entry5295-js2024r1.usercontent.dev Open in urlscan Pro
178.128.255.27 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://entry5295-js2024r1.usercontent.dev/
Submission: On May 05 via automatic, source openphish (May 5th 2024, 1:01:17 pm UTC) — Scanned from NL

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 21 HTTP transactions. The main IP is 178.128.255.27, located in Amsterdam, Netherlands and belongs to DIGITALOCEAN-ASN, US. The main domain is entry5295-js2024r1.usercontent.dev.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on September 19th 2023. Valid for: a year.

This is the only time entry5295-js2024r1.usercontent.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

	IP Address		AS Autonomous System
8	178.128.255.27 178.128.255.27		14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
21	2

8 178.128.255.27 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

entry5295-js2024r1.usercontent.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	usercontent.dev entry5295-js2024r1.usercontent.dev	177 KB
21	1

	Domain	Requested by
8	entry5295-js2024r1.usercontent.dev	entry5295-js2024r1.usercontent.dev
21	1

This site contains no links.

Subject Issuer	Validity	Valid
*.usercontent.dev Go Daddy Secure Certificate Authority - G2	`2023-09-19` - `2024-10-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://entry5295-js2024r1.usercontent.dev/
Frame ID: 5AB62FC763D5E043176FB4BD04E03DBB
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telegram Web

Page Statistics

21
Requests

38 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

177 kB
Transfer

885 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response entry5295-js2024r1.usercontent.dev/	13 KB 5 KB	93ms 17ms	Document text/html	178.128.255.27 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://entry5295-js2024r1.usercontent.dev/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.128.255.27 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.10.3 / Resource Hash `523ebd09002b953782d221cadd62f599e3db968482551e74d24cdf1f9b226220` Request headers Accept-Language nl-NL,nl;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Sun, 05 May 2024 14:02:31 GMT ETag W/"65ae8d34-3523" Last-Modified Mon, 22 Jan 2024 15:43:48 GMT Server nginx/1.10.3 Transfer-Encoding chunked Vary Accept-Encoding
GET H/1.1	200 OK	index-KXeBxeEJ.js Show response entry5295-js2024r1.usercontent.dev/	122 KB 43 KB	34ms 34ms	Script application/javascript	178.128.255.27 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://entry5295-js2024r1.usercontent.dev/index-KXeBxeEJ.js Requested by Host: entry5295-js2024r1.usercontent.dev URL: https://entry5295-js2024r1.usercontent.dev/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.128.255.27 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.10.3 / Resource Hash `bfd698d843fcecc6373e7ce24bcff067fd422a8e4f1e9a53f4ead00a2987f910` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://entry5295-js2024r1.usercontent.dev/ Origin https://entry5295-js2024r1.usercontent.dev Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 05 May 2024 14:02:31 GMT Content-Encoding gzip Last-Modified Mon, 22 Jan 2024 15:43:48 GMT Server nginx/1.10.3 ETag W/"65ae8d34-1e789" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=UTF-8 Connection keep-alive
GET H/1.1	200 OK	index-YczrTlMe.css entry5295-js2024r1.usercontent.dev/	440 KB 76 KB	69ms 38ms	Stylesheet text/css	178.128.255.27 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://entry5295-js2024r1.usercontent.dev/index-YczrTlMe.css Requested by Host: entry5295-js2024r1.usercontent.dev URL: https://entry5295-js2024r1.usercontent.dev/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.128.255.27 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.10.3 / Resource Hash `d562b158e1c0e57524764c94985437d8155075c44b172fb83a5997625f865fe9` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://entry5295-js2024r1.usercontent.dev/ Origin https://entry5295-js2024r1.usercontent.dev Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 05 May 2024 14:02:31 GMT Content-Encoding gzip Last-Modified Mon, 22 Jan 2024 15:43:48 GMT Server nginx/1.10.3 ETag W/"65ae8d34-6dec1" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Connection keep-alive
GET		mtproto.worker-5p1hQip1.js entry5295-js2024r1.usercontent.dev/	0 0

