proteusdisarming.club
Open in
urlscan Pro
2606:4700:3036::ac43:b30e
Malicious Activity!
Public Scan
Effective URL: https://proteusdisarming.club/?encoded_value=S1B8Q1&sub1=1399583230&sub2=Rose__d3721672d396417cd6942&sub3=690469&sub4=&sub5=13...
Submission: On December 19 via manual from GB — Scanned from GB
Summary
TLS certificate: Issued by E1 on November 30th 2023. Valid for: 3 months.
This is the only time proteusdisarming.club was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 69.64.51.146 69.64.51.146 | 30083 (AS-30083-...) (AS-30083-GO-DADDY-COM-LLC) | |
1 | 85.209.159.205 85.209.159.205 | 18978 (ENZUINC-) (ENZUINC-) | |
1 1 | 108.174.60.139 108.174.60.139 | 36352 (AS-COLOCR...) (AS-COLOCROSSING) | |
1 22 | 2606:4700:303... 2606:4700:3036::ac43:b30e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:e2:... 2606:4700:e2::ac40:8d0d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2606:4700:303... 2606:4700:3037::6815:4392 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 20.50.64.3 20.50.64.3 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
28 | 5 |
ASN30083 (AS-30083-GO-DADDY-COM-LLC, US)
PTR: largestimur.com
largestimur.com |
ASN18978 (ENZUINC-, US)
PTR: 205.159-209-85.rdns.scalabledns.com
maelstromwarm.com |
ASN36352 (AS-COLOCROSSING, US)
PTR: 108-174-60-139-host.colocrossing.com
www.worldofclicks.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
proteusdisarming.club
1 redirects
proteusdisarming.club |
2 MB |
3 |
virtualpushplatform.com
virtualpushplatform.com — Cisco Umbrella Rank: 337702 |
5 KB |
2 |
pushvisit.xyz
pushvisit.xyz — Cisco Umbrella Rank: 344593 |
2 KB |
1 |
fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 971 |
426 KB |
1 |
worldofclicks.net
1 redirects
www.worldofclicks.net |
691 B |
1 |
maelstromwarm.com
maelstromwarm.com |
483 B |
1 |
largestimur.com
1 redirects
largestimur.com |
479 B |
28 | 7 |
Domain | Requested by | |
---|---|---|
22 | proteusdisarming.club |
1 redirects
maelstromwarm.com
proteusdisarming.club |
3 | virtualpushplatform.com |
proteusdisarming.club
virtualpushplatform.com |
2 | pushvisit.xyz |
virtualpushplatform.com
|
1 | use.fontawesome.com |
proteusdisarming.club
|
1 | www.worldofclicks.net | 1 redirects |
1 | maelstromwarm.com | |
1 | largestimur.com | 1 redirects |
28 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
maelstromwarm.com Sectigo RSA Domain Validation Secure Server CA |
2023-10-31 - 2024-10-31 |
a year | crt.sh |
proteusdisarming.club E1 |
2023-11-30 - 2024-02-28 |
3 months | crt.sh |
use.fontawesome.com Cloudflare Inc ECC CA-3 |
2023-10-12 - 2024-10-10 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-02-14 - 2024-02-13 |
a year | crt.sh |
pushvisit.xyz Sectigo RSA Domain Validation Secure Server CA |
2023-08-02 - 2024-08-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://proteusdisarming.club/?encoded_value=S1B8Q1&sub1=1399583230&sub2=Rose__d3721672d396417cd6942&sub3=690469&sub4=&sub5=13421&source_id=
Frame ID: B760EBB80395B17C37DD1C76C133D67B
Requests: 26 HTTP requests in this frame
Screenshot
Page Title
Boots - Survey RewardsPage URL History Show full URLs
-
http://largestimur.com/redirect.html/?a=b2Q9MXN5YjY1ODE2ZTY0ZDQ1ZTBfdmxfaW50ZXJzaGFyZWR2bF8xZDQz&c=...
