ads-dsas.site
Open in
urlscan Pro
2606:4700:3035::ac43:af36
Malicious Activity!
Public Scan
Effective URL: https://ads-dsas.site/
Submission: On June 23 via api from US — Scanned from CA
Summary
TLS certificate: Issued by E5 on June 13th 2024. Valid for: 3 months.
This is the only time ads-dsas.site was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 149.56.21.31 149.56.21.31 | 16276 (OVH) (OVH) | |
1 7 | 2606:4700:303... 2606:4700:3035::ac43:af36 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 3 | 2606:4700::68... 2606:4700::6811:2b8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
ads-dsas.site
1 redirects
ads-dsas.site |
13 KB |
3 |
cloudflare.com
1 redirects
challenges.cloudflare.com — Cisco Umbrella Rank: 4311 |
14 KB |
1 |
adversitingmind.com
1 redirects
adversitingmind.com |
403 B |
8 | 3 |
Domain | Requested by | |
---|---|---|
7 | ads-dsas.site |
1 redirects
ads-dsas.site
|
3 | challenges.cloudflare.com |
1 redirects
ads-dsas.site
challenges.cloudflare.com |
1 | adversitingmind.com | 1 redirects |
8 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ads-dsas.site E5 |
2024-06-13 - 2024-09-11 |
3 months | crt.sh |
challenges.cloudflare.com Cloudflare Inc ECC CA-3 |
2023-08-18 - 2024-08-17 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://ads-dsas.site/
Frame ID: A03EA198C5B6A44F4A257A8CD1B7F942
Requests: 5 HTTP requests in this frame
Frame:
https://ads-dsas.site/cdn-cgi/challenge-platform/h/b/scripts/jsd/c7e29c8c8b6e/main.js
Frame ID: 3E82AFE080B9C54BF9898F13C69E03A3
Requests: 2 HTTP requests in this frame
Frame:
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/uhmyz/0x4AAAAAAAbRScxTwZbmID36/light/normal
Frame ID: 281DFBF97C2AE86FB158DD1625D5DA79
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
MicrosoftPage URL History Show full URLs
-
https://adversitingmind.com/
HTTP 303
https://ads-dsas.site/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://adversitingmind.com/
HTTP 303
https://ads-dsas.site/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP 302
- https://challenges.cloudflare.com/turnstile/v0/b/c7e29c8c8b6e/api.js
- https://ads-dsas.site/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://ads-dsas.site/cdn-cgi/challenge-platform/h/b/scripts/jsd/c7e29c8c8b6e/main.js
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
ads-dsas.site/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index.css
ads-dsas.site/css/ |
80 B 530 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
api.js
challenges.cloudflare.com/turnstile/v0/b/c7e29c8c8b6e/ Redirect Chain
|
42 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
ads-dsas.site/assets-hotmail/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
ads-dsas.site/cdn-cgi/challenge-platform/h/b/scripts/jsd/c7e29c8c8b6e/ Frame 3E82 Redirect Chain
|
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/uhmyz/0x4AAAAAAAbRScxTwZbmID36/light/ Frame 281D |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
ads-dsas.site/assets-hotmail/images/ |
17 KB 4 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
8982394e6b81a1d8
ads-dsas.site/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 3E82 |
0 687 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 undefined| event object| fence object| sharedStorage function| onloadTurnstileCallback object| turnstile2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
adversitingmind.com/ | Name: cloakup_session Value: dbf4991c87c80a929ed9fe277c4d8a35 |
|
.ads-dsas.site/ | Name: cf_clearance Value: BMVm3ijObXt4NM2g.S_Ir5GlqFxsc.DKjOVTCyB8nbw-1719122072-1.0.1.1-Pts5Tbs9_z4R7Mo6CAfqfsfe0oTBOEISee66FvhdnHe8yUxNlgVgta3paB4MFYyOc9ZM49J4x2d32O9bHJbWxg |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ads-dsas.site
adversitingmind.com
challenges.cloudflare.com
149.56.21.31
2606:4700:3035::ac43:af36
2606:4700::6811:2b8
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
21442a858ab2b5328f06053aa746f96462524b4ce437d2fbafb5ec625d4a3a9d
2600793f03df90dbf991bba8718eb5a9703b28466a6fe011aed5c889a1104562
5228e53dfd3ff964a41503371f253a9ddca168a851ea446e3534313477073bf1
9b4c1628faa7066bc3838cfc26d27ede6a7ec492e0b1753172f2fff843d53729
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fdf9b58fcf84b6c75c42ba56855fb02e0a990771aa1932c18a0fa73ef640000a