entry5300-js2024r1.usercontent.dev
Open in
urlscan Pro
178.128.255.27
Malicious Activity!
Public Scan
Submission: On August 17 via api from BY — Scanned from NL
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on September 19th 2023. Valid for: a year.
This is the only time entry5300-js2024r1.usercontent.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
15 | 178.128.255.27 178.128.255.27 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
21 | 2 |
ASN14061 (DIGITALOCEAN-ASN, US)
entry5300-js2024r1.usercontent.dev |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
usercontent.dev
entry5300-js2024r1.usercontent.dev |
230 KB |
21 | 1 |
Domain | Requested by | |
---|---|---|
15 | entry5300-js2024r1.usercontent.dev |
entry5300-js2024r1.usercontent.dev
|
21 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.usercontent.dev Go Daddy Secure Certificate Authority - G2 |
2023-09-19 - 2024-10-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://entry5300-js2024r1.usercontent.dev/
Frame ID: 0266D3E045D226684ADE52975F6B446D
Requests: 18 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
entry5300-js2024r1.usercontent.dev/ |
13 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index-C_z3J8ix.js
entry5300-js2024r1.usercontent.dev/ |
122 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index-TX3I2Wsn.css
entry5300-js2024r1.usercontent.dev/ |
439 KB 75 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
mtproto.worker-YOgOLQqN.js
entry5300-js2024r1.usercontent.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
crypto.worker-9wi-02Dm.js
entry5300-js2024r1.usercontent.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
369 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
crypto.worker-9wi-02Dm.js
entry5300-js2024r1.usercontent.dev/ |
67 KB 24 KB |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
entry5300-js2024r1.usercontent.dev/assets/img/ |
15 KB 15 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lang-tX43rM_c.js
entry5300-js2024r1.usercontent.dev/ |
112 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
langSign-lcKrqmwM.js
entry5300-js2024r1.usercontent.dev/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
countries-lRU-UavE.js
entry5300-js2024r1.usercontent.dev/ |
24 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pageSignQR-zTK7FZO5.js
entry5300-js2024r1.usercontent.dev/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
page-MJ46blT_.js
entry5300-js2024r1.usercontent.dev/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
button-exm3gQ2k.js
entry5300-js2024r1.usercontent.dev/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
putPreloader-gBmyySq-.js
entry5300-js2024r1.usercontent.dev/ |
699 B 783 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
textToSvgURL-Z4O-nL1S.js
entry5300-js2024r1.usercontent.dev/ |
357 B 590 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
e94d1ca7-5c62-4f49-9f59-6b9c7ff1e5d2
https://entry5300-js2024r1.usercontent.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
aebe1165-5006-4b01-a314-192066f476f3
https://entry5300-js2024r1.usercontent.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
6cc2056f-710a-4791-8df0-470c2cbc819b
https://entry5300-js2024r1.usercontent.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qr-code-styling-ogpV7fl-.js
entry5300-js2024r1.usercontent.dev/ |
65 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_commonjsHelpers-5-cIlDoe.js
entry5300-js2024r1.usercontent.dev/ |
290 B 537 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_padded.svg
entry5300-js2024r1.usercontent.dev/assets/img/ |
1 KB 0 |
Fetch
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- entry5300-js2024r1.usercontent.dev
- URL
- https://entry5300-js2024r1.usercontent.dev/mtproto.worker-YOgOLQqN.js
- Domain
- entry5300-js2024r1.usercontent.dev
- URL
- https://entry5300-js2024r1.usercontent.dev/crypto.worker-9wi-02Dm.js
- Domain
- entry5300-js2024r1.usercontent.dev
- URL
- blob:https://entry5300-js2024r1.usercontent.dev/e94d1ca7-5c62-4f49-9f59-6b9c7ff1e5d2
- Domain
- entry5300-js2024r1.usercontent.dev
- URL
- blob:https://entry5300-js2024r1.usercontent.dev/aebe1165-5006-4b01-a314-192066f476f3
- Domain
- entry5300-js2024r1.usercontent.dev
- URL
- blob:https://entry5300-js2024r1.usercontent.dev/6cc2056f-710a-4791-8df0-470c2cbc819b
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| rootScope function| deferredPromise function| AppStorage object| stateStorage function| wrapUrl object| I18n object| webpWorkerController object| appStorage object| singleInstance object| webPushApiManager object| telegramMeWebManager object| opusDecodeController object| cryptoMessagePort object| mtprotoMessagePort object| serviceMessagePort object| apiManagerProxy function| calcImageInBox object| mediaSizes object| customProperties object| windowSize object| liteMode object| themeController object| overlayCounter function| formatDateAccordingToTodayNew function| fillTipDates function| dispatchHeavyAnimationEvent object| pagesManager object| sequentialDom function| putPreloader0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
entry5300-js2024r1.usercontent.dev
entry5300-js2024r1.usercontent.dev
178.128.255.27
114c7f7999db3bdfb48c96e8b7f3af28153cf75027cd2ca363b4e354588cf5a3
2f92606f2c333618321af99c063a8cf736bce47536c89b5b7cbd05ccbb0c1dbe
36cb02e59322028c02c5365bd56cbd129b3eb2fb4aaec625160ca2dc9786a4bd
49df7ed82b2bdd3fbd949ee8a07181cf982f6c6e1667f635429cb3fcd9bbccc4
58122e58fe3c70b04602df5bb6a4fcd4264fee6208fc494c72c17b51d7ac7e87
6c4900d40f3335423817340edddd7655d96e707156923fcf3cbf5a6520008d6e
6f2cf0c99091af44641cb27eee6a0f32a56aa85f446f60a9482864f2ade413d4
7e2388ec283fe17472ef02829a93da550af8f3ad4a975f50a0110bff61afe523
8528a55ba5d25bb2b6463f369b7a2046c08ced5f20256978a06119c0d50d08a2
900f22723c45f67600638812021437a089daa7c2f0a559ebb85a0726183cee79
9eeddd1d2a24596fab4825030e466b0702d368e1b987980e6329151af2a6bf34
a50e53873a9fcb4dea985ea0b1a32825f15fa53f5e68ae76ca428289d4b1c199
a8df41d98a0fa3d1cb8c8661377ac1a572beb9cd0b68e968f92d69f7c8331483
c3195442e9136cf3ff7799a59e52daadd15fb900511ea38faae151194ba7ab79
ebc5b09fbc7df9f7c09009dccf79419fa2c2e5e64b3dca84c5a5e3ea6d717439
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4
fcf2bb1c2eec25966834a9649bba8f29cdd0a519888108ec33547be0e52c24f3