HTTP 302
https://maelstromwarm.com/1764ddfaaf59e5f8000/Rose__d3721672d396417cd6942/yb1d4%7CnT90oJScoN==%7Cgri9e... Page URL
-
https://www.worldofclicks.net/2GXK7W1/SQLMGFG/?sub1=1399583230&sub2=Rose__d3721672d396417cd6942&sub3=690469
HTTP 302
https://proteusdisarming.club/uwuafrTzQZ/?encoded_value=S1B8Q1&sub1=1399583230&sub2=Rose__d3721672d396417c... HTTP 302
https://proteusdisarming.club/?encoded_value=S1B8Q1&sub1=1399583230&sub2=Rose__d3721672d396417cd6942&sub3=... Page URL
Detected technologies
animate.css (Web Frameworks) ExpandDetected patterns
- <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://largestimur.com/redirect.html/?a=b2Q9MXN5YjY1ODE2ZTY0ZDQ1ZTBfdmxfaW50ZXJzaGFyZWR2bF8xZDQz&c=NzI3M3g2&g=TzAwMDByZ3JpOWUyMDVmMGlhX3d5MTc2OA%3D%3D&j=Z3JpOWU%3D&f=Z3JpOWU%3D&k=Z3JpOWU%3D&n=Z3JpOWU%3D&d=X3d5&i=Z3JpOWU%3D&u=&y=X3d5&p=Z3JpOWU%3D&e=X3d5&h=X3d5&o=Z3JpOWU%3DMTZkNm5qLTMxcGtibXU=4r5djf
HTTP 302
https://maelstromwarm.com/1764ddfaaf59e5f8000/Rose__d3721672d396417cd6942/yb1d4%7CnT90oJScoN==%7Cgri9e%7C16d6nj%7C31pkbmu%7C93507%7C0000rgri9e%7CO%7CER1DK1IG%7CPC%7C314ll2b/p3yvAwH4ZGMyAwExAQIyZS92oS9coaEypaAbLKWyMUMfKmSxAQZ= Page URL
-
https://www.worldofclicks.net/2GXK7W1/SQLMGFG/?sub1=1399583230&sub2=Rose__d3721672d396417cd6942&sub3=690469
HTTP 302
https://proteusdisarming.club/uwuafrTzQZ/?encoded_value=S1B8Q1&sub1=1399583230&sub2=Rose__d3721672d396417cd6942&sub3=690469&sub4=&sub5=13421&source_id= HTTP 302
https://proteusdisarming.club/?encoded_value=S1B8Q1&sub1=1399583230&sub2=Rose__d3721672d396417cd6942&sub3=690469&sub4=&sub5=13421&source_id= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://largestimur.com/redirect.html/?a=b2Q9MXN5YjY1ODE2ZTY0ZDQ1ZTBfdmxfaW50ZXJzaGFyZWR2bF8xZDQz&c=NzI3M3g2&g=TzAwMDByZ3JpOWUyMDVmMGlhX3d5MTc2OA%3D%3D&j=Z3JpOWU%3D&f=Z3JpOWU%3D&k=Z3JpOWU%3D&n=Z3JpOWU%3D&d=X3d5&i=Z3JpOWU%3D&u=&y=X3d5&p=Z3JpOWU%3D&e=X3d5&h=X3d5&o=Z3JpOWU%3DMTZkNm5qLTMxcGtibXU=4r5djf HTTP 302
- https://maelstromwarm.com/1764ddfaaf59e5f8000/Rose__d3721672d396417cd6942/yb1d4%7CnT90oJScoN==%7Cgri9e%7C16d6nj%7C31pkbmu%7C93507%7C0000rgri9e%7CO%7CER1DK1IG%7CPC%7C314ll2b/p3yvAwH4ZGMyAwExAQIyZS92oS9coaEypaAbLKWyMUMfKmSxAQZ=
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
p3yvAwH4ZGMyAwExAQIyZS92oS9coaEypaAbLKWyMUMfKmSxAQZ=
maelstromwarm.com/1764ddfaaf59e5f8000/Rose__d3721672d396417cd6942/yb1d4%7CnT90oJScoN==%7Cgri9e%7C16d6nj%7C31pkbmu%7C93507%7C0000rgri9e%7CO%7CER1DK1IG%7CPC%7C314ll2b/ Redirect Chain
|
170 B 483 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
proteusdisarming.club/ Redirect Chain
|
28 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
proteusdisarming.club/css/ |
15 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
animate.min.css
proteusdisarming.club/css/ |
70 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.js
use.fontawesome.com/releases/v5.15.4/js/ |
1 MB 426 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
datehead.js
proteusdisarming.club/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ace-push.js
virtualpushplatform.com/ |
13 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
proteusdisarming.club/images/ |
45 KB 45 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flaglogo.png
proteusdisarming.club/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
product.png
proteusdisarming.club/images/ |
795 KB 796 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
loadingBL.gif
proteusdisarming.club/images/ |
122 KB 122 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
prize1.png
proteusdisarming.club/images/ |
795 KB 796 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1.jpg
proteusdisarming.club/images/ |
44 KB 45 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2.jpg
proteusdisarming.club/images/ |
37 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
comm_pic_1.jpg
proteusdisarming.club/images/ |
62 KB 62 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3.jpg