GET		crypto.worker-9wi-02Dm.js entry5295-js2024r1.usercontent.dev/	0 0

GET DATA	200 OK	truncated /	369 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6f2cf0c99091af44641cb27eee6a0f32a56aa85f446f60a9482864f2ade413d4` Request headers Accept-Language nl-NL,nl;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H/1.1	200 OK	crypto.worker-9wi-02Dm.js Show response entry5295-js2024r1.usercontent.dev/	67 KB 0	66ms 66ms	Fetch application/javascript	178.128.255.27 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://entry5295-js2024r1.usercontent.dev/crypto.worker-9wi-02Dm.js Requested by Host: entry5295-js2024r1.usercontent.dev URL: https://entry5295-js2024r1.usercontent.dev/index-KXeBxeEJ.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.128.255.27 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.10.3 / Resource Hash `ebc5b09fbc7df9f7c09009dccf79419fa2c2e5e64b3dca84c5a5e3ea6d717439` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://entry5295-js2024r1.usercontent.dev/ Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 05 May 2024 14:02:31 GMT Content-Encoding gzip Last-Modified Mon, 22 Jan 2024 15:43:48 GMT Server nginx/1.10.3 ETag W/"65ae8d34-10cf6" Vary Accept-Encoding Content-Type application/javascript; charset=UTF-8
GET H/1.1	200 OK	favicon.ico entry5295-js2024r1.usercontent.dev/assets/img/	15 KB 15 KB	61ms 31ms	Other image/x-icon	178.128.255.27 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://entry5295-js2024r1.usercontent.dev/assets/img/favicon.ico?v=jw3mK7G9Ry Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.128.255.27 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.10.3 / Resource Hash `7e2388ec283fe17472ef02829a93da550af8f3ad4a975f50a0110bff61afe523` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://entry5295-js2024r1.usercontent.dev/ Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 05 May 2024 14:02:31 GMT Last-Modified Mon, 22 Jan 2024 15:43:48 GMT Server nginx/1.10.3 ETag "65ae8d34-3aee" Content-Type image/x-icon Connection keep-alive Accept-Ranges bytes Content-Length 15086
GET H/1.1	200 OK	lang-Y7xuc7Gu.js Show response entry5295-js2024r1.usercontent.dev/	111 KB 32 KB	74ms 43ms	Script application/javascript	178.128.255.27 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://entry5295-js2024r1.usercontent.dev/lang-Y7xuc7Gu.js Requested by Host: entry5295-js2024r1.usercontent.dev URL: https://entry5295-js2024r1.usercontent.dev/index-KXeBxeEJ.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.128.255.27 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.10.3 / Resource Hash `bba286e680cef5a231e3384d558480128910f11ee86fe361d12317eaf96c42c8` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://entry5295-js2024r1.usercontent.dev/index-KXeBxeEJ.js Origin https://entry5295-js2024r1.usercontent.dev Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 05 May 2024 14:02:31 GMT Content-Encoding gzip Last-Modified Mon, 22 Jan 2024 15:43:48 GMT Server nginx/1.10.3 ETag W/"65ae8d34-1bafc" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=UTF-8 Connection keep-alive
GET H/1.1	200 OK	langSign-lcKrqmwM.js Show response entry5295-js2024r1.usercontent.dev/	2 KB 1 KB	60ms 28ms	Script application/javascript	178.128.255.27 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://entry5295-js2024r1.usercontent.dev/langSign-lcKrqmwM.js Requested by Host: entry5295-js2024r1.usercontent.dev URL: https://entry5295-js2024r1.usercontent.dev/index-KXeBxeEJ.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.128.255.27 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.10.3 / Resource Hash `900f22723c45f67600638812021437a089daa7c2f0a559ebb85a0726183cee79` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://entry5295-js2024r1.usercontent.dev/index-KXeBxeEJ.js Origin https://entry5295-js2024r1.usercontent.dev Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 05 May 2024 14:02:31 GMT Content-Encoding gzip Last-Modified Mon, 22 Jan 2024 15:43:48 GMT Server nginx/1.10.3 ETag W/"65ae8d34-66e" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=UTF-8 Connection keep-alive
GET H/1.1	200 OK	countries-lRU-UavE.js Show response entry5295-js2024r1.usercontent.dev/	24 KB 4 KB	61ms 29ms	Script application/javascript	178.128.255.27 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://entry5295-js2024r1.usercontent.dev/countries-lRU-UavE.js Requested by Host: entry5295-js2024r1.usercontent.dev URL: https://entry5295-js2024r1.usercontent.dev/index-KXeBxeEJ.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.128.255.27 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.10.3 / Resource Hash `8528a55ba5d25bb2b6463f369b7a2046c08ced5f20256978a06119c0d50d08a2` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://entry5295-js2024r1.usercontent.dev/index-KXeBxeEJ.js Origin https://entry5295-js2024r1.usercontent.dev Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 05 May 2024 14:02:31 GMT Content-Encoding gzip Last-Modified Mon, 22 Jan 2024 15:43:48 GMT Server nginx/1.10.3 ETag W/"65ae8d34-5e21" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=UTF-8 Connection keep-alive
GET		17cda777-e991-4666-a13f-9019c71a3537 https://entry5295-js2024r1.usercontent.dev/	0 0

