 | cdnjs.cloudflare.com |
plains.cloudns.be
cdnjs.cloudflare.com |
4 | idevcorner.com |
plains.cloudns.be
|
4 | plains.cloudns.be |
plains.cloudns.be
|
3 | use.fontawesome.com |
plains.cloudns.be
use.fontawesome.com |
2 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | static.chasecdn.com | |
1 | fonts.googleapis.com |
plains.cloudns.be
|
21 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
plains.cloudns.be ZeroSSL ECC Domain Secure Site CA |
2024-06-19 - 2024-09-17 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-06-03 - 2024-08-26 |
3 months | crt.sh |
cdnjs.cloudflare.com E1 |
2024-06-02 - 2024-08-31 |
3 months | crt.sh |
use.fontawesome.com Cloudflare Inc ECC CA-3 |
2023-10-12 - 2024-10-10 |
a year | crt.sh |
idevcorner.com R3 |
2024-05-27 - 2024-08-25 |
3 months | crt.sh |
*.gstatic.com WR2 |
2024-06-03 - 2024-08-26 |
3 months | crt.sh |
static2.chasecdn.com Entrust Certification Authority - L1M |
2024-04-08 - 2025-04-08 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://plains.cloudns.be/login
Frame ID: 1E198F26321ED5A6DFA0B9E7FB4952CB
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
Sign in - chase.comDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Material Design Lite (Web Frameworks) Expand
Detected patterns
- <link[^>]* href="[^"]*material(?:\.[\w]+-[\w]+)?(?:\.min)?\.css
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Ionicons (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+ionicons(?:\.min)?\.css
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login
plains.cloudns.be/ |
13 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
9 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ionicons.css
cdnjs.cloudflare.com/ajax/libs/ionicons/4.5.5/css/ |
52 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
use.fontawesome.com/releases/v5.13.0/css/ |
57 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v4-shims.css
use.fontawesome.com/releases/v5.13.0/css/ |
26 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-material.css
idevcorner.com/cdn/css/ |
188 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
shreerang-material.css
idevcorner.com/cdn/css/ |
326 KB 32 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
perfect-scrollbar.css
cdnjs.cloudflare.com/ajax/libs/jquery.perfect-scrollbar/1.4.0/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
authentication.css
plains.cloudns.be/assets/CSS/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-white.svg
plains.cloudns.be/img/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/ |
85 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.js
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/js/ |
129 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script_frontend.js
idevcorner.com/cdn/js/ |
3 KB 533 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sidenav.js
idevcorner.com/cdn/js/ |
17 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
background-1.jpeg
plains.cloudns.be/img/Day/ |
488 KB 488 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ionicons.woff2
cdnjs.cloudflare.com/ajax/libs/ionicons/4.5.5/fonts/ |
49 KB 50 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-brands-400.woff2
use.fontawesome.com/releases/v5.13.0/webfonts/ |
75 KB 75 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
script_frontend.js
idevcorner.com/cdn/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chasefavicon.ico
static.chasecdn.com/content/dam/cpo-static/images/ |
31 KB 3 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- idevcorner.com
- URL
- http://idevcorner.com/cdn/js/script_frontend.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Chase (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage function| $ function| jQuery object| bootstrap function| SideNav1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
plains.cloudns.be/ | Name: PHPSESSID Value: de411fd4545d57c89bbcdfc23eb9ad5d |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
idevcorner.com
plains.cloudns.be
static.chasecdn.com
use.fontawesome.com
idevcorner.com
104.17.25.14
162.240.168.222
23.222.16.139
2606:4700:3036::6815:1b98
2a00:1450:4001:808::2003
2a00:1450:4001:810::200a
45.130.231.204
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
19f150cf1e8aefc4674a88255d2f085da4b84b779fc7b75308a43512eb86a8d6
1c395880a354fb46690f8c5c89a9c7ea9b19e6de637f6736370b93e4d041e43e
2d02d165cb720aec2fde78a93113a459729e0503951353f719076bc5b4a7a845
2d9913a0cc8a5804e861b9f6589443a67b22e652cc7a3b599850abb95cc057ad
31361db9d38026e3ed85a2bc7f71148e3e91fbbe41539357fddac9670de33a77
406ed1bddec46761296968983c8c3ceabf4238ef7c4d3e65eca6a4c443fb0367
5d9190292acdd48ba0fc35080f7e7448f3cdf0d79199a4d23f0f49b5341fdf29
5db4371141d3ca5d533912e3ae1133c9f26d8dc34b09bb8d5087a2b8666a804b
625816f80596303e9de8e68695973369faa462b416202825b03899c781464fb9
7b6508c9e8e04de8ebfec5de2ce1c4303bc46a0a279283eff7e248c1c900a91b
876d023d9d10c97941b80c3b03e2a5b94631ff7a4af9cee5604a6a2d39718d84
8e6aca61ef7ae907707da4e2eab6e98cd4b3d80e0996adaee6b3fcb627ee5a1f
8eff9b0b7084b22e3a7d415bb7d13679745b635d4158e664aef5cc89c3895d25
a65d5b4abb65aad37f302c96f1751362e2422a8869f7f889112556d77e384813
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b47ab02133f6d6b98efa31588b443a9ff9f8a7d2ebb0af0a95f203033b97c720
c0ded025aa80c10d37920521c8de04536a6145d0e42eb4186c57b412fa50eb45
d3f4104957e76483acba4180738253208fd8d4d81c64931244860514af502b82
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615