falmec.pro Open in urlscan Pro
2a03:6f00:1::5c35:6071 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.szabist.edu.pk/wp-admin/user/discoverlkre33232/
Effective URL:
http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e
Submission: On July 27 via automatic, source openphish (July 27th 2023, 2:12:10 pm UTC) — Scanned from DE

Summary HTTP 14 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 14 HTTP transactions. The main IP is 2a03:6f00:1::5c35:6071, located in Russian Federation and belongs to TIMEWEB-AS, RU. The main domain is falmec.pro.

This is the only time falmec.pro was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Discover (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 2	111.68.108.200 111.68.108.200	45773 (HECPERN-A...) (HECPERN-AS-PK PERN AS Content Servie Provider)
3 6	2a03:6f00:1::... 2a03:6f00:1::5c35:6071	9123 (TIMEWEB-AS) (TIMEWEB-AS)
8	23.212.220.180 23.212.220.180	16625 (AKAMAI-AS) (AKAMAI-AS)
14	4

2 111.68.108.200 (Karachi, Pakistan) 1 redirects

ASN45773 (HECPERN-AS-PK PERN AS Content Servie Provider, Islamabad, Pakistan, PK)
PTR: szabist.edu.pk

www.szabist.edu.pk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:6f00:1::5c35:6071 (Russian Federation) 3 redirects

ASN9123 (TIMEWEB-AS, RU)

falmec.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.212.220.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-212-220-180.deploy.static.akamaitechnologies.com

portal.discover.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	discover.com portal.discover.com — Cisco Umbrella Rank: 45439	238 KB
6	falmec.pro 3 redirects falmec.pro	19 KB
2	szabist.edu.pk 1 redirects www.szabist.edu.pk	735 B
14	3

	Domain	Requested by
8	portal.discover.com	falmec.pro portal.discover.com
6	falmec.pro	3 redirects falmec.pro
2	www.szabist.edu.pk	1 redirects
14	3

This site contains links to these domains. Also see Links.

Domain
www.fdic.gov

Subject Issuer	Validity	Valid
www.szabist.edu.pk R3	`2023-06-08` - `2023-09-06`	3 months	crt.sh
www.discovercard.com DigiCert EV RSA CA G2	`2023-03-15` - `2024-04-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e
Frame ID: E755634E5B551F4DC200F50CC3C04055
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Credit Card Login | Discover Card

Page URL History Show full URLs

http://www.szabist.edu.pk/wp-admin/user/discoverlkre33232/ HTTP 303
https://www.szabist.edu.pk/wp-admin/user/discoverlkre33232/ Page URL
http://falmec.pro/admin/language/en-gb/newdiscovercard/ HTTP 302
http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+ HTTP 301
http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/ HTTP 302
http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e Page URL

Page Statistics

14
Requests

64 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

257 kB
Transfer

687 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.fdic.gov/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.szabist.edu.pk/wp-admin/user/discoverlkre33232/ HTTP 303
https://www.szabist.edu.pk/wp-admin/user/discoverlkre33232/ Page URL
http://falmec.pro/admin/language/en-gb/newdiscovercard/ HTTP 302
http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+ HTTP 301
http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/ HTTP 302
http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.szabist.edu.pk/wp-admin/user/discoverlkre33232/ HTTP 303
https://www.szabist.edu.pk/wp-admin/user/discoverlkre33232/

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
www.szabist.edu.pk/wp-admin/user/discoverlkre33232/
Redirect Chain

http://www.szabist.edu.pk/wp-admin/user/discoverlkre33232/
https://www.szabist.edu.pk/wp-admin/user/discoverlkre33232/

366 B
489 B

1266ms
363ms

Document
text/html

111.68.108.200
HECPERN-AS-PK PER...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.szabist.edu.pk/wp-admin/user/discoverlkre33232/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.68.108.200 Karachi, Pakistan, ASN45773 (HECPERN-AS-PK PERN AS Content Servie Provider, Islamabad, Pakistan, PK),
Reverse DNS: szabist.edu.pk
Software: Microsoft-IIS/10.0 / PHP/8.0.23 ASP.NET
Resource Hash: 9c383f5acb7e1dea10399a724d7f8964261bcd0deb9d81c0a1df94653c153eda

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 366
content-type: text/html; charset=UTF-8
date: Thu, 27 Jul 2023 14:12:05 GMT
server: Microsoft-IIS/10.0
x-powered-by: PHP/8.0.23 ASP.NET

Redirect headers

Content-Length: 182
Content-Type: text/html; charset=UTF-8
Date: Thu, 27 Jul 2023 14:12:04 GMT
Location: https://www.szabist.edu.pk/wp-admin/user/discoverlkre33232/
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET

GET
H/1.1

200
OK

Primary Request sisclog.htm Show response
falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/
Redirect Chain

http://falmec.pro/admin/language/en-gb/newdiscovercard/
http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+
http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/
http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e