GET		b136d4f1-7ff8-47fa-990d-87d149863424 https://entry5295-js2024r1.usercontent.dev/	0 0

GET		b57c23c3-cb21-40b3-8331-0d717a056337 https://entry5295-js2024r1.usercontent.dev/	0 0

GET H/1.1	200 OK	pageSignQR-A6AhjMQZ.js Show response entry5295-js2024r1.usercontent.dev/	6 KB 0	19ms 19ms	Script application/javascript
General Check archive.org Show headers Download Go to Full URL https://entry5295-js2024r1.usercontent.dev/pageSignQR-A6AhjMQZ.js Requested by Host: entry5295-js2024r1.usercontent.dev URL: https://entry5295-js2024r1.usercontent.dev/index-KXeBxeEJ.js Protocol HTTP/1.1 Server -, , ASN (), Reverse DNS Software nginx/1.10.3 / Resource Hash `4f7bc9a150909b617ed34965492a331079e560da1c618a520b11cb0fbd353544` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer Origin https://entry5295-js2024r1.usercontent.dev Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 05 May 2024 14:02:31 GMT Content-Encoding gzip Last-Modified Mon, 22 Jan 2024 15:43:48 GMT Server nginx/1.10.3 ETag W/"65ae8d34-1629" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=UTF-8 Connection keep-alive
GET H/1.1	200 OK	page-e_P-RxG-.js Show response entry5295-js2024r1.usercontent.dev/	10 KB 0	21ms 21ms	Script application/javascript
General Check archive.org Show headers Download Go to Full URL https://entry5295-js2024r1.usercontent.dev/page-e_P-RxG-.js Requested by Host: entry5295-js2024r1.usercontent.dev URL: https://entry5295-js2024r1.usercontent.dev/index-KXeBxeEJ.js Protocol HTTP/1.1 Server -, , ASN (), Reverse DNS Software nginx/1.10.3 / Resource Hash `4233312b63e00cc7b1fa320af471084837b6b5c75102b18171024cd5958f51d5` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer Origin https://entry5295-js2024r1.usercontent.dev Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 05 May 2024 14:02:31 GMT Content-Encoding gzip Last-Modified Mon, 22 Jan 2024 15:43:48 GMT Server nginx/1.10.3 ETag W/"65ae8d34-27f7" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=UTF-8 Connection keep-alive
GET H/1.1	200 OK	button-R8ZPNQkB.js Show response entry5295-js2024r1.usercontent.dev/	8 KB 0	20ms 20ms	Script application/javascript
General Check archive.org Show headers Download Go to Full URL https://entry5295-js2024r1.usercontent.dev/button-R8ZPNQkB.js Requested by Host: entry5295-js2024r1.usercontent.dev URL: https://entry5295-js2024r1.usercontent.dev/index-KXeBxeEJ.js Protocol HTTP/1.1 Server -, , ASN (), Reverse DNS Software nginx/1.10.3 / Resource Hash `ced47d9729384375dc6ed01df29835f5d035cd8bc04bdcc55f68fc96ecc2d486` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer Origin https://entry5295-js2024r1.usercontent.dev Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 05 May 2024 14:02:31 GMT Content-Encoding gzip Last-Modified Mon, 22 Jan 2024 15:43:48 GMT Server nginx/1.10.3 ETag W/"65ae8d34-21a3" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=UTF-8 Connection keep-alive
GET H/1.1	200 OK	putPreloader-zHqRWaC6.js Show response entry5295-js2024r1.usercontent.dev/	699 B 0	19ms 19ms	Script application/javascript
General Check archive.org Show headers Download Go to Full URL https://entry5295-js2024r1.usercontent.dev/putPreloader-zHqRWaC6.js Requested by Host: entry5295-js2024r1.usercontent.dev URL: https://entry5295-js2024r1.usercontent.dev/index-KXeBxeEJ.js Protocol HTTP/1.1 Server -, , ASN (), Reverse DNS Software nginx/1.10.3 / Resource Hash `e03871843ec5e8885826a9796dd79a051b43e992c99cddba9fcd84ab0e2a3add` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer Origin https://entry5295-js2024r1.usercontent.dev Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 05 May 2024 14:02:31 GMT Content-Encoding gzip Last-Modified Mon, 22 Jan 2024 15:43:48 GMT Server nginx/1.10.3 ETag W/"65ae8d34-2bb" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=UTF-8 Connection keep-alive
