falmec.pro
Open in
urlscan Pro
2a03:6f00:1::5c35:6071
Malicious Activity!
Public Scan
Effective URL: http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e
Submission: On July 27 via automatic, source openphish — Scanned from DE
Summary
This is the only time falmec.pro was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Discover (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 111.68.108.200 111.68.108.200 | 45773 (HECPERN-A...) (HECPERN-AS-PK PERN AS Content Servie Provider) | |
3 6 | 2a03:6f00:1::... 2a03:6f00:1::5c35:6071 | 9123 (TIMEWEB-AS) (TIMEWEB-AS) | |
8 | 23.212.220.180 23.212.220.180 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
14 | 4 |
ASN45773 (HECPERN-AS-PK PERN AS Content Servie Provider, Islamabad, Pakistan, PK)
PTR: szabist.edu.pk
www.szabist.edu.pk |
ASN16625 (AKAMAI-AS, US)
PTR: a23-212-220-180.deploy.static.akamaitechnologies.com
portal.discover.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
discover.com
portal.discover.com — Cisco Umbrella Rank: 45439 |
238 KB |
6 |
falmec.pro
3 redirects
falmec.pro |
19 KB |
2 |
szabist.edu.pk
1 redirects
www.szabist.edu.pk |
735 B |
14 | 3 |
Domain | Requested by | |
---|---|---|
8 | portal.discover.com |
falmec.pro
portal.discover.com |
6 | falmec.pro |
3 redirects
falmec.pro
|
2 | www.szabist.edu.pk | 1 redirects |
14 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.fdic.gov |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.szabist.edu.pk R3 |
2023-06-08 - 2023-09-06 |
3 months | crt.sh |
www.discovercard.com DigiCert EV RSA CA G2 |
2023-03-15 - 2024-04-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e
Frame ID: E755634E5B551F4DC200F50CC3C04055
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
Credit Card Login | Discover CardPage URL History Show full URLs
-
http://www.szabist.edu.pk/wp-admin/user/discoverlkre33232/
HTTP 303
https://www.szabist.edu.pk/wp-admin/user/discoverlkre33232/ Page URL
-
http://falmec.pro/admin/language/en-gb/newdiscovercard/
HTTP 302
http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+ HTTP 301
http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/ HTTP 302
http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e Page URL
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.szabist.edu.pk/wp-admin/user/discoverlkre33232/
HTTP 303
https://www.szabist.edu.pk/wp-admin/user/discoverlkre33232/ Page URL
-
http://falmec.pro/admin/language/en-gb/newdiscovercard/
HTTP 302
http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+ HTTP 301
http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/ HTTP 302
http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://www.szabist.edu.pk/wp-admin/user/discoverlkre33232/ HTTP 303
- https://www.szabist.edu.pk/wp-admin/user/discoverlkre33232/
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
www.szabist.edu.pk/wp-admin/user/discoverlkre33232/ Redirect Chain
|
366 B 489 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
sisclog.htm
falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/ Redirect Chain
|
33 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.min.css
portal.discover.com/global/public/css/ |
241 KB 38 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
at-top-v2-public.min.js
portal.discover.com/global/public/scripts/ |
142 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-logout.min.css
portal.discover.com/applications/login-logout/css/ |
63 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
discover-logo.png
portal.discover.com/global/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-spyglass.png
portal.discover.com/global/images/ |
443 B 925 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Site_marketing_LRG_at.jpg
portal.discover.com/applications/login-logout/images/ |
49 KB 50 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Site_marketing_SML_at.png
portal.discover.com/applications/login-logout/images/ |
32 KB 32 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sisclog.htm
falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/ |
33 KB 6 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sisclog.htm
falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/ |
33 KB 6 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utility-icons.png
portal.discover.com/global/images/ |
57 KB 58 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
MetaWebPro-Bold.woff
portal.discover.com/global/public/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
MetaWebPro-Normal.woff
portal.discover.com/global/public/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- portal.discover.com
- URL
- https://portal.discover.com/global/public/fonts/MetaWebPro-Bold.woff
- Domain
- portal.discover.com
- URL
- https://portal.discover.com/global/public/fonts/MetaWebPro-Normal.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Discover (Financial)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| targetPageParams object| discover object| adobe0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
falmec.pro
portal.discover.com
www.szabist.edu.pk
portal.discover.com
111.68.108.200
23.212.220.180
2a03:6f00:1::5c35:6071
0a1d0cc413f2522b27f1b4ec61179cc2c8d33eb76c510b544b82328099e0ab29
1b5f430ee27eea9c1c08083a2e9a0988c04c98980d77687aebb65d200a96ba98
21c79af7cc321d8e83d669535265ef5df2201aad735b3f2a56c7c4267723b302
2c368b494568114802e37bb3940d7f2763cb4a5e1424403460cb3710442d6125
2db69f6449c7af1fea4eb4e443260844c42a6f246e9f85e9ac42884488bb78c4
7cf5c6cb2fe80643a79bc224ebac820a3fed07e1fab03673678aa51f56c05288
90ff61e1180bef924c563843bba2edc5f5e726c8f7495e896d99765aadb72d74
9407c28cd67bb26799629f4dd6c069ca85cda2c40d3c37145f916b155dafa137
9c383f5acb7e1dea10399a724d7f8964261bcd0deb9d81c0a1df94653c153eda
e2f6f6704c01413b70fc18956eff4cb953c7fee3496f167261a913338f456320