client-ssastatement-invoice07.su
Open in
urlscan Pro
188.114.96.3
Malicious Activity!
Public Scan
Effective URL: https://client-ssastatement-invoice07.su/ch/index.php?secure
Submission: On August 26 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by WE1 on August 7th 2024. Valid for: 3 months.
This is the only time client-ssastatement-invoice07.su was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 52.217.134.217 52.217.134.217 | 16509 (AMAZON-02) (AMAZON-02) | |
2 13 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
13 | 2 |
ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
redssainvoice309.s3.amazonaws.com |
ASN13335 (CLOUDFLARENET, US)
client-ssastatement-invoice07.su |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
client-ssastatement-invoice07.su
2 redirects
client-ssastatement-invoice07.su |
60 KB |
2 |
amazonaws.com
redssainvoice309.s3.amazonaws.com |
1023 B |
13 | 2 |
Domain | Requested by | |
---|---|---|
13 | client-ssastatement-invoice07.su |
2 redirects
client-ssastatement-invoice07.su
redssainvoice309.s3.amazonaws.com |
2 | redssainvoice309.s3.amazonaws.com | |
13 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3.amazonaws.com Amazon RSA 2048 M01 |
2024-04-22 - 2025-04-07 |
a year | crt.sh |
client-ssastatement-invoice07.su WE1 |
2024-08-07 - 2024-11-05 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://client-ssastatement-invoice07.su/ch/index.php?secure
Frame ID: 3F49F15B73978F9819331772DF7BDA72
Requests: 11 HTTP requests in this frame
Frame:
https://client-ssastatement-invoice07.su/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js
Frame ID: F430DA835D05E090F17ADD8ECC3C58C7
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
403 ForbiddenPage URL History Show full URLs
- https://redssainvoice309.s3.amazonaws.com/secolverif654.html Page URL
- https://client-ssastatement-invoice07.su/ch/index.php?secure Page URL
-
https://client-ssastatement-invoice07.su/cdn-cgi/phish-bypass?atok=I20O6CJfpMnAz6orBGHAQDydwGYowWkm4H2RGkeJFNs-172467...
HTTP 301
https://client-ssastatement-invoice07.su/ch/index.php?secure Page URL
- https://client-ssastatement-invoice07.su/ch/index.php?secure Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://redssainvoice309.s3.amazonaws.com/secolverif654.html Page URL
- https://client-ssastatement-invoice07.su/ch/index.php?secure Page URL
-
https://client-ssastatement-invoice07.su/cdn-cgi/phish-bypass?atok=I20O6CJfpMnAz6orBGHAQDydwGYowWkm4H2RGkeJFNs-1724678090-0.0.1.1-%2Fch%2Findex.php%3Fsecure
HTTP 301
https://client-ssastatement-invoice07.su/ch/index.php?secure Page URL
- https://client-ssastatement-invoice07.su/ch/index.php?secure Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 6- https://client-ssastatement-invoice07.su/cdn-cgi/phish-bypass?atok=I20O6CJfpMnAz6orBGHAQDydwGYowWkm4H2RGkeJFNs-1724678090-0.0.1.1-%2Fch%2Findex.php%3Fsecure HTTP 301
- https://client-ssastatement-invoice07.su/ch/index.php?secure
- https://client-ssastatement-invoice07.su/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://client-ssastatement-invoice07.su/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
secolverif654.html
redssainvoice309.s3.amazonaws.com/ |
109 B 503 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index.php
client-ssastatement-invoice07.su/ch/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
redssainvoice309.s3.amazonaws.com/ |
243 B 520 B |
Other
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cf.errors.css
client-ssastatement-invoice07.su/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-exclamation.png
client-ssastatement-invoice07.su/cdn-cgi/images/ |
452 B 635 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
client-ssastatement-invoice07.su/ |
6 KB 7 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index.php
