dar-tunisia.com
Open in
urlscan Pro
46.105.57.169
Malicious Activity!
Public Scan
Effective URL: https://dar-tunisia.com/.app/secure/signin?country.x=US&locale.x=en_US
Submission: On August 14 via manual from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on July 8th 2019. Valid for: 3 months.
This is the only time dar-tunisia.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 54.165.156.139 54.165.156.139 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
1 | 2606:4700::68... 2606:4700::6813:c597 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 9 | 46.105.57.169 46.105.57.169 | 16276 (OVH) (OVH) | |
10 | 3 |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-165-156-139.compute-1.amazonaws.com
url-shortener-fcc-.glitch.me |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com |
ASN16276 (OVH, FR)
PTR: cluster020.hosting.ovh.net
dar-tunisia.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
dar-tunisia.com
1 redirects
dar-tunisia.com |
102 KB |
2 |
glitch.me
1 redirects
url-shortener-fcc-.glitch.me |
5 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
3 KB |
10 | 3 |
Domain | Requested by | |
---|---|---|
9 | dar-tunisia.com |
1 redirects
url-shortener-fcc-.glitch.me
dar-tunisia.com |
2 | url-shortener-fcc-.glitch.me | 1 redirects |
1 | cdnjs.cloudflare.com |
url-shortener-fcc-.glitch.me
|
10 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
glitch.com Amazon |
2019-01-20 - 2020-02-20 |
a year | crt.sh |
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-08-10 - 2020-02-16 |
6 months | crt.sh |
dar-tunisia.com Let's Encrypt Authority X3 |
2019-07-08 - 2019-10-06 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://dar-tunisia.com/.app/secure/signin?country.x=US&locale.x=en_US
Frame ID: F806B4C6FDCEB7CFAFB0A15B07B2A2AC
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://url-shortener-fcc-.glitch.me/ycsFapj/ Page URL
-
https://url-shortener-fcc-.glitch.me/ycsFapj/
HTTP 302
https://dar-tunisia.com/.app/secure/?ID=myaccountsettings&verf=onlineid&cookies=LMAOBIATCH HTTP 302
https://dar-tunisia.com/.app/secure/signin?country.x=US&locale.x=en_US Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://url-shortener-fcc-.glitch.me/ycsFapj/ Page URL
-
https://url-shortener-fcc-.glitch.me/ycsFapj/
HTTP 302
https://dar-tunisia.com/.app/secure/?ID=myaccountsettings&verf=onlineid&cookies=LMAOBIATCH HTTP 302
https://dar-tunisia.com/.app/secure/signin?country.x=US&locale.x=en_US Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
url-shortener-fcc-.glitch.me/ycsFapj/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bowser.min.js
cdnjs.cloudflare.com/ajax/libs/bowser/1.9.4/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
signin
dar-tunisia.com/.app/secure/ Redirect Chain
|
36 KB 21 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
signin.css
dar-tunisia.com/.app/secure/cazanova/res/ |
14 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
dar-tunisia.com/.app/secure/cazanova/res/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.browser.min.js
dar-tunisia.com/.app/secure/cazanova/res/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
signin.js
dar-tunisia.com/.app/secure/cazanova/res/ |
43 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
api.php
dar-tunisia.com/.app/secure/cazanova/paypal/ |
0 262 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logoDesktop.svg
dar-tunisia.com/.app/secure/cazanova/res/img/ |
26 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xArial.woff2
dar-tunisia.com/.app/secure/cazanova/res/ |
22 KB 22 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| Zobtvisxlpsmus74a1akhu string| Kobtvisxlpsmus74a1akhu object| Fobtvisxlpsmus74a1akhu function| X_0x56ae function| _0x2d8f05 function| _0x2bb25a function| _0x2492de function| _0x5be702 function| _0x2dc776 function| Bobtvisxlpsmus74a1akhu function| Xobtvisxlpsmus74a1akhu function| _0x1a026c string| csrf_token function| $ function| jQuery object| jQBrowser object| H_0x87eb function| H_0x51bd function| _0x3763bd function| _0x54e1cf function| _0x6de764 function| _0x5f2ccf function| _0x3fa3fa function| _0x1478a62 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
dar-tunisia.com/ | Name: SERVERID585 Value: 2020130|XVQn3|XVQn3 |
|
dar-tunisia.com/ | Name: zPayPal_2018 Value: 9f292efdb62fa0b2cf3747b917b75773 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
dar-tunisia.com
url-shortener-fcc-.glitch.me
2606:4700::6813:c597
46.105.57.169
54.165.156.139
12e11d5baf59bf859e6b2de7c5cd9a37155fa9f818d571869b0c158e060e461b
1e72885838cf46833f0e4efb6cd6ec917cbdfc7815aa712f02e245d37e383bd4
2634687f169d9f69fceb86aed9b9a81c038f537ead7fba8c02f16448debbeec1
427c9aa590fd8e186f0c345a918e6844948fb2668ebb83300e123ceb9077b01c
892fcc249b9b0fd6e8727741d21d5cdd5474238327ba116308b5dfad6ddfd1bd
abbb2e12cd0ed8bdac3efa43bfc2658c49c2bcd29d0003f2eee6a6e2ee018490
b52f6b6011741e76cefa2be41164bbc9b33bba334b9ad15b03abad37b609d983
beabd80773a4dc7327ac6864d464aac8c38538a3183d8fb049dbb07472dde32d
d91af98c557aa0e851eb8f780fe2426ea89beb5da4df457407d99cd81da15d83
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855