lnc01lv2i5pbw7.ydns.eu
Open in
urlscan Pro
185.53.211.61
Malicious Activity!
Public Scan
Effective URL: http://lnc01lv2i5pbw7.ydns.eu/confirms.php
Submission: On October 20 via api from NL — Scanned from IT
Summary
This is the only time lnc01lv2i5pbw7.ydns.eu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 185.53.211.61 185.53.211.61 | 210329 (CLOUDWEBM...) (CLOUDWEBMANAGE-UK-1) | |
2 | 104.16.89.20 104.16.89.20 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.181.234 142.250.181.234 | 15169 (GOOGLE) (GOOGLE) | |
8 | 3 |
ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f10.1e100.net
ajax.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
ydns.eu
lnc01lv2i5pbw7.ydns.eu |
146 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 373 |
53 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 405 |
31 KB |
8 | 3 |
Domain | Requested by | |
---|---|---|
5 | lnc01lv2i5pbw7.ydns.eu |
lnc01lv2i5pbw7.ydns.eu
|
2 | cdn.jsdelivr.net |
lnc01lv2i5pbw7.ydns.eu
|
1 | ajax.googleapis.com |
lnc01lv2i5pbw7.ydns.eu
|
8 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-02 - 2024-05-01 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-09-28 - 2023-12-21 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://lnc01lv2i5pbw7.ydns.eu/confirms.php
Frame ID: 0797DAC0A53738E4DB6E164428729103
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
Help SupportDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
confirms.php
lnc01lv2i5pbw7.ydns.eu/ |
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/css/ |
189 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3.css
lnc01lv2i5pbw7.ydns.eu/css/ |
45 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.css
lnc01lv2i5pbw7.ydns.eu/css/ |
447 KB 134 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
intro.png
lnc01lv2i5pbw7.ydns.eu/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/js/ |
78 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
popup.js
lnc01lv2i5pbw7.ydns.eu/ |
748 B 738 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| mousedwn number| uidEvent object| bootstrap function| $ function| jQuery function| open_facebook function| tutup_facebook function| showFbPassword function| hideFbPassword0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdn.jsdelivr.net
lnc01lv2i5pbw7.ydns.eu
104.16.89.20
142.250.181.234
185.53.211.61
2515e37eee31f5ef3d659b21dcc84dc6ea732b06872da51078b5b526de34c0c1
3a56c06795eed899bb11ab46a1cd7b554584d9969748b4a65240a28b4df48694
9fc2fe17fa35dc50cbac42366d82e564d0a6e29a6b18f966ba78641b92850514
ab08f01463f22ccd57115a20935d45707329320027653c07aab86d1c733b04e9
abac6a81aef8e7bdcda65f686218fa36945f7724e7ae8ceebfdce661b79b9390
b5cf737e2071d23e4c4f110c42591443a7c4ed1c5f8d5fe536d6c1ab6d873d2d
fb1763b59f9f5764294b5af9fa5250835ae608282fe6f2f2213a5952aacf1fbf
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e