screen-cleanerr.blogspot.com
Open in
urlscan Pro
216.58.212.161
Malicious Activity!
Public Scan
Effective URL: https://screen-cleanerr.blogspot.com/?s1=OTW-Gazza
Submission: On November 26 via manual from FI — Scanned from FI
Summary
TLS certificate: Issued by GTS CA 1C3 on November 2nd 2022. Valid for: 3 months.
This is the only time screen-cleanerr.blogspot.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 172.67.8.238 172.67.8.238 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 216.58.212.161 216.58.212.161 | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.250.186.42 142.250.186.42 | 15169 (GOOGLE) (GOOGLE) | |
1 | 108.138.17.19 108.138.17.19 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 142.250.184.238 142.250.184.238 | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.250.185.202 142.250.185.202 | 15169 (GOOGLE) (GOOGLE) | |
4 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 142.250.181.225 142.250.181.225 | 15169 (GOOGLE) (GOOGLE) | |
1 | 18.66.121.17 18.66.121.17 | 16509 (AMAZON-02) (AMAZON-02) | |
5 | 52.222.206.3 52.222.206.3 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 46.105.201.240 46.105.201.240 | 16276 (OVH) (OVH) | |
1 | 192.99.13.63 192.99.13.63 | 16276 (OVH) (OVH) | |
23 | 11 |
ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f1.1e100.net
screen-cleanerr.blogspot.com |
ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f10.1e100.net
fonts.googleapis.com |
ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-19.fra56.r.cloudfront.net
www.launchaco.com |
ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f14.1e100.net
apis.google.com |
ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f10.1e100.net
ajax.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f1.1e100.net
blogger.googleusercontent.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-121-17.fra60.r.cloudfront.net
d1j9qsxe04m2ki.cloudfront.net |
ASN16509 (AMAZON-02, US)
PTR: server-52-222-206-3.fra56.r.cloudfront.net
dwmsurhf1svv8.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
cloudfront.net
d1j9qsxe04m2ki.cloudfront.net dwmsurhf1svv8.cloudfront.net |
24 KB |
4 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 993 |
114 KB |
3 |
googleusercontent.com
blogger.googleusercontent.com — Cisco Umbrella Rank: 14143 |
182 KB |
3 |
blogspot.com
screen-cleanerr.blogspot.com |
15 KB |
2 |
histats.com
s10.histats.com — Cisco Umbrella Rank: 14615 s4.histats.com — Cisco Umbrella Rank: 11554 |
5 KB |
2 |
google.com
apis.google.com — Cisco Umbrella Rank: 169 |
71 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 93 ajax.googleapis.com — Cisco Umbrella Rank: 414 |
97 KB |
1 |
launchaco.com
www.launchaco.com |
14 KB |
1 |
cutt.ly
1 redirects
cutt.ly — Cisco Umbrella Rank: 64350 |
384 B |
23 | 9 |
Domain | Requested by | |
---|---|---|
5 | dwmsurhf1svv8.cloudfront.net |
d1j9qsxe04m2ki.cloudfront.net
|
4 | maxcdn.bootstrapcdn.com |
screen-cleanerr.blogspot.com
maxcdn.bootstrapcdn.com |
3 | blogger.googleusercontent.com |
screen-cleanerr.blogspot.com
|
3 | screen-cleanerr.blogspot.com |
screen-cleanerr.blogspot.com
|
2 | apis.google.com |
screen-cleanerr.blogspot.com
apis.google.com |
1 | s4.histats.com |
s10.histats.com
|
1 | s10.histats.com |
screen-cleanerr.blogspot.com
|
1 | d1j9qsxe04m2ki.cloudfront.net |
screen-cleanerr.blogspot.com
|
1 | ajax.googleapis.com |
screen-cleanerr.blogspot.com
|
1 | www.launchaco.com |
screen-cleanerr.blogspot.com
|
1 | fonts.googleapis.com |
screen-cleanerr.blogspot.com
|
1 | cutt.ly | 1 redirects |
23 | 12 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.blogger.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
