real-flirtpartners.com
Open in
urlscan Pro
45.82.153.60
Malicious Activity!
Public Scan
Effective URL: https://real-flirtpartners.com/?u=9y1k806&o=rbkp6za&m=1
Submission: On December 29 via api from BE
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on November 14th 2019. Valid for: 3 months.
This is the only time real-flirtpartners.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 181.88.188.111 181.88.188.111 | 7303 (Telecom A...) (Telecom Argentina S.A.) | |
1 9 | 45.82.153.60 45.82.153.60 | 202984 (TEAM-HOST AS) (TEAM-HOST AS) | |
16 | 3 |
ASN7303 (Telecom Argentina S.A., AR)
PTR: host111.181-88-188.telecom.net.ar
oficinatecnicadepresupuestolegislaturacba.cba.gov.ar |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
real-flirtpartners.com
1 redirects
real-flirtpartners.com |
243 KB |
1 |
cba.gov.ar
oficinatecnicadepresupuestolegislaturacba.cba.gov.ar |
3 KB |
0 |
gstatic.com
Failed
fonts.gstatic.com Failed |
|
0 |
fling.com
Failed
promos.fling.com Failed |
|
16 | 4 |
Domain | Requested by | |
---|---|---|
9 | real-flirtpartners.com |
1 redirects
oficinatecnicadepresupuestolegislaturacba.cba.gov.ar
real-flirtpartners.com |
1 | oficinatecnicadepresupuestolegislaturacba.cba.gov.ar | |
0 | fonts.gstatic.com Failed |
real-flirtpartners.com
|
0 | promos.fling.com Failed |
real-flirtpartners.com
|
16 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
real-flirtpartners.com Let's Encrypt Authority X3 |
2019-11-14 - 2020-02-12 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://real-flirtpartners.com/?u=9y1k806&o=rbkp6za&m=1
Frame ID: 5C092CF1467572B74F9F0C1A942805DD
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://oficinatecnicadepresupuestolegislaturacba.cba.gov.ar/wp-content/uploads/desuetude.php?uid-a833e55c88d9598b5e866c Page URL
-
http://real-flirtpartners.com/?u=9y1k806&o=rbkp6za&m=1
HTTP 301
https://real-flirtpartners.com/?u=9y1k806&o=rbkp6za&m=1 Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://oficinatecnicadepresupuestolegislaturacba.cba.gov.ar/wp-content/uploads/desuetude.php?uid-a833e55c88d9598b5e866c Page URL
-
http://real-flirtpartners.com/?u=9y1k806&o=rbkp6za&m=1
HTTP 301
https://real-flirtpartners.com/?u=9y1k806&o=rbkp6za&m=1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
desuetude.php
oficinatecnicadepresupuestolegislaturacba.cba.gov.ar/wp-content/uploads/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
real-flirtpartners.com/ Redirect Chain
|
8 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fonts.css
real-flirtpartners.com/media/dating/timer/css/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
black.css
real-flirtpartners.com/media/dating/timer/css/ |
9 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
real-flirtpartners.com/media/dating/timer/js/ |
91 KB 91 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
en.js
real-flirtpartners.com/media/dating/timer/js/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utils.js
real-flirtpartners.com/util/ |
6 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
intro_black.gif
real-flirtpartners.com/media/dating/timer/images/ |
116 KB 117 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading0.gif
real-flirtpartners.com/media/dating/timer/images/ |
6 KB 6 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
location.php
promos.fling.com/geo/txt/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
DXI1ORHCpsQm3Vp6mXoaTXhCUOGz7vYGh680lGh-uXM.woff
fonts.gstatic.com/s/opensans/v10/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw.woff
fonts.gstatic.com/s/opensans/v10/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
MTP_ySUJH_bn48VBG8sNSnhCUOGz7vYGh680lGh-uXM.woff
