urlscan.io logo urlscan.io
SecurityTrails logo

siasky.net Open in urlscan Pro
167.160.90.90  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://orders.co.jp/pl.html?email
Effective URL: https://siasky.net/CABH89cwGbOkh9Xzr-D5RBar_zj_xoYS7UQ1JHzMn5VKPA/
Submission Tags: falconsandbox
Submission: On September 07 via api from US — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 4 HTTP transactions. The main IP is 167.160.90.90, located in Los Angeles, United States and belongs to DEDICATED, US. The main domain is siasky.net. The Cisco Umbrella rank of the primary domain is 235903.
TLS certificate: Issued by R3 on July 18th 2022. Valid for: 3 months.
This is the only time siasky.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
1 153.122.152.52 131921 (GMOCL GMO...)
1 167.160.90.90 63018 (DEDICATED)
1 2001:4de0:ac1... 20446 (STACKPATH...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 4
Apex Domain
Subdomains		 Transfer
1 bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3281
15 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 976
30 KB
1 siasky.net
siasky.net — Cisco Umbrella Rank: 235903
3 KB
1 orders.co.jp
orders.co.jp
881 B
4 4
Domain Requested by
1 stackpath.bootstrapcdn.com siasky.net
1 code.jquery.com siasky.net
1 siasky.net orders.co.jp
1 orders.co.jp
4 4

This site contains no links.

Subject Issuer Validity Valid
siasky.net
R3		 2022-07-18 -
2022-10-16		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2022-08-03 -
2023-07-14		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-01-29 -
2023-01-29		 a year crt.sh

This page contains 1 frames:

Primary Page: https://siasky.net/CABH89cwGbOkh9Xzr-D5RBar_zj_xoYS7UQ1JHzMn5VKPA/
Frame ID: A1CEAB8FCEAAAE6BC188ED078A986A6C
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Session expired!

Page URL History Show full URLs

  1. http://orders.co.jp/pl.html?email Page URL
  2. https://siasky.net/CABH89cwGbOkh9Xzr-D5RBar_zj_xoYS7UQ1JHzMn5VKPA/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

4
Requests

75 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

49 kB
Transfer

142 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://orders.co.jp/pl.html?email Page URL
  2. https://siasky.net/CABH89cwGbOkh9Xzr-D5RBar_zj_xoYS7UQ1JHzMn5VKPA/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
pl.html
orders.co.jp/ 		595 B
881 B 		Document
General
Check archive.org
Download Go to
Full URL
http://orders.co.jp/pl.html?email
Protocol
HTTP/1.1
Server
153.122.152.52 , Japan, ASN131921 (GMOCL GMO GlobalSign Holdings K.K., JP),
Reverse DNS
Software
Apache/2.0.64 (Unix) /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Length
595
Content-Type
text/html
Date
Wed, 07 Sep 2022 13:50:06 GMT
ETag
"760008-253-ec7ff4c0"
Keep-Alive
timeout=15, max=100
Last-Modified
Sat, 07 May 2022 21:47:39 GMT
Server
Apache/2.0.64 (Unix)
Primary Request /
siasky.net/CABH89cwGbOkh9Xzr-D5RBar_zj_xoYS7UQ1JHzMn5VKPA/ 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://siasky.net/CABH89cwGbOkh9Xzr-D5RBar_zj_xoYS7UQ1JHzMn5VKPA/
Requested by
Host: orders.co.jp
URL: http://orders.co.jp/pl.html?email
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
167.160.90.90 Los Angeles, United States, ASN63018 (DEDICATED, US),
Reverse DNS
Software
openresty/1.21.4.1 /
Resource Hash
9e0ccae3e06545331a6eac5aa3c15acd27d6228447efa3bd17c191c61c569568
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Referer
http://orders.co.jp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,If-None-Match,Cache-Control,Content-Type,Range,X-HTTP-Method-Override,upload-offset,upload-metadata,upload-length,tus-version,tus-resumable,tus-extension,tus-max-size,upload-concat,location,Skynet-API-Key
access-control-allow-methods
GET, POST, HEAD, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers
Content-Length,Content-Range,ETag,Accept-Ranges,Skynet-File-Metadata,Skynet-Skylink,Skynet-Proof,Skynet-Portal-Api,Skynet-Server-Api,upload-offset,upload-metadata,upload-length,tus-version,tus-resumable,tus-extension,tus-max-size,upload-concat,location
content-disposition
inline; filename="indek.html"
content-encoding
gzip
content-type
text/html
date
Wed, 07 Sep 2022 13:50:08 GMT
etag
W/"4dea5649b73f17755a4a7f2b2e5cf27a859106d3038c188a5d003e3b57090378"
server
openresty/1.21.4.1
skynet-cache-ratio
1
skynet-portal-api
https://siasky.net
skynet-server-api
https://us-la-2.siasky.net
skynet-skylink
CABH89cwGbOkh9Xzr-D5RBar_zj_xoYS7UQ1JHzMn5VKPA
strict-transport-security
max-age=63072000
vary
Accept-Encoding
jquery-3.2.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.2.1.min.js
Requested by
Host: siasky.net
URL: https://siasky.net/CABH89cwGbOkh9Xzr-D5RBar_zj_xoYS7UQ1JHzMn5VKPA/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://siasky.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 07 Sep 2022 13:50:08 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-15283"
vary
Accept-Encoding
x-hw
1662558608.dop043.la3.t,1662558608.cds219.la3.hn,1662558608.cds045.la3.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30125
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Requested by
Host: siasky.net
URL: https://siasky.net/CABH89cwGbOkh9Xzr-D5RBar_zj_xoYS7UQ1JHzMn5VKPA/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://siasky.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 07 Sep 2022 13:50:08 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
753, 617, 617
age
5917084
cdn-cachedat
2021-06-19 03:25:59
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:06 GMT
server
cloudflare
cdn-requestpullcode
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
091569a016b5cc61e090d5815e862673
cf-ray
746fe967c9b5e053-NRT
cdn-requestcountrycode
AU
cdn-requestpullsuccess
True

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery object| bootstrap

0 Cookies