piclink.me
Open in
urlscan Pro
172.67.138.48
Malicious Activity!
Public Scan
Submission: On July 02 via api from US — Scanned from DE
Summary
TLS certificate: Issued by WE1 on June 17th 2024. Valid for: 3 months.
This is the only time piclink.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Cash App (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 11 | 172.67.138.48 172.67.138.48 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42:600... 2a04:4e42:600::649 | 54113 (FASTLY) (FASTLY) | |
1 | 2a00:1450:400... 2a00:1450:4001:813::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:831::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4860:480... 2001:4860:4802:32::36 | 15169 (GOOGLE) (GOOGLE) | |
2 | 54.231.134.88 54.231.134.88 | 16509 (AMAZON-02) (AMAZON-02) | |
16 | 6 |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com
s3.amazonaws.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
piclink.me
1 redirects
piclink.me |
313 KB |
2 |
amazonaws.com
s3.amazonaws.com |
69 KB |
1 |
google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2355 |
|
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 83 |
790 B |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 81 |
108 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 816 |
31 KB |
16 | 6 |
Domain | Requested by | |
---|---|---|
11 | piclink.me |
1 redirects
piclink.me
|
2 | s3.amazonaws.com |
piclink.me
|
1 | region1.google-analytics.com |
www.googletagmanager.com
|
1 | fonts.googleapis.com |
piclink.me
|
1 | www.googletagmanager.com |
piclink.me
|
1 | code.jquery.com |
piclink.me
|
16 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.instagram.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
piclink.me WE1 |
2024-06-17 - 2024-09-15 |
3 months | crt.sh |
*.jquery.com Sectigo ECC Domain Validation Secure Server CA |
2024-06-25 - 2025-06-25 |
a year | crt.sh |
*.google-analytics.com WR2 |
2024-06-13 - 2024-09-05 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-06-13 - 2024-09-05 |
3 months | crt.sh |
s3.amazonaws.com Amazon RSA 2048 M01 |
2024-05-25 - 2025-05-02 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://piclink.me/Pornostar46
Frame ID: 8661469D2F18CC1744EC1929C423427E
Requests: 14 HTTP requests in this frame
Frame:
https://piclink.me/cdn-cgi/challenge-platform/h/g/scripts/jsd/d2a97f6b6ec9/main.js
Frame ID: 9F53E3F8BBD1C5D4D446214EB433D363
Requests: 2 HTTP requests in this frame
Screenshot
Detected technologies
Google Analytics (Analytics) ExpandDetected patterns
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 11- https://piclink.me/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://piclink.me/cdn-cgi/challenge-platform/h/g/scripts/jsd/d2a97f6b6ec9/main.js
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
Pornostar46
piclink.me/ |
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.2.min.js
code.jquery.com/ |
88 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
profile.css
piclink.me/css/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
315 KB 108 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
piclink_logo.png
piclink.me/images/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
new_instagram_logo.svg
piclink.me/images/ |
758 B 758 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
website_icon.svg
piclink.me/images/icons_old/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
745 B 790 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 0 |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
66829d91058bf-66829d91058c1.jpg
piclink.me/uploads/profile/ |
289 KB 290 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
CashMarket-MediumRounded.woff2
s3.amazonaws.com/franklin-assets/static/fonts/cash-market/v2/ |
35 KB 36 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
CashMarket-RegularRounded.woff2
s3.amazonaws.com/franklin-assets/static/fonts/cash-market/v2/ |
33 KB 33 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
piclink.me/cdn-cgi/challenge-platform/h/g/scripts/jsd/d2a97f6b6ec9/ Frame 9F53 Redirect Chain
|
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
89d0d245bead22b8
piclink.me/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 9F53 |
0 667 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Roboto-Regular.ttf
piclink.me/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
piclink.me/ |
1 KB 839 B |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Cash App (Banking)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 undefined| event object| fence object| sharedStorage function| $ function| jQuery object| google_tag_manager object| google_tag_data object| dataLayer function| gtag function| onYouTubeIframeAPIReady object| gaGlobal function| saveClick4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.piclink.me/ | Name: _ga_NC9NTB1ZP8 Value: GS1.1.1719946226.1.0.1719946226.0.0.0 |
|
.piclink.me/ | Name: _ga Value: GA1.1.712511112.1719946227 |
|
.piclink.me/ | Name: _gcl_au Value: 1.1.1757604017.1719946227 |
|
.piclink.me/ | Name: cf_clearance Value: fYCu1rqIV6zyx_sMHvh4gwmtoba9WLvWEjfAGjLLUyM-1719946227-1.0.1.1-jkBcrs1wtlh..RUxODqPKv1sBV1lz3YdPXuZ7j4I1NCbJG7WMMRzSIkREy5WUeHpkH19fXRhJ1ohdv1BqFi0.g |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
fonts.googleapis.com
piclink.me
region1.google-analytics.com
s3.amazonaws.com
www.googletagmanager.com
172.67.138.48
2001:4860:4802:32::36
2a00:1450:4001:813::2008
2a00:1450:4001:831::200a
2a04:4e42:600::649
54.231.134.88
0a90567ec75a49509d980e7a966aa204dec690066ed8f3b7eb9c6b9dc3442fe5
1e8c35510c5fe13315cae05d4d1ef15f86f9bee39883993b1cccc130eb73cab1
32ce0116ec544d7c3a3f10163fabb110f4c8e49be67489b60957badd5acc8bc3
343f71af1258961d2f015ff6c3fcc66d0154431579889e4ce3ec4bb6d38fb775
42a7895d938fe5e8e070497f90571c691157db68e31a2bc51c428b540eb8bb6f
77dde7869882c51c65411be4a01467fd84bc567ca2ad28c5bb0a9eeda473d17e
8bb6f886ceaf30e398394c76802f2d73d5633e0db8a45f62797d8a0afa106f27
9f6bef2de174d21395c9e7a8ef6fe7f19c0848558526f1cbe52cbb5ac7fdb9c0
b29ef570bc5a3d944dec95c7121cad55e23e05fe58e4566529189d57853348b7
befcccb86cf6fc4fac5e45eeb2c99dba765b43f55a377f5e3fb23a17113603d0
da4ad864a87ffcf71c851b5df87f95cb242867f7b711cae4c6133cc9cc0048f0
de531e5c7be5d41643ca0ca0eda3794751eb52275c95a774da8df60ef8729b3b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fcc9f5f71f094794a2a7378ee175a412e357c012abeceee939a518ed4d5b2784