fonts.gstatic.com/s/opensans/v10/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM.woff
fonts.gstatic.com/s/opensans/v10/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk.woff
fonts.gstatic.com/s/opensans/v10/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0.woff
fonts.gstatic.com/s/opensans/v10/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- promos.fling.com
- URL
- http://promos.fling.com/geo/txt/location.php?testip=
- Domain
- fonts.gstatic.com
- URL
- http://fonts.gstatic.com/s/opensans/v10/DXI1ORHCpsQm3Vp6mXoaTXhCUOGz7vYGh680lGh-uXM.woff
- Domain
- fonts.gstatic.com
- URL
- http://fonts.gstatic.com/s/opensans/v10/cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw.woff
- Domain
- fonts.gstatic.com
- URL
- http://fonts.gstatic.com/s/opensans/v10/MTP_ySUJH_bn48VBG8sNSnhCUOGz7vYGh680lGh-uXM.woff
- Domain
- fonts.gstatic.com
- URL
- http://fonts.gstatic.com/s/opensans/v10/k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM.woff
- Domain
- fonts.gstatic.com
- URL
- http://fonts.gstatic.com/s/opensans/v10/xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk.woff
- Domain
- fonts.gstatic.com
- URL
- http://fonts.gstatic.com/s/opensans/v10/PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| Tick object| Timer number| TotalSeconds function| CreateTimer function| UpdateTimer function| LeadingZero object| now string| current function| getParameterByName function| hideUnsub function| languageDetection function| writeLocation object| geoRefData function| showLocation function| appendPixels undefined| randomNumber function| docReady object| dataLayer2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
real-flirtpartners.com/ | Name: q1 Value: o882ezxip7p8mqq8 |
|
real-flirtpartners.com/ | Name: ASP.NET_SessionId Value: j5xfskzm15vbzirnxenn4bjo |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self' https://*.cba.gov.ar http://*.cba.gov.ar ; script-src 'self' https://*.cba.gov.ar http://*.cba.gov.ar https://*.cloudflare.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://*.cba.gov.ar http://*.cba.gov.ar https://*.googleapis.com 'unsafe-eval' 'unsafe-inline'; font-src 'self' https://*.cba.gov.ar http://*.cba.gov.ar https://*.gstatic.com data: ; media-src 'self' https://*.cba.gov.ar http://*.cba.gov.ar ; img-src 'self' https://*.cba.gov.ar http://*.cba.gov.ar ; connect-src 'self' ; object-src 'self' ; worker-src 'self' ; child-src 'self' ; frame-src 'self' ; frame-ancestors 'self' https://panel0.cba.gov.ar http://panel0.cba.gov.ar |
Public-Key-Pins | pin-sha256="qqXyRzM8fx6iBWgP0cyrGACaMeI7S6Emz/KiBFwV4Ko="; pin-sha256="47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="; max-age=86407; includeSubDomains |
Strict-Transport-Security | max-age=86407; includeSubDomains |
X-Content-Security-Policy | default-src 'self' 'unsafe-eval' 'unsafe-inline' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' ; img-src 'self' |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.gstatic.com
oficinatecnicadepresupuestolegislaturacba.cba.gov.ar
promos.fling.com
real-flirtpartners.com
fonts.gstatic.com
promos.fling.com
181.88.188.111
45.82.153.60
21f331f1cc00fe00b634b4bad71e76e879a403eb213987eae2d4ea753f9d91e8
372a69fee04e30bd0bec56898de8354559c63f46337f52f0fb86b91606ba23fa
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
9306a182adf8e430b0b667162ae85ede56721fbdcc09b6d373c089c012699564
ad93ebf236149854e02b2dcb7ca0095033c5fb6b9fa3540da68cfb8ec8ec38d6
bb95d40ea27ecd278f625b7477df0062488de192a760e21d07eba52de5f3c97e
bf6a6bcd1a849bb95da78f5126325d51560d0a1041118bccccb472de6e04a5a2
ccaecb21498801a55bf6681a2aed2bb55d512488a8dbbeb927db5ca6e0fe873b
dfa0ad12a293332f47c0c0b7c4d7681d3670915a2f75f086aaf61b9a2835b24a