siasky.net
Open in
urlscan Pro
167.160.90.90
Malicious Activity!
Public Scan
Effective URL: https://siasky.net/CABH89cwGbOkh9Xzr-D5RBar_zj_xoYS7UQ1JHzMn5VKPA/
Submission Tags: falconsandbox
Submission: On September 07 via api from US — Scanned from JP
Summary
TLS certificate: Issued by R3 on July 18th 2022. Valid for: 3 months.
This is the only time siasky.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 153.122.152.52 153.122.152.52 | 131921 (GMOCL GMO...) (GMOCL GMO GlobalSign Holdings K.K.) | |
1 | 167.160.90.90 167.160.90.90 | 63018 (DEDICATED) (DEDICATED) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:3b | 20446 (STACKPATH...) (STACKPATH-CDN) | |
1 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3281 |
15 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 976 |
30 KB |
1 |
siasky.net
siasky.net — Cisco Umbrella Rank: 235903 |
3 KB |
1 |
orders.co.jp
orders.co.jp |
881 B |
4 | 4 |
Domain | Requested by | |
---|---|---|
1 | stackpath.bootstrapcdn.com |
siasky.net
|
1 | code.jquery.com |
siasky.net
|
1 | siasky.net |
orders.co.jp
|
1 | orders.co.jp | |
4 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
siasky.net R3 |
2022-07-18 - 2022-10-16 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-01-29 - 2023-01-29 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://siasky.net/CABH89cwGbOkh9Xzr-D5RBar_zj_xoYS7UQ1JHzMn5VKPA/
Frame ID: A1CEAB8FCEAAAE6BC188ED078A986A6C
Requests: 4 HTTP requests in this frame
Screenshot
Page Title
Session expired!Page URL History Show full URLs
- http://orders.co.jp/pl.html?email Page URL
- https://siasky.net/CABH89cwGbOkh9Xzr-D5RBar_zj_xoYS7UQ1JHzMn5VKPA/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://orders.co.jp/pl.html?email Page URL
- https://siasky.net/CABH89cwGbOkh9Xzr-D5RBar_zj_xoYS7UQ1JHzMn5VKPA/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
pl.html
orders.co.jp/ |
595 B 881 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
siasky.net/CABH89cwGbOkh9Xzr-D5RBar_zj_xoYS7UQ1JHzMn5VKPA/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery object| bootstrap0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
orders.co.jp
siasky.net
stackpath.bootstrapcdn.com
153.122.152.52
167.160.90.90
2001:4de0:ac18::1:a:3b
2606:4700::6812:acf
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
9e0ccae3e06545331a6eac5aa3c15acd27d6228447efa3bd17c191c61c569568