33 KB
6 KB

71ms
71ms

Document
text/html

2a03:6f00:1::5c35:6071
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e
Protocol: HTTP/1.1
Server: 2a03:6f00:1::5c35:6071 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 1b5f430ee27eea9c1c08083a2e9a0988c04c98980d77687aebb65d200a96ba98

Request headers

Referer: https://www.szabist.edu.pk/wp-admin/user/discoverlkre33232/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Thu, 27 Jul 2023 14:12:06 GMT
ETag: W/"83cb-601659c4ed280"
Last-Modified: Wed, 26 Jul 2023 15:36:26 GMT
Server: nginx/1.22.1
Transfer-Encoding: chunked
Vary: Accept-Encoding

Redirect headers

Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Thu, 27 Jul 2023 14:12:06 GMT
Location: sisclog.htm?ip=2a03:1b20:b:f011::2e
Server: nginx/1.22.1

GET
H/1.1 200
OK common.min.css
portal.discover.com/global/public/css/ 241 KB
38 KB 251ms
51ms Stylesheet
text/css 23.212.220.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://portal.discover.com/global/public/css/common.min.css?rel=5837fg78rt

Requested by

Host: falmec.pro
URL: http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.212.220.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-220-180.deploy.static.akamaitechnologies.com

Software

Resource Hash

2db69f6449c7af1fea4eb4e443260844c42a6f246e9f85e9ac42884488bb78c4

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://falmec.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 08 Oct 2020 12:08:26 GMT
Date: Thu, 27 Jul 2023 14:12:07 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 38029
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK at-top-v2-public.min.js Show response
portal.discover.com/global/public/scripts/ 142 KB
45 KB 252ms
52ms Script
application/javascript 23.212.220.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://portal.discover.com/global/public/scripts/at-top-v2-public.min.js?ver=6745124a56

Requested by

Host: falmec.pro
URL: http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.212.220.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-220-180.deploy.static.akamaitechnologies.com

Software

Resource Hash

7cf5c6cb2fe80643a79bc224ebac820a3fed07e1fab03673678aa51f56c05288

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://falmec.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 26 Jul 2023 05:45:12 GMT
Date: Thu, 27 Jul 2023 14:12:07 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 45069
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK login-logout.min.css
portal.discover.com/applications/login-logout/css/ 63 KB
11 KB 248ms
48ms Stylesheet
text/css 23.212.220.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://portal.discover.com/applications/login-logout/css/login-logout.min.css?rel=5689ert5679

Requested by

Host: falmec.pro
URL: http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.212.220.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-220-180.deploy.static.akamaitechnologies.com

Software

Resource Hash

e2f6f6704c01413b70fc18956eff4cb953c7fee3496f167261a913338f456320

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://falmec.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 22 May 2023 06:47:45 GMT
Date: Thu, 27 Jul 2023 14:12:07 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10793
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK discover-logo.png
portal.discover.com/global/images/ 3 KB
4 KB 46ms
45ms Image
image/png 23.212.220.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://portal.discover.com/global/images/discover-logo.png

Requested by

Host: falmec.pro
URL: http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.212.220.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-220-180.deploy.static.akamaitechnologies.com

Software

Resource Hash

90ff61e1180bef924c563843bba2edc5f5e726c8f7495e896d99765aadb72d74

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://falmec.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Date: Thu, 27 Jul 2023 14:12:07 GMT
Last-Modified: Tue, 12 Dec 2017 07:27:45 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3212
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK icon-spyglass.png
portal.discover.com/global/images/ 443 B
925 B 51ms
51ms Image
image/png 23.212.220.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://portal.discover.com/global/images/icon-spyglass.png

Requested by

Host: falmec.pro
URL: http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.212.220.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-220-180.deploy.static.akamaitechnologies.com

Software

Resource Hash

2c368b494568114802e37bb3940d7f2763cb4a5e1424403460cb3710442d6125

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://falmec.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Date: Thu, 27 Jul 2023 14:12:07 GMT
Last-Modified: Tue, 12 Dec 2017 07:27:53 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 443
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Site_marketing_LRG_at.jpg
portal.discover.com/applications/login-logout/images/ 49 KB
50 KB 64ms
64ms Image
image/jpeg 23.212.220.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://portal.discover.com/applications/login-logout/images/Site_marketing_LRG_at.jpg

Requested by

Host: falmec.pro
URL: http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.212.220.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-220-180.deploy.static.akamaitechnologies.com

Software

Resource Hash

9407c28cd67bb26799629f4dd6c069ca85cda2c40d3c37145f916b155dafa137

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://falmec.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Date: Thu, 27 Jul 2023 14:12:07 GMT
Last-Modified: Mon, 22 May 2023 06:47:41 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 50503
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Site_marketing_SML_at.png
portal.discover.com/applications/login-logout/images/ 32 KB
32 KB 96ms
70ms Image
image/png 23.212.220.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://portal.discover.com/applications/login-logout/images/Site_marketing_SML_at.png

Requested by

Host: falmec.pro
URL: http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.212.220.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-220-180.deploy.static.akamaitechnologies.com