misc-sni.blogspot.com GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
www.launchaco.com Amazon |
2021-11-19 - 2022-12-18 |
a year | crt.sh |
*.apis.google.com GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-01-29 - 2023-01-29 |
a year | crt.sh |
*.googleusercontent.com GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
*.cloudfront.net Amazon |
2022-02-01 - 2023-01-31 |
a year | crt.sh |
histats.com R3 |
2022-09-30 - 2022-12-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://screen-cleanerr.blogspot.com/?s1=OTW-Gazza
Frame ID: E8F2CBF605B1245736807241C8CB0489
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
⭐️Congratulations⭐️CONGRATULATIONS!!!Page URL History Show full URLs
-
https://cutt.ly/51ejp9I
HTTP 301
https://screen-cleanerr.blogspot.com/?s1=OTW-Gazza Page URL
Detected technologies
Blogger (Blogs) ExpandDetected patterns
- ^https?://[^/]+\.(?:blogspot|blogger)\.com
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Google Plus (Widgets) Expand
Detected patterns
- apis\.google\.com/js/[a-z]*\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Lisätietoja
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://cutt.ly/51ejp9I
HTTP 301
https://screen-cleanerr.blogspot.com/?s1=OTW-Gazza Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
screen-cleanerr.blogspot.com/ Redirect Chain
|
15 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 974 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AllTemplates.min.css
www.launchaco.com/static/ |
65 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
plusone.js
apis.google.com/js/ |
54 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.1/ |
95 KB 96 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ |
36 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FrightenedAffectionateAlleycat-size_restricted.gif
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_ZhA2UtmjTttx4Ox7xRR84VBiYkUrBAgtlNY809nUk-BDekynjtg_naitCwr8dtn-Rw_jcp-MjiCBs7__7b3vJsVsCMVX8Q1aCl9YO-eGaKdpkyrjkCFz6Lu336GhDcpxN7Q8y8MjHcbPR32i... |
36 KB 36 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Screenshot_194.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2iLEW6QdRpiAvsMTUwXIMpdniA1KQLVrPx0naUIZL7H4JYsW399b7C8pZkG6f9SD6lm6Ah37_HoIc-xZyRUUdWIh7vFJz_DZWSFyZQxzBIkW1TxTYPcwVAvNCRZdszt-YKsxvNK7hm4-GH-BJ... |
88 KB 89 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Untitled.gif
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2ujnRbx_t05kzuus1W2BDctaLoFw-FNlPbLXWWXaEqJqMl9WlU0UiZfWfCHAi9rzqWc7q1dVik8rVmZ6oMdhuh57Suz45_iHcfpQ_JaXkMfMyF4MTpepSibir7uxxRw6sYZQVzQqV6Mw9rR0x... |
57 KB 57 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ba42ab6.js
d1j9qsxe04m2ki.cloudfront.net/ |
23 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cookienotice.js
screen-cleanerr.blogspot.com/js/ |
6 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cb=gapi.loaded_0
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.fi.HtSm0zoQFcM.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-roB2fmxUuxFe4uTOwKr3qc0uqaQ/ |
145 KB 50 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
screen-cleanerr.blogspot.com/ |
6 KB 6 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ |
75 KB 76 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
html.2632365.f1fa8.0.js
dwmsurhf1svv8.cloudfront.net/public/external/v2/ |
8 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css_front.css
dwmsurhf1svv8.cloudfront.net/public/external/ |
6 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js15_as.js
s10.histats.com/ |
11 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0.php
s4.histats.com/stats/ |