client-ssastatement-invoice07.su/ch/ Redirect Chain
|
19 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
index.php
client-ssastatement-invoice07.su/ch/ |
0 922 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
client-ssastatement-invoice07.su/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/ Frame F430 Redirect Chain
|
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
client-ssastatement-invoice07.su/ |
18 KB 18 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
8b94166a3ddc6ae6
client-ssastatement-invoice07.su/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame F430 |
0 965 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
index.php
client-ssastatement-invoice07.su/ch/ |
548 B 566 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
client-ssastatement-invoice07.su/ |
548 B 647 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
16 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
client-ssastatement-invoice07.su/ | Name: WKQnAFxDK7DzhLDB533p2P397rM Value: COjg2Wj_vUV31UJCDLJiSDMzcP8 |
|
client-ssastatement-invoice07.su/ | Name: 88nYCjTOayEjzrfDYtbIpjSu3o4 Value: 1724678076 |
|
client-ssastatement-invoice07.su/ | Name: fgc_0aj1iU7qjdL84rzp_emL0eM Value: 1724764476 |
|
client-ssastatement-invoice07.su/ | Name: hmBeyOxTdNM3TOth_-ObXJqhvP8 Value: UXQTEpz5oqNG0GYcLzN4QCMDfHg |
|
.client-ssastatement-invoice07.su/ | Name: __cf_mw_byp Value: I20O6CJfpMnAz6orBGHAQDydwGYowWkm4H2RGkeJFNs-1724678090-0.0.1.1-/ch/index.php?secure |
|
client-ssastatement-invoice07.su/ | Name: DdzH0DYeFu12ZZMwOjk6Q_AlbMg Value: yhuYJSlBQzE1z4ucWRzFmnNEyKU |
|
client-ssastatement-invoice07.su/ | Name: ok3XyIp4xKJaqlIwaERbA8wm9gg Value: 1724678094 |
|
client-ssastatement-invoice07.su/ | Name: djnOdr9-CCkHqVIb8hS_KR3cwyc Value: 1724764494 |
|
client-ssastatement-invoice07.su/ | Name: PqT8O5eMGfhEkQFCuX-KicBnUMo Value: uN1GBBj5ssjGg7CAERoqkaBoo0o |
|
client-ssastatement-invoice07.su/ | Name: Fdm_8ec3hIjSH2xFXcdaNO0RfQo Value: 12f3ELOPn0e0PsKPjPfmUJ02BrE |
|
.client-ssastatement-invoice07.su/ | Name: cf_clearance Value: 5DHpUq550g0X2ZeBpBG_xPUJOgp4a43tlnBKwZWBYuM-1724678095-1.2.1.1-23IZzMN1ZL2iK85BSeS5e9DOTJss38WHEKTh0yZg5Z64zvxtms5I1v6M6hcMdckp7Y0WmqYE3iaTkpX9rXE.EIpzMJPUow5GMQQqHNy_Tpvoq0uiSnq5PYzGP6xM1zg0_M2fLF5g_qYJeDog.5hUZZj0BGXn2zORwB8itrtyQm7vM.CnneRuqGWtxhBf4O33giORfC.q5IRgH4dZ3PSQDbDvhjmT25Qn9_fc2iWLeecSxxua7pLTc0nhjPlLQO8d6t7BPcPTEVhsHQmIciUuBu.jmdFx6x9DpnV2LBxW_vN9PkSIgk8WNP5C6EpNwS8lJM5VPE8k76j6RtVoZxBo5DrYdMKGjucz9Mi7mDW2EW_Qn51ja2lInKDkGjPOoWgu |
|
client-ssastatement-invoice07.su/ | Name: vVQxAPVOuR5jPrJXt_jP5TKitms Value: W-vmQRw2kwR9O4rAC0o3TEEqnPw |
|
client-ssastatement-invoice07.su/ | Name: PnfeqIIEHtiVK2uovinGayBusAs Value: 1724678095 |
|
client-ssastatement-invoice07.su/ | Name: N4P0oMq27u6WP1YJv3EPi8qUp0I Value: 1724764495 |
|
client-ssastatement-invoice07.su/ | Name: LMH6RN6JPQ8ZfSEOhzIO8Zwh69c Value: _qL__52-j2CMOvC709uNjsOU5Qg |
|
client-ssastatement-invoice07.su/ | Name: AomVd7BytDrJjKmLYQ7f2g3tMZg Value: t6F9CuoGmSYYZLkBahdtKalbvaU |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
client-ssastatement-invoice07.su
redssainvoice309.s3.amazonaws.com
188.114.96.3
52.217.134.217
11557efb19a9c0f676a021cfb4dea849867c97eb9df03d1c0ab873cc13efbd93
15e1f491c3bf46ac014a7f86322b3c3cbb9e6466fa54b29959aa62968217a0a7
25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393
41a78184a22ebafc3e6e16cfd3ab7cefc4d05125e1aef56b5b20b5877ba91837
7328cbf16ffb2402162a605443df5d0226bcf4e254280ec26fe34696ff33727b
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9be60c0fd7e0d7b41a742bc6d312d8d5a3424aad48732a751acfd1d3cf72af46
a54230b7ac0b158f49ba1807506c3c2aa4e83b78095aab98a6ad908d311559b2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016