emega.lk
Open in
urlscan Pro
103.108.220.11
Malicious Activity!
Public Scan
Effective URL: https://emega.lk/.well-known/custom/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.17742564...
Submission: On July 17 via api from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 10th 2019. Valid for: 3 months.
This is the only time emega.lk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: LinkedIn (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 7 | 103.108.220.11 103.108.220.11 | 133295 (WEBWERKS-...) (WEBWERKS-AS Web Werks India Pvt Ltd) | |
1 | 2a00:1450:400... 2a00:1450:4001:808::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
8 | 3 |
ASN133295 (WEBWERKS-AS Web Werks India Pvt Ltd, IN)
PTR: triumph.herosite.pro
emega.lk |
ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
emega.lk
1 redirects
emega.lk |
24 KB |
1 |
googleapis.com
ajax.googleapis.com |
29 KB |
0 |
smallenvelop.com
Failed
smallenvelop.com Failed |
|
8 | 3 |
Domain | Requested by | |
---|---|---|
7 | emega.lk |
1 redirects
emega.lk
|
1 | ajax.googleapis.com |
emega.lk
|
0 | smallenvelop.com Failed |
emega.lk
|
8 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
emega.lk cPanel, Inc. Certification Authority |
2019-07-10 - 2019-10-08 |
3 months | crt.sh |
*.googleapis.com Google Internet Authority G3 |
2019-06-18 - 2019-09-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://emega.lk/.well-known/custom/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=
Frame ID: ECFCFDD5267C5E14D790FBDC15A9DEA8
Requests: 8 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://emega.lk/.well-known/custom/index.php
HTTP 302
https://emega.lk/.well-known/custom/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13Inbox... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
LiteSpeed (Web Servers) Expand
Detected patterns
- headers server /^LiteSpeed$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://emega.lk/.well-known/custom/index.php
HTTP 302
https://emega.lk/.well-known/custom/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.php
emega.lk/.well-known/custom/ Redirect Chain
|
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
k1.png
emega.lk/.well-known/custom/images/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
k2.png
emega.lk/.well-known/custom/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
k3.png
emega.lk/.well-known/custom/images/ |
839 B 903 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
k4.png
emega.lk/.well-known/custom/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kgs.png
emega.lk/.well-known/custom/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Preloader_11.gif
smallenvelop.com/wp-content/uploads/2014/08/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- smallenvelop.com
- URL
- https://smallenvelop.com/wp-content/uploads/2014/08/Preloader_11.gif
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: LinkedIn (Social Network)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
emega.lk
smallenvelop.com
smallenvelop.com
103.108.220.11
2a00:1450:4001:808::200a
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
4053c674ee1dce5894c12cadc365471912bd90916136543b5a527cdbd72974b5
5c9e5d9fe1ec861530da2cfd6cb994de82b6148785947ca9a0711c971f8e69bd
72add95776b81cdbfbe62c768b93dee770b9e48fc121fb6543aaedb4bd5160cb
919da7f0fb42308cdef6af7ca73766cc1dd84ba4fdbdf10ca53147885f52e99c
bcee1bbd530258fe6e5f6d4427e2e08e0fc196cc6d319c351cd84c2ff321bb8a
fd76577da14ba04db136e3e12ed4f148b8b74e275eee67e14c8af985392b9405