Software

Resource Hash

0a1d0cc413f2522b27f1b4ec61179cc2c8d33eb76c510b544b82328099e0ab29

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://falmec.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Date: Thu, 27 Jul 2023 14:12:07 GMT
Last-Modified: Mon, 22 May 2023 06:47:45 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 32504
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK sisclog.htm Show response
falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/ 33 KB
6 KB 71ms
71ms Script
text/html 2a03:6f00:1::5c35:6071
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e
Requested by: Host: falmec.pro
URL: http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e
Protocol: HTTP/1.1
Server: 2a03:6f00:1::5c35:6071 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 1b5f430ee27eea9c1c08083a2e9a0988c04c98980d77687aebb65d200a96ba98

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 27 Jul 2023 14:12:06 GMT
Content-Encoding: gzip
Last-Modified: Wed, 26 Jul 2023 15:36:26 GMT
Server: nginx/1.22.1
ETag: W/"83cb-601659c4ed280"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Connection: keep-alive

GET
H/1.1 200
OK sisclog.htm
falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/ 33 KB
6 KB 73ms
72ms Stylesheet
text/html 2a03:6f00:1::5c35:6071
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e
Requested by: Host: falmec.pro
URL: http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e
Protocol: HTTP/1.1
Server: 2a03:6f00:1::5c35:6071 , Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 1b5f430ee27eea9c1c08083a2e9a0988c04c98980d77687aebb65d200a96ba98

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 27 Jul 2023 14:12:07 GMT
Content-Encoding: gzip
Last-Modified: Wed, 26 Jul 2023 15:36:26 GMT
Server: nginx/1.22.1
ETag: W/"83cb-601659c4ed280"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Connection: keep-alive

GET
H/1.1 200
OK utility-icons.png
portal.discover.com/global/images/ 57 KB
58 KB 54ms
54ms Image
image/png 23.212.220.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://portal.discover.com/global/images/utility-icons.png

Requested by

Host: portal.discover.com
URL: https://portal.discover.com/global/public/css/common.min.css?rel=5837fg78rt

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.212.220.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-220-180.deploy.static.akamaitechnologies.com

Software

Resource Hash

21c79af7cc321d8e83d669535265ef5df2201aad735b3f2a56c7c4267723b302

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://portal.discover.com/global/public/css/common.min.css?rel=5837fg78rt
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Date: Thu, 27 Jul 2023 14:12:07 GMT
Last-Modified: Tue, 29 Jun 2021 05:49:22 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 58699
X-XSS-Protection: 1; mode=block

GET MetaWebPro-Bold.woff
portal.discover.com/global/public/fonts/ 0
0

GET MetaWebPro-Normal.woff
portal.discover.com/global/public/fonts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: portal.discover.com
URL: https://portal.discover.com/global/public/fonts/MetaWebPro-Bold.woff

Domain: portal.discover.com
URL: https://portal.discover.com/global/public/fonts/MetaWebPro-Normal.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Discover (Financial)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| targetPageParams object| discover object| adobe

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e Message: Access to font at 'https://portal.discover.com/global/public/fonts/MetaWebPro-Normal.woff' from origin 'http://falmec.pro' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://portal.discover.com/global/public/fonts/MetaWebPro-Normal.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://falmec.pro/admin/language/en-gb/newdiscovercard/_+-=+/sisclog.htm?ip=2a03:1b20:b:f011::2e Message: Access to font at 'https://portal.discover.com/global/public/fonts/MetaWebPro-Bold.woff' from origin 'http://falmec.pro' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://portal.discover.com/global/public/fonts/MetaWebPro-Bold.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

falmec.pro
portal.discover.com
www.szabist.edu.pk
portal.discover.com
111.68.108.200
23.212.220.180
2a03:6f00:1::5c35:6071
0a1d0cc413f2522b27f1b4ec61179cc2c8d33eb76c510b544b82328099e0ab29
1b5f430ee27eea9c1c08083a2e9a0988c04c98980d77687aebb65d200a96ba98
21c79af7cc321d8e83d669535265ef5df2201aad735b3f2a56c7c4267723b302
2c368b494568114802e37bb3940d7f2763cb4a5e1424403460cb3710442d6125
2db69f6449c7af1fea4eb4e443260844c42a6f246e9f85e9ac42884488bb78c4
7cf5c6cb2fe80643a79bc224ebac820a3fed07e1fab03673678aa51f56c05288
90ff61e1180bef924c563843bba2edc5f5e726c8f7495e896d99765aadb72d74
9407c28cd67bb26799629f4dd6c069ca85cda2c40d3c37145f916b155dafa137
9c383f5acb7e1dea10399a724d7f8964261bcd0deb9d81c0a1df94653c153eda
e2f6f6704c01413b70fc18956eff4cb953c7fee3496f167261a913338f456320

falmec.pro Open in urlscan Pro 2a03:6f00:1::5c35:6071 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

14 Requests

64 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

4 IPs

3 Countries

257 kBTransfer

687 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

falmec.pro Open in urlscan Pro
2a03:6f00:1::5c35:6071 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

64 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

257 kB
Transfer

687 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!