urlscan.io logo urlscan.io
SecurityTrails logo

sonmitosss-bknjw55kc-amarco2266.vercel.app Open in urlscan Pro
76.76.21.21  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://tgbe.ws/28mx0s
Effective URL: https://sonmitosss-bknjw55kc-amarco2266.vercel.app/
Submission Tags: falconsandbox
Submission: On March 11 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 3 HTTP transactions. The main IP is 76.76.21.21, located in United States and belongs to AMAZON-02, US. The main domain is sonmitosss-bknjw55kc-amarco2266.vercel.app.
TLS certificate: Issued by R3 on February 3rd 2021. Valid for: 3 months.
This is the only time sonmitosss-bknjw55kc-amarco2266.vercel.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 76.76.21.21 16509 (AMAZON-02)
1 64.20.38.219 19318 (IS-AS-1)
1 67.202.114.216 32748 (STEADFAST)
3 4
Domain Requested by
1 whos.amung.us sonmitosss-bknjw55kc-amarco2266.vercel.app
1 mega-scripts.cyou sonmitosss-bknjw55kc-amarco2266.vercel.app
1 sonmitosss-bknjw55kc-amarco2266.vercel.app
1 tgbe.ws 1 redirects
3 4

This site contains no links.

Subject Issuer Validity Valid
*.vercel.app
R3		 2021-02-03 -
2021-05-04		 3 months crt.sh
wh858580.ispot.cc
cPanel, Inc. Certification Authority		 2021-02-26 -
2021-05-27		 3 months crt.sh
whos.amung.us
Sectigo RSA Domain Validation Secure Server CA		 2020-05-21 -
2022-05-21		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://sonmitosss-bknjw55kc-amarco2266.vercel.app/
Frame ID: D32E9183CF8AB01C4639C16A37F0D1FA
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://tgbe.ws/28mx0s HTTP 302
    https://sonmitosss-bknjw55kc-amarco2266.vercel.app/ Page URL

Page Statistics

3
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

1
Countries

95 kB
Transfer

292 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://tgbe.ws/28mx0s HTTP 302
    https://sonmitosss-bknjw55kc-amarco2266.vercel.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
sonmitosss-bknjw55kc-amarco2266.vercel.app/
Redirect Chain
  • https://tgbe.ws/28mx0s
  • https://sonmitosss-bknjw55kc-amarco2266.vercel.app/
461 B
772 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sonmitosss-bknjw55kc-amarco2266.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
6d953c5e5f501fa33bf75148d9e6fbc8d7de4d6ef02a46671b36cd89a464d0cd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

:method
GET
:authority
sonmitosss-bknjw55kc-amarco2266.vercel.app
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 11 Mar 2021 20:51:19 GMT
content-type
text/html; charset=utf-8
x-robots-tag
noindex
content-disposition
inline; filename="index.html"
cache-control
public, max-age=0, must-revalidate
content-length
461
access-control-allow-origin
*
etag
W/"6d953c5e5f501fa33bf75148d9e6fbc8d7de4d6ef02a46671b36cd89a464d0cd"
accept-ranges
bytes
x-vercel-cache
HIT
age
38858
server
Vercel
x-vercel-id
arn1::pksz5-1615495879895-7cd01de7f938
strict-transport-security
max-age=63072000; includeSubDomains; preload

Redirect headers

date
Thu, 11 Mar 2021 20:51:19 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=dfd23a679e3068e7ca42f70e1723778ed1615495879; expires=Sat, 10-Apr-21 20:51:19 GMT; path=/; domain=.tgbe.ws; HttpOnly; SameSite=Lax; Secure
x-frame-options
SAMEORIGIN
location
https://sonmitosss-bknjw55kc-amarco2266.vercel.app
cache-control
max-age=172800
expires
Sat, 13 Mar 2021 20:51:19 GMT
x-xss-protection
1; mode=block
x-content-type-options
nosniff
x-content-security-policy
allow 'self';
cf-cache-status
DYNAMIC
cf-request-id
08c4a7f3fc00004db26396d000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fL9n1POAvf9ERTLb1MBG0jWpAlX6XMYmF31hoYud2iS08qbgH51V5pwYAL93AsYThweaKyBtpVUaRmLACRLCkZhok64nIixsxtBFb%2BfgN%2FBvHY8Y"}]}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
62e7a8fffef44db2-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
/
mega-scripts.cyou/ 		239 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mega-scripts.cyou/?token=722504ba1e86863f4a782869a9d2db24
Requested by
Host: sonmitosss-bknjw55kc-amarco2266.vercel.app
URL: https://sonmitosss-bknjw55kc-amarco2266.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
64.20.38.219 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
aaea40641babd9ee534f18b27854318c5b7bc1c5f64ee582e1a373e239740720

Request headers

Referer
https://sonmitosss-bknjw55kc-amarco2266.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Mar 2021 20:51:20 GMT
content-encoding
br
server
LiteSpeed
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
/
whos.amung.us/pingjs/ 		30 B
30 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://whos.amung.us/pingjs/?k=jcbsasa01&t=Blacksar%20Inc.&x=https://whos.amung.us/&y=https://whos.amung.us/&a=-1&d=0&v=27&r=7081
Requested by
Host: sonmitosss-bknjw55kc-amarco2266.vercel.app
URL: https://sonmitosss-bknjw55kc-amarco2266.vercel.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.202.114.216 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
amung.us
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://sonmitosss-bknjw55kc-amarco2266.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 11 Mar 2021 20:51:20 GMT
content-encoding
gzip
content-type
text/javascript;charset=UTF-8
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		51 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7281941fed81ed9caf5728727e05da4a94b442c36796e1a5b1d6106f242ed11f

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated string| d object| dom string| back boolean| ignoreHistoryChange boolean| ignoreHashChange string| kon object| _$_f395 string| head string| bod

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload