entry5297-js2024r1.usercontent.dev
Open in
urlscan Pro
178.128.255.27
Malicious Activity!
Public Scan
Submission: On October 09 via manual from US — Scanned from NL
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on September 19th 2023. Valid for: a year.
This is the only time entry5297-js2024r1.usercontent.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
15 | 178.128.255.27 178.128.255.27 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
21 | 2 |
ASN14061 (DIGITALOCEAN-ASN, US)
entry5297-js2024r1.usercontent.dev |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
usercontent.dev
entry5297-js2024r1.usercontent.dev |
229 KB |
21 | 1 |
Domain | Requested by | |
---|---|---|
15 | entry5297-js2024r1.usercontent.dev |
entry5297-js2024r1.usercontent.dev
|
21 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.usercontent.dev Go Daddy Secure Certificate Authority - G2 |
2023-09-19 - 2024-10-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://entry5297-js2024r1.usercontent.dev/
Frame ID: 3DB786BCABF5D792AFC077E792665502
Requests: 18 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
entry5297-js2024r1.usercontent.dev/ |
13 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index-1XCs23jU.js
entry5297-js2024r1.usercontent.dev/ |
122 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index-G2JAgzYZ.css
entry5297-js2024r1.usercontent.dev/ |
436 KB 75 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
369 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
crypto.worker-9wi-02Dm.js
entry5297-js2024r1.usercontent.dev/ |
67 KB 24 KB |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
mtproto.worker-sEyxOJ8j.js
entry5297-js2024r1.usercontent.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
entry5297-js2024r1.usercontent.dev/assets/img/ |
15 KB 15 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
crypto.worker-9wi-02Dm.js
entry5297-js2024r1.usercontent.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lang-NnSplsja.js
entry5297-js2024r1.usercontent.dev/ |
109 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
langSign-lcKrqmwM.js
entry5297-js2024r1.usercontent.dev/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
countries-lRU-UavE.js
entry5297-js2024r1.usercontent.dev/ |
24 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pageSignQR-oitYk0rL.js
entry5297-js2024r1.usercontent.dev/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
page-GAj3-m6E.js
entry5297-js2024r1.usercontent.dev/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
button-85HZPfu9.js
entry5297-js2024r1.usercontent.dev/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
putPreloader-cEMZBXwJ.js
entry5297-js2024r1.usercontent.dev/ |
699 B 783 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
textToSvgURL-Z4O-nL1S.js
entry5297-js2024r1.usercontent.dev/ |
357 B 590 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qr-code-styling-ogpV7fl-.js
entry5297-js2024r1.usercontent.dev/ |
65 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_commonjsHelpers-5-cIlDoe.js
entry5297-js2024r1.usercontent.dev/ |
290 B 537 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
2223b59c-1598-4da1-95cd-90530f434c7e
https://entry5297-js2024r1.usercontent.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
8b80145e-32b0-4fe0-a798-e83b10443dca
https://entry5297-js2024r1.usercontent.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
7ac424d8-b556-4438-abff-94b3414840dd
https://entry5297-js2024r1.usercontent.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_padded.svg
entry5297-js2024r1.usercontent.dev/assets/img/ |
1 KB 0 |
Fetch
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- entry5297-js2024r1.usercontent.dev
- URL
- https://entry5297-js2024r1.usercontent.dev/mtproto.worker-sEyxOJ8j.js
- Domain
- entry5297-js2024r1.usercontent.dev
- URL
- https://entry5297-js2024r1.usercontent.dev/crypto.worker-9wi-02Dm.js
- Domain
- entry5297-js2024r1.usercontent.dev
- URL
- blob:https://entry5297-js2024r1.usercontent.dev/2223b59c-1598-4da1-95cd-90530f434c7e
- Domain
- entry5297-js2024r1.usercontent.dev
- URL
- blob:https://entry5297-js2024r1.usercontent.dev/8b80145e-32b0-4fe0-a798-e83b10443dca
- Domain
- entry5297-js2024r1.usercontent.dev
- URL
- blob:https://entry5297-js2024r1.usercontent.dev/7ac424d8-b556-4438-abff-94b3414840dd
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| rootScope function| deferredPromise function| AppStorage object| stateStorage function| wrapUrl object| I18n object| webpWorkerController object| appStorage object| singleInstance object| webPushApiManager object| telegramMeWebManager object| opusDecodeController object| cryptoMessagePort object| mtprotoMessagePort object| serviceMessagePort object| apiManagerProxy function| calcImageInBox object| mediaSizes object| customProperties object| windowSize object| liteMode object| themeController object| overlayCounter function| formatDateAccordingToTodayNew function| fillTipDates function| dispatchHeavyAnimationEvent object| pagesManager object| sequentialDom function| putPreloader0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
entry5297-js2024r1.usercontent.dev
entry5297-js2024r1.usercontent.dev
178.128.255.27
0035223453ce1914d94e65e40ead5c8e45e05981ac58cb5dd268cef4fbbbe301
1af4d30d05ed7d60f0a41949e096a76d850cb4ad14c28549a4d3a3c3d78b5851
36cb02e59322028c02c5365bd56cbd129b3eb2fb4aaec625160ca2dc9786a4bd
5e5c4018ad3cb73c70d4dfbcbfaeef9de9dc2b219dc2fb5ae75c79eb6d48672c
6c4900d40f3335423817340edddd7655d96e707156923fcf3cbf5a6520008d6e
6f2cf0c99091af44641cb27eee6a0f32a56aa85f446f60a9482864f2ade413d4
70a30023648928ec2b9d71442a2c789efa7766403c49268519e69e0693ea44af
7e2388ec283fe17472ef02829a93da550af8f3ad4a975f50a0110bff61afe523
8528a55ba5d25bb2b6463f369b7a2046c08ced5f20256978a06119c0d50d08a2
900f22723c45f67600638812021437a089daa7c2f0a559ebb85a0726183cee79
9bdf4d34050fa578ae666db5d9e55b554679600ef092b1b500a161d381fe55a3
a5f1ca9968fd9b44b20c587938824eab72d0e8b514f0eb643415eb7cbf05a31d
a8df41d98a0fa3d1cb8c8661377ac1a572beb9cd0b68e968f92d69f7c8331483
b7157a964dfa01541a6e8901dc68214253c9f119dd8c17093ae9ba3da50cd93d
ebc5b09fbc7df9f7c09009dccf79419fa2c2e5e64b3dca84c5a5e3ea6d717439
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4
fc855af42357a68a1df1e45e9202a14a3fe9d4c4e3ff8fc8d60ceb475f210e48