GET H/1.1	200 OK	textToSvgURL-Z4O-nL1S.js Show response entry5295-js2024r1.usercontent.dev/	357 B 0	17ms 17ms	Script application/javascript
General Check archive.org Show headers Download Go to Full URL https://entry5295-js2024r1.usercontent.dev/textToSvgURL-Z4O-nL1S.js Requested by Host: entry5295-js2024r1.usercontent.dev URL: https://entry5295-js2024r1.usercontent.dev/index-KXeBxeEJ.js Protocol HTTP/1.1 Server -, , ASN (), Reverse DNS Software nginx/1.10.3 / Resource Hash `36cb02e59322028c02c5365bd56cbd129b3eb2fb4aaec625160ca2dc9786a4bd` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer Origin https://entry5295-js2024r1.usercontent.dev Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 05 May 2024 14:02:31 GMT Content-Encoding gzip Last-Modified Mon, 22 Jan 2024 15:43:48 GMT Server nginx/1.10.3 ETag W/"65ae8d34-165" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=UTF-8 Connection keep-alive
GET H/1.1	200 OK	qr-code-styling-ogpV7fl-.js Show response entry5295-js2024r1.usercontent.dev/	65 KB 0	35ms 35ms	Script application/javascript
General Check archive.org Show headers Download Go to Full URL https://entry5295-js2024r1.usercontent.dev/qr-code-styling-ogpV7fl-.js Requested by Host: entry5295-js2024r1.usercontent.dev URL: https://entry5295-js2024r1.usercontent.dev/index-KXeBxeEJ.js Protocol HTTP/1.1 Server -, , ASN (), Reverse DNS Software nginx/1.10.3 / Resource Hash `6c4900d40f3335423817340edddd7655d96e707156923fcf3cbf5a6520008d6e` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer Origin https://entry5295-js2024r1.usercontent.dev Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 05 May 2024 14:02:31 GMT Content-Encoding gzip Last-Modified Mon, 22 Jan 2024 15:43:48 GMT Server nginx/1.10.3 ETag W/"65ae8d34-10254" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=UTF-8 Connection keep-alive
GET H/1.1	200 OK	_commonjsHelpers-5-cIlDoe.js Show response entry5295-js2024r1.usercontent.dev/	290 B 0	16ms 16ms	Script application/javascript
General Check archive.org Show headers Download Go to Full URL https://entry5295-js2024r1.usercontent.dev/_commonjsHelpers-5-cIlDoe.js Requested by Host: entry5295-js2024r1.usercontent.dev URL: https://entry5295-js2024r1.usercontent.dev/index-KXeBxeEJ.js Protocol HTTP/1.1 Server -, , ASN (), Reverse DNS Software nginx/1.10.3 / Resource Hash `a8df41d98a0fa3d1cb8c8661377ac1a572beb9cd0b68e968f92d69f7c8331483` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer Origin https://entry5295-js2024r1.usercontent.dev Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 05 May 2024 14:02:31 GMT Content-Encoding gzip Last-Modified Mon, 22 Jan 2024 15:43:48 GMT Server nginx/1.10.3 ETag W/"65ae8d34-122" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript; charset=UTF-8 Connection keep-alive
GET H/1.1	200 OK	logo_padded.svg Show response entry5295-js2024r1.usercontent.dev/assets/img/	1 KB 0	17ms 17ms	Fetch image/svg+xml
General Check archive.org Show headers Download Go to Full URL https://entry5295-js2024r1.usercontent.dev/assets/img/logo_padded.svg Requested by Host: entry5295-js2024r1.usercontent.dev URL: https://entry5295-js2024r1.usercontent.dev/pageSignQR-A6AhjMQZ.js Protocol HTTP/1.1 Server -, , ASN (), Reverse DNS Software nginx/1.10.3 / Resource Hash `eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://entry5295-js2024r1.usercontent.dev/ Accept-Language nl-NL,nl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Sun, 05 May 2024 14:02:33 GMT Last-Modified Mon, 22 Jan 2024 15:43:48 GMT Server nginx/1.10.3 ETag "65ae8d34-42d" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 1069
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4` Request headers Accept-Language nl-NL,nl;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: entry5295-js2024r1.usercontent.dev
URL: https://entry5295-js2024r1.usercontent.dev/mtproto.worker-5p1hQip1.js

