lnc01lv2i5pbw7.ydns.eu Open in urlscan Pro
185.53.211.61  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request confirms.php Show response lnc01lv2i5pbw7.ydns.eu/	6 KB 3 KB	101ms 70ms	Document text/html	185.53.211.61 CLOUDWEBMANAGE-UK-1
General Check archive.org Show headers Download Go to Full URL http://lnc01lv2i5pbw7.ydns.eu/confirms.php Protocol HTTP/1.1 Server 185.53.211.61 Poplar, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, US), Reverse DNS Software nginx-rc / Resource Hash ab08f01463f22ccd57115a20935d45707329320027653c07aab86d1c733b04e9 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 accept-language it-IT,it;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Fri, 20 Oct 2023 19:41:25 GMT Server nginx-rc Transfer-Encoding chunked Vary Accept-Encoding X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-XSS-Protection 1; mode=block
GET H2	200	bootstrap.min.css cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/css/	189 KB 29 KB	88ms 43ms	Stylesheet text/css	104.16.89.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/css/bootstrap.min.css Requested by Host: lnc01lv2i5pbw7.ydns.eu URL: http://lnc01lv2i5pbw7.ydns.eu/confirms.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.89.20 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fb1763b59f9f5764294b5af9fa5250835ae608282fe6f2f2213a5952aacf1fbf Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer http://lnc01lv2i5pbw7.ydns.eu/ Origin http://lnc01lv2i5pbw7.ydns.eu accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 20 Oct 2023 19:41:25 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 20776060 x-jsd-version 5.2.0-beta1 content-encoding br x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-served-by cache-fra-eddf8230038-FRA, cache-yyz4541-YYZ x-jsd-version-type version server cloudflare etag W/"2f3f9-YnOsGiPXmhIvAi9qh8W3XCz6/Do" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iJ6%2FvLMKVwDpHL63Wu4nQg%2Fyc7ZqhLRN4REwkRp%2F6QCOVbdE8T4WzqDvlZB31TykoPvv%2BwsP8hjvdvGAM1PRHFY78n1CIzEDQPsBRa6rMqi9jJgM%2Fmk2N1dVI4nr3bGJSuo%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable timing-allow-origin * cf-ray 8193bcf9aac80e4a-MXP
GET H/1.1	200 OK	3.css lnc01lv2i5pbw7.ydns.eu/css/	45 KB 5 KB	44ms 43ms	Stylesheet text/css	185.53.211.61 CLOUDWEBMANAGE-UK-1
General Check archive.org Show headers Download Go to Full URL http://lnc01lv2i5pbw7.ydns.eu/css/3.css Requested by Host: lnc01lv2i5pbw7.ydns.eu URL: http://lnc01lv2i5pbw7.ydns.eu/confirms.php Protocol HTTP/1.1 Server 185.53.211.61 Poplar, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, US), Reverse DNS Software nginx-rc / Resource Hash 3a56c06795eed899bb11ab46a1cd7b554584d9969748b4a65240a28b4df48694 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language it-IT,it;q=0.9 Referer http://lnc01lv2i5pbw7.ydns.eu/confirms.php User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Fri, 20 Oct 2023 19:41:25 GMT Content-Encoding gzip X-Content-Type-Options nosniff Last-Modified Thu, 19 Oct 2023 23:43:23 GMT Server nginx-rc ETag W/"6531bf1b-b2a0" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css X-Frame-Options SAMEORIGIN Cache-Control max-age=2592000 Connection keep-alive X-XSS-Protection 1; mode=block Expires Sun, 19 Nov 2023 19:41:25 GMT
GET H/1.1	200 OK	2.css lnc01lv2i5pbw7.ydns.eu/css/	447 KB 134 KB	87ms 71ms	Stylesheet text/css	185.53.211.61 CLOUDWEBMANAGE-UK-1
General Check archive.org Show headers Download Go to Full URL http://lnc01lv2i5pbw7.ydns.eu/css/2.css Requested by Host: lnc01lv2i5pbw7.ydns.eu URL: http://lnc01lv2i5pbw7.ydns.eu/confirms.php Protocol HTTP/1.1 Server 185.53.211.61 Poplar, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, US), Reverse DNS Software nginx-rc / Resource Hash b5cf737e2071d23e4c4f110c42591443a7c4ed1c5f8d5fe536d6c1ab6d873d2d Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language it-IT,it;q=0.9 Referer http://lnc01lv2i5pbw7.ydns.eu/confirms.php User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Fri, 20 Oct 2023 19:41:25 GMT Content-Encoding gzip X-Content-Type-Options nosniff Last-Modified Thu, 19 Oct 2023 23:43:23 GMT Server nginx-rc ETag W/"6531bf1b-6fa0a" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css X-Frame-Options SAMEORIGIN Cache-Control max-age=2592000 Connection keep-alive X-XSS-Protection 1; mode=block Expires Sun, 19 Nov 2023 19:41:25 GMT
GET H/1.1	200 OK	intro.png lnc01lv2i5pbw7.ydns.eu/img/	3 KB 3 KB	84ms 68ms	Image image/png	185.53.211.61 CLOUDWEBMANAGE-UK-1
