nirbandevelopments.com
Open in
urlscan Pro
206.190.152.134
Malicious Activity!
Public Scan
Effective URL: https://nirbandevelopments.com/js/centurylink/home/centuty.html
Submission: On November 30 via manual from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 21st 2019. Valid for: 3 months.
This is the only time nirbandevelopments.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: CenturyLink (Telecommunication) Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 203.191.33.96 203.191.33.96 | 17471 (CYBERNET-...) (CYBERNET-BD-AS Grameen Cybernet Ltd. Bangladesh. AS for local peering and transit. Dhaka) | |
8 | 206.190.152.134 206.190.152.134 | 29854 (WESTHOST) (WESTHOST - WestHost) | |
1 | 64.8.70.81 64.8.70.81 | 36271 (SYNACOR-C...) (SYNACOR-CLUSTER - Synacor) | |
1 | 64.8.70.35 64.8.70.35 | 36271 (SYNACOR-C...) (SYNACOR-CLUSTER - Synacor) | |
1 2 | 52.49.100.189 52.49.100.189 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
11 | 4 |
ASN17471 (CYBERNET-BD-AS Grameen Cybernet Ltd. Bangladesh. AS for local peering and transit. Dhaka, BD)
PTR: cpns1.citechco.net
aisedubd.com |
ASN29854 (WESTHOST - WestHost, Inc., US)
PTR: server.hostbari.com
nirbandevelopments.com |
ASN36271 (SYNACOR-CLUSTER - Synacor, Inc., US)
PTR: static.garnet.synacor.com
static.garnet.synacor.com |
ASN36271 (SYNACOR-CLUSTER - Synacor, Inc., US)
PTR: auth.centurylink.net.ent.syn-alias.com
auth.centurylink.net |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-49-100-189.eu-west-1.compute.amazonaws.com
synacor.112.2o7.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
nirbandevelopments.com
nirbandevelopments.com |
256 KB |
2 |
2o7.net
1 redirects
synacor.112.2o7.net |
1022 B |
1 |
centurylink.net
auth.centurylink.net |
12 KB |
1 |
synacor.com
static.garnet.synacor.com |
11 KB |
1 |
aisedubd.com
1 redirects
aisedubd.com |
272 B |
11 | 5 |
Domain | Requested by | |
---|---|---|
8 | nirbandevelopments.com |
nirbandevelopments.com
|
2 | synacor.112.2o7.net |
1 redirects
nirbandevelopments.com
|
1 | auth.centurylink.net |
nirbandevelopments.com
|
1 | static.garnet.synacor.com |
nirbandevelopments.com
|
1 | aisedubd.com | 1 redirects |
11 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.centurylink.com |
secure.centurylink.net |
centurylink.net |
Subject Issuer | Validity | Valid | |
---|---|---|---|
nirbandevelopments.com cPanel, Inc. Certification Authority |
2019-10-21 - 2020-01-19 |
3 months | crt.sh |
web.garnet.synacor.com DigiCert SHA2 High Assurance Server CA |
2019-08-05 - 2021-09-24 |
2 years | crt.sh |
auth.centurylink.net DigiCert SHA2 Secure Server CA |
2018-09-07 - 2020-09-11 |
2 years | crt.sh |
*.112.2o7.net DigiCert SHA2 High Assurance Server CA |
2019-04-23 - 2021-04-27 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://nirbandevelopments.com/js/centurylink/home/centuty.html
Frame ID: EC1688EE3CA3BF75ADD8EACF86E85230
Requests: 11 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://aisedubd.com/
HTTP 302
https://nirbandevelopments.com/js/centurylink/home/centuty.html Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
- script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i
SiteCatalyst (Analytics) Expand
Detected patterns
- script /\/s[_-]code.*\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: CenturyLink High-Speed Internet®
Search URL Search Domain Scan URL
Title: Forgot Password?
Search URL Search Domain Scan URL
Title: Create Account
Search URL Search Domain Scan URL
Title: Back to CenturyLink.net
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://aisedubd.com/
HTTP 302
https://nirbandevelopments.com/js/centurylink/home/centuty.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s6958634695401?AQB=1&ndh=1&t=30%2F10%2F2019%2019%3A40%3A51%206%20-60&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fnirbandevelopments.com%2Fjs%2Fcenturylink%2Fhome%2Fcentuty.html&cc=USD&c1=CenturyLink&c6=Federated%20Login&c7=e4a04df650990e7e99a40fa4e394f0d1&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
- https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s6958634695401?AQB=1&pccr=true&vidn=2EF15BD98515ABE4-60000B13396080C5&ndh=1&t=30%2F10%2F2019%2019%3A40%3A51%206%20-60&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fnirbandevelopments.com%2Fjs%2Fcenturylink%2Fhome%2Fcentuty.html&cc=USD&c1=CenturyLink&c6=Federated%20Login&c7=e4a04df650990e7e99a40fa4e394f0d1&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
centuty.html
nirbandevelopments.com/js/centurylink/home/ Redirect Chain
|
8 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
nirbandevelopments.com/js/centurylink/home/bootstrap/css/ |
103 KB 104 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social.css
nirbandevelopments.com/js/centurylink/home/css/default/ |
8 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social_responsive.css
nirbandevelopments.com/js/centurylink/home/css/default/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social_login.css
nirbandevelopments.com/js/centurylink/home/css/default/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modernizr.js
nirbandevelopments.com/js/centurylink/home/js/ |
12 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
nirbandevelopments.com/js/centurylink/home/js/ |
91 KB 91 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
92368.png
static.garnet.synacor.com/clientimages/69187/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
nirbandevelopments.com/js/centurylink/home/bootstrap/js/ |
28 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s_code.js
auth.centurylink.net/saml/resources/omniture/ |
30 KB 12 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s6958634695401
synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/ Redirect Chain
|
43 B 285 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: CenturyLink (Telecommunication) Generic (Online)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| html5 object| Modernizr function| yepnope function| $ function| jQuery function| updateTracking object| jQuery18103905813482889906 string| s_account object| s string| s_code string| s_objectID function| s_gi function| s_giqf string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq object| s_i_synacor object| $elements string| $escaped2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.nirbandevelopments.com/ | Name: s_sq Value: %5B%5BB%5D%5D |
|
.nirbandevelopments.com/ | Name: s_cc Value: true |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aisedubd.com
auth.centurylink.net
nirbandevelopments.com
static.garnet.synacor.com
synacor.112.2o7.net
203.191.33.96
206.190.152.134
52.49.100.189
64.8.70.35
64.8.70.81
213bf6c20a6be54fedc4f166188e05a869162eb2da292120beaafa427d125b08
573b413e0abefc221bd7d89f23a563a95cc647fa669848a079e9193bc0241ce2
5e72e2fcac888e1e9e902f588863ad02f96c33158020e6a072fec83313542d31
9498b84cb8e0f1ab75f336dd5e94b07d4e82fc7b247b55997c6ab7048f6f23a1
96708c6d8e2d1d3e2cd83c34b4e30311c6c6bb405caef24c66d9c7a336b4bed2
9b8a190f66ff17d40709494b95194e22dd6fcc4a3cbd991348afab655b5c8422
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
bf8e35f0426b04c069c1768fb387524b5216ea5ffb3d66c81fb4bfc86b3fe6e4
d143e8a21409b83c19f0d8f7a451106669d46524aeff78529c83630d9256a1ce
f36832aff6c3266f0a321a84be626fdd30d55eb3ffcc004ed27de9194c0cce1c
f8e673c25be39d8531277d87b18ac3cf91def3c21ca9c171625e6c2aaa796bbd