Domain: entry5295-js2024r1.usercontent.dev
URL: https://entry5295-js2024r1.usercontent.dev/crypto.worker-9wi-02Dm.js

Domain: entry5295-js2024r1.usercontent.dev
URL: blob:https://entry5295-js2024r1.usercontent.dev/17cda777-e991-4666-a13f-9019c71a3537

Domain: entry5295-js2024r1.usercontent.dev
URL: blob:https://entry5295-js2024r1.usercontent.dev/b136d4f1-7ff8-47fa-990d-87d149863424

Domain: entry5295-js2024r1.usercontent.dev
URL: blob:https://entry5295-js2024r1.usercontent.dev/b57c23c3-cb21-40b3-8331-0d717a056337

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

entry5295-js2024r1.usercontent.dev
entry5295-js2024r1.usercontent.dev
178.128.255.27
36cb02e59322028c02c5365bd56cbd129b3eb2fb4aaec625160ca2dc9786a4bd
4233312b63e00cc7b1fa320af471084837b6b5c75102b18171024cd5958f51d5
4f7bc9a150909b617ed34965492a331079e560da1c618a520b11cb0fbd353544
523ebd09002b953782d221cadd62f599e3db968482551e74d24cdf1f9b226220
6c4900d40f3335423817340edddd7655d96e707156923fcf3cbf5a6520008d6e
6f2cf0c99091af44641cb27eee6a0f32a56aa85f446f60a9482864f2ade413d4
7e2388ec283fe17472ef02829a93da550af8f3ad4a975f50a0110bff61afe523
8528a55ba5d25bb2b6463f369b7a2046c08ced5f20256978a06119c0d50d08a2
900f22723c45f67600638812021437a089daa7c2f0a559ebb85a0726183cee79
a8df41d98a0fa3d1cb8c8661377ac1a572beb9cd0b68e968f92d69f7c8331483
bba286e680cef5a231e3384d558480128910f11ee86fe361d12317eaf96c42c8
bfd698d843fcecc6373e7ce24bcff067fd422a8e4f1e9a53f4ead00a2987f910
ced47d9729384375dc6ed01df29835f5d035cd8bc04bdcc55f68fc96ecc2d486
d562b158e1c0e57524764c94985437d8155075c44b172fb83a5997625f865fe9
e03871843ec5e8885826a9796dd79a051b43e992c99cddba9fcd84ab0e2a3add
ebc5b09fbc7df9f7c09009dccf79419fa2c2e5e64b3dca84c5a5e3ea6d717439
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4

entry5295-js2024r1.usercontent.dev Open in urlscan Pro 178.128.255.27 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

21 Requests

38 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

177 kBTransfer

885 kBSize

0 Cookies

0 Outgoing links

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

29 JavaScript Global Variables

0 Cookies

Indicators

entry5295-js2024r1.usercontent.dev Open in urlscan Pro
178.128.255.27 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

38 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

177 kB
Transfer

885 kB
Size

0
Cookies

21 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!