General Check archive.org Show headers Download Go to Show image Full URL http://lnc01lv2i5pbw7.ydns.eu/img/intro.png Requested by Host: lnc01lv2i5pbw7.ydns.eu URL: http://lnc01lv2i5pbw7.ydns.eu/confirms.php Protocol HTTP/1.1 Server 185.53.211.61 Poplar, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, US), Reverse DNS Software nginx-rc / Resource Hash 9fc2fe17fa35dc50cbac42366d82e564d0a6e29a6b18f966ba78641b92850514 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language it-IT,it;q=0.9 Referer http://lnc01lv2i5pbw7.ydns.eu/confirms.php User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Fri, 20 Oct 2023 19:41:25 GMT X-Content-Type-Options nosniff Last-Modified Thu, 19 Oct 2023 23:43:26 GMT Server nginx-rc ETag "6531bf1e-bab" X-Frame-Options SAMEORIGIN Content-Type image/png Cache-Control max-age=2592000 Connection keep-alive Accept-Ranges bytes Content-Length 2987 X-XSS-Protection 1; mode=block Expires Sun, 19 Nov 2023 19:41:25 GMT
GET H2	200	bootstrap.bundle.min.js Show response cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/js/	78 KB 24 KB	75ms 31ms	Script application/javascript	104.16.89.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/js/bootstrap.bundle.min.js Requested by Host: lnc01lv2i5pbw7.ydns.eu URL: http://lnc01lv2i5pbw7.ydns.eu/confirms.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.89.20 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2515e37eee31f5ef3d659b21dcc84dc6ea732b06872da51078b5b526de34c0c1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language it-IT,it;q=0.9 Referer http://lnc01lv2i5pbw7.ydns.eu/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 20 Oct 2023 19:41:25 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 20776066 x-jsd-version 5.2.0-beta1 content-encoding br x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-served-by cache-fra-eddf8230137-FRA, cache-jnb7022-JNB x-jsd-version-type version server cloudflare etag W/"1377e-a0uYWpCr16scLjX/O4dNB8+EEO4" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M8EOjfjtLokI8GgAbw%2BA0Odnc49PELJSdVh6zaVeKCr9p%2BTYWkbiPLWxHMahvZMePfxY7Q%2FKvvh%2BzSM3F4jZfcKt8J%2FmCJfTGOYtcx3hEdhl%2Bh%2FcM8CbSpKvt83jFBkUDPs%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable timing-allow-origin * cf-ray 8193bcf9ac6a4c54-MXP
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.6.0/	87 KB 31 KB	86ms 27ms	Script text/javascript	142.250.181.234 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js Requested by Host: lnc01lv2i5pbw7.ydns.eu URL: http://lnc01lv2i5pbw7.ydns.eu/confirms.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.181.234 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f10.1e100.net Software sffe / Resource Hash ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language it-IT,it;q=0.9 Referer http://lnc01lv2i5pbw7.ydns.eu/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Thu, 19 Oct 2023 12:17:17 GMT content-encoding gzip x-content-type-options nosniff age 113048 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 31017 x-xss-protection 0 last-modified Wed, 10 Mar 2021 14:28:09 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Fri, 18 Oct 2024 12:17:17 GMT
GET H/1.1	200 OK	popup.js Show response lnc01lv2i5pbw7.ydns.eu/	748 B 738 B	42ms 42ms	Script application/javascript	185.53.211.61 CLOUDWEBMANAGE-UK-1
General Check archive.org Show headers Download Go to Full URL http://lnc01lv2i5pbw7.ydns.eu/popup.js Requested by Host: lnc01lv2i5pbw7.ydns.eu URL: http://lnc01lv2i5pbw7.ydns.eu/confirms.php Protocol HTTP/1.1 Server 185.53.211.61 Poplar, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, US), Reverse DNS Software nginx-rc / Resource Hash abac6a81aef8e7bdcda65f686218fa36945f7724e7ae8ceebfdce661b79b9390 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language it-IT,it;q=0.9 Referer http://lnc01lv2i5pbw7.ydns.eu/confirms.php User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Fri, 20 Oct 2023 19:41:25 GMT Content-Encoding gzip X-Content-Type-Options nosniff Last-Modified Thu, 19 Oct 2023 23:43:19 GMT Server nginx-rc ETag W/"6531bf17-2ec" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript X-Frame-Options SAMEORIGIN Cache-Control max-age=2592000 Connection keep-alive X-XSS-Protection 1; mode=block Expires Sun, 19 Nov 2023 19:41:25 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| mousedwn number| uidEvent object| bootstrap function| $ function| jQuery function| open_facebook function| tutup_facebook function| showFbPassword function| hideFbPassword

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.jsdelivr.net
lnc01lv2i5pbw7.ydns.eu
104.16.89.20
142.250.181.234
185.53.211.61
2515e37eee31f5ef3d659b21dcc84dc6ea732b06872da51078b5b526de34c0c1
3a56c06795eed899bb11ab46a1cd7b554584d9969748b4a65240a28b4df48694
9fc2fe17fa35dc50cbac42366d82e564d0a6e29a6b18f966ba78641b92850514
ab08f01463f22ccd57115a20935d45707329320027653c07aab86d1c733b04e9
abac6a81aef8e7bdcda65f686218fa36945f7724e7ae8ceebfdce661b79b9390
b5cf737e2071d23e4c4f110c42591443a7c4ed1c5f8d5fe536d6c1ab6d873d2d
fb1763b59f9f5764294b5af9fa5250835ae608282fe6f2f2213a5952aacf1fbf
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e