50 B 184 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
dwmsurhf1svv8.cloudfront.net/public/clockers/CustomButton/ |
1010 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
guid
dwmsurhf1svv8.cloudfront.net/public/ |
0 277 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
check.php
dwmsurhf1svv8.cloudfront.net/public/external/ |
78 B 372 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)42 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| adsbygoogle object| gapi object| ___jsl function| $ function| jQuery object| jQuery112109226471547503503 function| redirectCU function| redirectKK object| CPABUILDSETTINGS object| osapi object| gadgets object| iframer object| __gapi_jstiming__ object| shindig function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| CPABUILDContentLocker number| __cfRLUnblockHandlers function| CPBContentLocker function| CPABuildLock function| CPABuildGetFeedURL function| CPABuildGetIframeURL function| CPABuildGetIframeHTML function| CPABuildUnlock function| CPABuildOfferComplete function| CPABuildOffersComplete function| CPABuildCheckForLead function| og_load function| CPABuildComplete function| call_locker object| _Hasync object| cookieChoices function| chfh function| chfh2 string| _HST_cntval object| Histats object| _HistatsCounterGraphics_0_setValues9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cutt.ly/ | Name: PHPSESSID Value: 58f69l46vfjfom45m6k7s5304k |
|
screen-cleanerr.blogspot.com/ | Name: _cpguid Value: 9hnk9clwv |
|
screen-cleanerr.blogspot.com/ | Name: HstCfa4667300 Value: 1669451770888 |
|
screen-cleanerr.blogspot.com/ | Name: HstCla4667300 Value: 1669451770888 |
|
screen-cleanerr.blogspot.com/ | Name: HstCmu4667300 Value: 1669451770888 |
|
screen-cleanerr.blogspot.com/ | Name: HstPn4667300 Value: 1 |
|
screen-cleanerr.blogspot.com/ | Name: HstPt4667300 Value: 1 |
|
screen-cleanerr.blogspot.com/ | Name: HstCnv4667300 Value: 1 |
|
screen-cleanerr.blogspot.com/ | Name: HstCns4667300 Value: 1 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
apis.google.com
blogger.googleusercontent.com
cutt.ly
d1j9qsxe04m2ki.cloudfront.net
dwmsurhf1svv8.cloudfront.net
fonts.googleapis.com
maxcdn.bootstrapcdn.com
s10.histats.com
s4.histats.com
screen-cleanerr.blogspot.com
www.launchaco.com
104.18.11.207
108.138.17.19
142.250.181.225
142.250.184.238
142.250.185.202
142.250.186.42
172.67.8.238
18.66.121.17
192.99.13.63
216.58.212.161
46.105.201.240
52.222.206.3
000185dec97d1557f9120e173b38877687528b6284d2885cd74017d7bc8941fc
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
2359d383bf2d4ab65ebf7923bdf74ce40e4093f6e58251b395a64034b3c39772
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
3e0ffb2daec3a6a0841661de3a4889c93726a28b57e85088d30efed2ddb7c0ad
501083605727fad6b382d1ec43037a36a12e34d08eed25c42ca90ec089c81fe4
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7dc2f227ba505bac2b5072e117862f9014c1c63b27d58a41a343f5bd350e2a36
875582c70c5cee3cbe075ec14d36d3f94023592de48c23c6f40f46b57bdc6d3a
8944b5851ecb0700e0d60139e6a6911636a742e153caa8120d5f11a8ff59ffd9
988df212c000f1c5b3043b9813ed991815089f0dac63ad094351eb372166f9ff
9ef4a63fc5e0a14a7301d693d65d6acfc44cdf14853c4a20890198f2d5e52e3b
a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de
a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec
acdda309c58c61c79856a3ce0f0aaf4b856eb0e8682e6e557a2d584ad1e110c3
bdecf0171609fc54f6b4ce8c8f03cc67f4fbe8f8e01fa3ef5782c7802e9c9c6a
d8b2e6dd1404aa5d2874a7ba0717c3889e6a03095a62d4d118b4286a3f37fb62
dc0fc6c323f3933f2e5aaddad1f9f46287ed5916e2537ef7583102eb47a4f8c6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c