fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com
Open in
urlscan Pro
5.79.70.123
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On February 27 via api from GB
Summary
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on February 20th 2018. Valid for: 3 years.
This is the only time fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 5 | 5.79.70.123 5.79.70.123 | 60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands) | |
1 | 2a03:b0c0:3:e... 2a03:b0c0:3:e0::298:6001 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
2 | 51.15.27.131 51.15.27.131 | 12876 (Online SAS) (Online SAS) | |
1 2 | 2a00:1450:400... 2a00:1450:4001:824::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a01:7e01::f0... 2a01:7e01::f03c:91ff:fe6b:d177 | 63949 (LINODE-AP...) (LINODE-AP Linode) | |
1 1 | 2a00:1450:400... 2a00:1450:400c:c04::9d | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 2a00:1450:400... 2a00:1450:4001:821::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:818::2003 | 15169 (GOOGLE) (GOOGLE) | |
9 | 6 |
ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN63949 (LINODE-AP Linode, LLC, US)
htmlpasta.goatcounter.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
htmlpasta.com
2 redirects
fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com |
4 KB |
2 |
google-analytics.com
1 redirects
www.google-analytics.com |
18 KB |
2 |
ibb.co
i.ibb.co |
73 KB |
1 |
google.de
www.google.de |
109 B |
1 |
google.com
1 redirects
www.google.com |
192 B |
1 |
doubleclick.net
1 redirects
stats.g.doubleclick.net |
161 B |
1 |
goatcounter.com
htmlpasta.goatcounter.com |
577 B |
1 |
zgo.at
gc.zgo.at |
2 KB |
9 | 8 |
Domain | Requested by | |
---|---|---|
5 | fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com |
2 redirects
fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com
|
2 | www.google-analytics.com |
1 redirects
fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com
|
2 | i.ibb.co |
fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com
|
1 | www.google.de |
fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com
|
1 | www.google.com | 1 redirects |
1 | stats.g.doubleclick.net | 1 redirects |
1 | htmlpasta.goatcounter.com |
fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com
|
1 | gc.zgo.at |
fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com
|
9 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.htmlpasta.com COMODO RSA Domain Validation Secure Server CA |
2018-02-20 - 2021-02-19 |
3 years | crt.sh |
gc.zgo.at Let's Encrypt Authority X3 |
2020-01-30 - 2020-04-29 |
3 months | crt.sh |
ibb.co Let's Encrypt Authority X3 |
2020-01-28 - 2020-04-27 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-02-12 - 2020-05-06 |
3 months | crt.sh |
goatcounter.com Let's Encrypt Authority X3 |
2019-12-16 - 2020-03-15 |
3 months | crt.sh |
www.google.de GTS CA 1O1 |
2020-02-12 - 2020-05-06 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com/?email=nobody@mycraftmail.com&HTML1=https://cf0fc1ff-cae1-4d20-9360-b767f323e6ea.htmlpasta.com/&HTML2=https://fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com/&HTML3=https://9b1ea7a7-1337-46c2-9d19-252cec930741.htmlpasta.com
Frame ID: D98A5CE972F5B19666DCEC2329571AE6
Requests: 9 HTTP requests in this frame
Screenshot
Detected technologies
Ubuntu (Operating Systems) ExpandDetected patterns
- headers server /Ubuntu/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com/style.css HTTP 301
- https://fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com/style.css/
- https://fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com/js/jquery.js HTTP 301
- https://fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com/js/jquery.js/
- https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1241351012&t=pageview&_s=1&dl=https%3A%2F%2Ffa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com%2F%3Femail%3Dnobody%40mycraftmail.com%26amp%3BHTML1%3Dhttps%3A%2F%2Fcf0fc1ff-cae1-4d20-9360-b767f323e6ea.htmlpasta.com%2F%26amp%3BHTML2%3Dhttps%3A%2F%2Ffa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com%2F%26amp%3BHTML3%3Dhttps%3A%2F%2F9b1ea7a7-1337-46c2-9d19-252cec930741.htmlpasta.com&dp=%2Ffa6bd9f9-704b-4f75-945f-c3a67891226f.html&ul=en-us&de=UTF-8&dt=Sign%20in%20to%20your%20account&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=1807929436&gjid=970906935&cid=2040558393.1582773346&tid=UA-75065234-3&_gid=34376177.1582773346&_r=1&z=1265614515 HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-75065234-3&cid=2040558393.1582773346&jid=1807929436&_gid=34376177.1582773346&gjid=970906935&_v=j81&z=1265614515 HTTP 302
- https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-75065234-3&cid=2040558393.1582773346&jid=1807929436&_v=j81&z=1265614515 HTTP 302
- https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-75065234-3&cid=2040558393.1582773346&jid=1807929436&_v=j81&z=1265614515&slf_rd=1&random=494138906
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com/ |
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com/style.css/ Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com/js/jquery.js/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
count.js
gc.zgo.at/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ms-logo-v2.jpg
i.ibb.co/SRq8Gh9/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
44 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0.jpg
i.ibb.co/92VjSj6/ |
70 KB 70 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
count
htmlpasta.goatcounter.com/ |
43 B 577 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ Redirect Chain
|
42 B 109 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate string| GoogleAnalyticsObject function| ga object| goatcounter function| getQueryString object| google_tag_data object| gaplugins object| gaGlobal object| gaData3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.htmlpasta.com/ | Name: _gat Value: 1 |
|
.htmlpasta.com/ | Name: _gid Value: GA1.2.34376177.1582773346 |
|
.htmlpasta.com/ | Name: _ga Value: GA1.2.2040558393.1582773346 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fa6bd9f9-704b-4f75-945f-c3a67891226f.htmlpasta.com
gc.zgo.at
htmlpasta.goatcounter.com
i.ibb.co
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
2a00:1450:4001:818::2003
2a00:1450:4001:821::2004
2a00:1450:4001:824::200e
2a00:1450:400c:c04::9d
2a01:7e01::f03c:91ff:fe6b:d177
2a03:b0c0:3:e0::298:6001
5.79.70.123
51.15.27.131
0311199d8984fdcad86d88b0820815521ac7bbafe761376bba38a0ab3a2178d9
42cb846e07917f6731406e500f24aeb2e88c42cda124eaa59e08c5331cad8bcb
5445e3c3b491b623c28dffb871deb65036b2e8366550982fa0719efcbd54a2f4
bc2b16b51738b77d94ed7591ad1033fa804297ca9faaa35222aa65773f749164
c77ca201000b94a3b1a02f413d9f2e2524f0da43a03a583b390f25f41fb5fece
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629