paginasmx.com
Open in
urlscan Pro
192.185.141.244
Malicious Activity!
Public Scan
Effective URL: https://paginasmx.com/old/index.php
Submission: On August 17 via manual from IN
Summary
TLS certificate: Issued by R3 on August 17th 2021. Valid for: 3 months.
This is the only time paginasmx.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:10:... 2606:4700:10::6816:e8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 192.185.141.244 192.185.141.244 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
2 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:82a::200a | 15169 (GOOGLE) (GOOGLE) | |
14 | 4 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-141-244.unifiedlayer.com
paginasmx.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
paginasmx.com
paginasmx.com |
401 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
31 KB |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
1 |
jquery.com
code.jquery.com |
33 KB |
1 |
cutt.ly
1 redirects
cutt.ly |
484 B |
14 | 5 |
Domain | Requested by | |
---|---|---|
10 | paginasmx.com |
paginasmx.com
|
2 | maxcdn.bootstrapcdn.com |
paginasmx.com
|
1 | ajax.googleapis.com |
paginasmx.com
|
1 | code.jquery.com |
paginasmx.com
|
1 | cutt.ly | 1 redirects |
14 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.paginasmx.com R3 |
2021-08-17 - 2021-11-15 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-03-01 - 2022-02-28 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-07-12 - 2021-10-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://paginasmx.com/old/index.php
Frame ID: A6F7CE98B9D06187AAAE6EF99582B613
Requests: 14 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://cutt.ly/qQVPlYx
HTTP 301
https://paginasmx.com/old/index.php Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
- script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://cutt.ly/qQVPlYx
HTTP 301
https://paginasmx.com/old/index.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.php
paginasmx.com/old/ Redirect Chain
|
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
shakeppfl.css
paginasmx.com/old/jinku/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
code.jquery.com/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquert7.js
paginasmx.com/old/jinku/ |
85 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.4.0/css/ |
119 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.4.0/js/ |
37 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
side2.png
paginasmx.com/old/jinku/ |
52 KB 53 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
run.png
paginasmx.com/old/jinku/ |
50 KB 51 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
side1.png
paginasmx.com/old/jinku/ |
49 KB 50 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
side3.png
paginasmx.com/old/jinku/ |
73 KB 73 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
side4.png
paginasmx.com/old/jinku/ |
52 KB 52 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
soide1.png
paginasmx.com/old/jinku/ |
50 KB 50 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
leadhoom.png
paginasmx.com/old/jinku/ |
31 KB 31 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| formatAMPM0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
code.jquery.com
cutt.ly
maxcdn.bootstrapcdn.com
paginasmx.com
192.185.141.244
2001:4de0:ac18::1:a:1a
2606:4700:10::6816:e8
2606:4700::6812:acf
2a00:1450:4001:82a::200a
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1f429f4e2829515fb4ff9b67d875c2d023f08610e15a049ac0976715dd02182a
32829b30796de2dca89ffc0ac469f5789feba70ba94301202dd5d52ff4a55cf1
387e2eaa68dbdd9f8e42c82099cdf8a8d594b71e07810f3a7337989023e25770
418019d168be0b2926def4bccd3f573c79489a736cb12b8277ec6ef423819582
4b940065e2a67c37e3bd02b23c651f4744a3c219aba2d4fb99a631113494d376
909ae563eb34f7e4285a3a643ab5d7c21c5e6a80f3f455b949ac45f08d0389b4
9d65a2723cb391bb30084a73addd71eed842868db177658892af4c4f0d864258
b8953f2ea0efd62e46e65782785223b47e185e90b076fd5f35659be1498061af
ba637cdcb265213c86f775d0e251aa33ea0dc87507ff978f98ecbc3d6b916253
cde06417c052690cbfb2ece45e40f88bec9d5747649d2dcef209f510a57f13b8
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
e9b4fe843eda020b02e3cc8298903e9b3e64c96e5e88307ab07ae666681a396e
f11be9462b7e9a3674af7da5703bd38de9ea871846d4e3d12cd3871cc61b62e8