confrontationisolation.com
Open in
urlscan Pro
69.49.234.71
Malicious Activity!
Public Scan
Submitted URL: http://emrullahsalci.com.tr/wp-content/plugins/woocommerce/vendor/composer/installers/src/Composer/Installers/Installer/
Effective URL: https://confrontationisolation.com/BPD_Personas_00168/Popularenlinea/Home.html
Submission: On August 25 via automatic, source phishtank
Effective URL: https://confrontationisolation.com/BPD_Personas_00168/Popularenlinea/Home.html
Submission: On August 25 via automatic, source phishtank
Summary
This website contacted 2 IPs
in 2 countries
across 2 domains to perform 18 HTTP transactions.
The main IP is 69.49.234.71, located in
United States and
belongs to UNIFIEDLAYER-AS-1, US.
The main domain is confrontationisolation.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 19th 2021. Valid for: 3 months.
This is the only time confrontationisolation.com was scanned on urlscan.io!
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 19th 2021. Valid for: 3 months.
This is the only time confrontationisolation.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Popular Dominicano (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 77.79.81.241 77.79.81.241 | 39582 (GRID) (GRID) | |
| 1 18 | 69.49.234.71 69.49.234.71 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
| 18 | 2 |
1
77.79.81.241
(Bagcilar, Turkey)
ASN39582 (GRID, TR)
PTR: reverse-77-79-81-241.pusula.net.tr
ASN39582 (GRID, TR)
PTR: reverse-77-79-81-241.pusula.net.tr
| emrullahsalci.com.tr |
18
69.49.234.71
(United States)
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 69-49-234-71.unifiedlayer.com
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 69-49-234-71.unifiedlayer.com
| confrontationisolation.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 18 |
confrontationisolation.com
1 redirects
confrontationisolation.com |
652 KB |
| 1 |
emrullahsalci.com.tr
emrullahsalci.com.tr |
352 B |
| 18 | 2 |
| Domain | Requested by | |
|---|---|---|
| 18 | confrontationisolation.com |
1 redirects
confrontationisolation.com
|
| 1 | emrullahsalci.com.tr | |
| 18 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| confrontationisolation.com cPanel, Inc. Certification Authority |
2021-08-19 - 2021-11-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://confrontationisolation.com/BPD_Personas_00168/Popularenlinea/Home.html
Frame ID: CB5026ADDCD6FD61B7C646AEEB94B9FD
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
Banco Popular DominicanoPage URL History Show full URLs
- http://emrullahsalci.com.tr/wp-content/plugins/woocommerce/vendor/composer/installers/src/Composer/Insta... Page URL
-
https://confrontationisolation.com/BPD_Personas_00168/Popularenlinea
HTTP 301
https://confrontationisolation.com/BPD_Personas_00168/Popularenlinea/ Page URL
- https://confrontationisolation.com/BPD_Personas_00168/Popularenlinea/Home.html Page URL
Detected technologies
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://emrullahsalci.com.tr/wp-content/plugins/woocommerce/vendor/composer/installers/src/Composer/Installers/Installer/ Page URL
-
https://confrontationisolation.com/BPD_Personas_00168/Popularenlinea
HTTP 301
https://confrontationisolation.com/BPD_Personas_00168/Popularenlinea/ Page URL
- https://confrontationisolation.com/BPD_Personas_00168/Popularenlinea/Home.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://confrontationisolation.com/BPD_Personas_00168/Popularenlinea HTTP 301
- https://confrontationisolation.com/BPD_Personas_00168/Popularenlinea/
18 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
emrullahsalci.com.tr/wp-content/plugins/woocommerce/vendor/composer/installers/src/Composer/Installers/Installer/ |
116 B 352 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
confrontationisolation.com/BPD_Personas_00168/Popularenlinea/ Redirect Chain
|
68 B 274 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
Home.html
confrontationisolation.com/BPD_Personas_00168/Popularenlinea/ |
3 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap-v3.3.7.min.css
confrontationisolation.com/BPD_Personas_00168/Popularenlinea/newfiles/ |
118 KB 119 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap-slider.min.css
confrontationisolation.com/BPD_Personas_00168/Popularenlinea/newfiles/ |
3 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.css
confrontationisolation.com/BPD_Personas_00168/Popularenlinea/newfiles/ |
236 KB 236 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mastepages.css
confrontationisolation.com/BPD_Personas_00168/Popularenlinea/newfiles/ |
26 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
masterpage_desktop.css
confrontationisolation.com/BPD_Personas_00168/Popularenlinea/newfiles/ |
23 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
controls15.css
confrontationisolation.com/BPD_Personas_00168/Popularenlinea/newfiles/ |
10 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.css
confrontationisolation.com/BPD_Personas_00168/Popularenlinea/newfiles/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fontawesome-v5.8.2.min.css
confrontationisolation.com/BPD_Personas_00168/Popularenlinea/newfiles/ |
54 KB 54 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style2.css
confrontationisolation.com/BPD_Personas_00168/Popularenlinea/newfiles/ |
11 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
introjs.min.css
confrontationisolation.com/BPD_Personas_00168/Popularenlinea/newfiles/ |
9 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo-bpd-blanco.svg
confrontationisolation.com/BPD_Personas_00168/Popularenlinea/newfiles/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
roboto-v18-latin-regular.woff2
confrontationisolation.com/BPD_Personas_00168/Popularenlinea/newfiles/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
BPD-icon-v2.ttf
confrontationisolation.com/BPD_Personas_00168/Popularenlinea/newfiles/ |
102 KB 103 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
roboto-v18-latin-300.woff2
confrontationisolation.com/BPD_Personas_00168/Popularenlinea/newfiles/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
roboto-v18-latin-700.woff2
confrontationisolation.com/BPD_Personas_00168/Popularenlinea/newfiles/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Popular Dominicano (Banking)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
confrontationisolation.com
emrullahsalci.com.tr
69.49.234.71
77.79.81.241
07a85e868c150fd3e1287c7905858e0adf64cfc53d7b992899cdd5e843012621
0bd20b46f08b0672705602274fdf06525df32b6bffb47ed9a2607fd8496a7891
106449bde377d24384a1a3545209b9bb28f05bc168a04fbf5fca224d5ff16072
1b23732463d80c498b3060e3ff159b6d4ea08e80b40b916b4431770ae4821f1d
1d5b7c64458f4af91dcfee0354be47adde1f739b5aded03a7ab6068a1bb6ca97
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
7cda49d501b1ff6ee7ef453e6e955ab58ecdf88485739099d5d47e44946e4ead
82d3f360d2fe6cad810eccd6e0eb61eb6fd14d287ef4f15a832183c0684dcd5b
85c9cbff63f983679bf4991c535f48a3bb2fae5c361bbc52d42671bd31238a60
91fdb85d9fbca18b5e6601d7d5eb688403e853a3ed54283fa6a63f91e409de65
a8f300cd1619c1ee14fbf56e14462be573f5cdb77727555e8571f55c813437c9
b9462c3d8fc4e698687d6fa7efdd3123606f6e235a179e7cb12cdb38f8ed7978
cb825dcb2f6fe96ef4f24ffcc214ff3f30cbac0fc7a45a3942394227f5aa8d1b
e436ede81a131f9e8498c5eadd2e5915b4d5777eac9306f60118b317be8e2471
eca8ffa764a66cd084800e2e71c4176ef089ebd805515664a6cb8d4fb3b598bf
fe867b87f2648fa01f89b37fcd35ab0a86dad0bf9084ff537ff6528326490a76