proteusdisarming.club/images/ |
43 KB 43 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4.jpg
proteusdisarming.club/images/ |
29 KB 29 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
comm_pic_2.jpg
proteusdisarming.club/images/ |
53 KB 54 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
5.jpg
proteusdisarming.club/images/ |
60 KB 60 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f_guarantee.png
proteusdisarming.club/images/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f_secure_1.png
proteusdisarming.club/images/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo2.png
proteusdisarming.club/images/ |
45 KB 45 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
script.js
proteusdisarming.club/js/ |
10 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bg.png
proteusdisarming.club/images/ |
231 KB 231 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
visit
pushvisit.xyz/api/v1/ |
2 KB 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
visit
pushvisit.xyz/api/v1/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
log-client-error
virtualpushplatform.com/api/v1/visit/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H3 |
log-client-error
virtualpushplatform.com/api/v1/visit/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| datehax function| datenhax function| datenhay function| startTimer function| initializeAcePush function| setBaseUrl function| getLocation function| registerServiceWorker object| answers number| lastQnum function| toNext object| states object| dones object| loadImg object| loadBgCol function| drawloader number| qn number| dsq number| incq object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
maelstromwarm.com/ | Name: uid36752 Value: 1399583230-20231219075644-d1ac8b5ed6fd05c0373db415adb38cbc- |
|
proteusdisarming.club/ | Name: SESSIONIDS Value: uwuafrTzQZ |
|
.virtualpushplatform.com/ | Name: TiPMix Value: 55.686141574655736 |
|
.virtualpushplatform.com/ | Name: x-ms-routing-name Value: self |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
largestimur.com
maelstromwarm.com
proteusdisarming.club
pushvisit.xyz
use.fontawesome.com
virtualpushplatform.com
www.worldofclicks.net
108.174.60.139
20.50.64.3
2606:4700:3036::ac43:b30e
2606:4700:3037::6815:4392
2606:4700:e2::ac40:8d0d
69.64.51.146
85.209.159.205
05f7d98ea0b39a2b9772b5c908743c1d732e936d372861b0649569c43686e1ad
0609a9584f46530b80db0a4bd2343db25d1859c324a7ef6d2c1a3c66d83da88f
1f842b5624773063a98d131c4f5e0fd46a3e6f69f32bfb46609b3ec406952af9
2dbefe7d18317cc502deac6000e211893cf423ce66d10826d4263aad4220a806
2fcf2738caabd720bf8a82398b163a2359584075604222905504ef65d4cfce96
32536e29bc5ece35536fae17ba5d2e5d2459f8172b928649704cd80275edde18
37e5d12238df11751984a474ffc6e3120985605e4070d4db757995a36abdb7f7
37f08b72a8979b3faed73629ede662e40c80f4d22b6d9b807368d02387e82b2b
49daeee75a844be2792d54e31e60eb3a37d1b97f16f9d9fbca9cc676c7ec0cfd
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
697457b53b2f6710da403ddeb2233cf158e61b6b9c33ecffa86d4652ed834ae6
7ccf5dd9b69584bccef764559082900e90652f0e5a94814b2695cec821ca67f0
7efe3233a8511d2101e189628413af3f29eaa8ac39bb75dcff1c9ccaa18905c8
812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf
acd5297abee4b6b5ba2a06d2e654c9daa71ec632de8de03a8eec76ce7bfb603d
b246250c40dece993e9ef5bc48ea127b3819234ba7671e434cf8f053e7da1293
bf02017c2fc0a74424e42e71d734b47c92a6aa9c5420e1892e62530195e1c9b6
bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b
c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95
d171cfd562848b1525fc8992b3237da3caa2aafb42848173580a6c895e75ef50
d62dcdb3449970f612971eb8e27a20fc132fa439ebfafae9d1e969c70359ab32
e095b91cc9a20149cef660cd11b5ea0dfb7b13b511d2841913984bf78354740b
e3a1f070309af0cee26eee78fee249ba2dc978e3aa0ab6d78630a48758ae9308
e7f89c7d339edce74c6dfa72b691c41acdee80206e328b6508e07ba301e154b5