duirofaktura-w9i3k.work.gd Open in urlscan Pro
38.143.181.24  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response duirofaktura-w9i3k.work.gd/	32 KB 33 KB	366ms 73ms	Document text/html	38.143.181.24 UTL-42-36113
General Check archive.org Show headers Download Go to Full URL https://duirofaktura-w9i3k.work.gd/ Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 38.143.181.24 South Bend, United States, ASN36113 (UTL-42-36113, US), Reverse DNS Software Apache / Resource Hash a9850860af8082e67abc3c60e129207ecf63e2c724660a050b2cc682fead2816 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Length 33152 Content-Type text/html Date Sat, 08 Jul 2023 03:23:06 GMT Keep-Alive timeout=15, max=100 Server Apache
GET DATA	200 OK	truncated /	16 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 2d1c6efc7ba8d7b7a3bd04a9e11a7761c112e4bbc23f74937749067acea91d70 Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	26-269507_arbys-logo-transparent-norton-secured-logo-png-png.png duirofaktura-w9i3k.work.gd/m/	55 KB 55 KB	74ms 73ms	Image image/png	38.143.181.24 UTL-42-36113
General Check archive.org Show headers Download Go to Show image Full URL https://duirofaktura-w9i3k.work.gd/m/26-269507_arbys-logo-transparent-norton-secured-logo-png-png.png Requested by Host: duirofaktura-w9i3k.work.gd URL: https://duirofaktura-w9i3k.work.gd/ Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 38.143.181.24 South Bend, United States, ASN36113 (UTL-42-36113, US), Reverse DNS Software Apache / Resource Hash 42171d76548498998da88f032aba50a028b9481fd7004a9a3b5d3b8d98fe48a2 Request headers accept-language en-US,en;q=0.9 Referer https://duirofaktura-w9i3k.work.gd/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Sat, 08 Jul 2023 03:23:06 GMT Last-Modified Sat, 08 Jul 2023 02:57:01 GMT Server Apache ETag "2ae0060-db2d-5fff0e74fe4c0" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=99 Content-Length 56109
GET H/1.1	200 OK	jquery-3.5.0.js Show response duirofaktura-w9i3k.work.gd/m/	292 KB 292 KB	217ms 73ms	Script text/javascript	38.143.181.24 UTL-42-36113
General Check archive.org Show headers Download Go to Full URL https://duirofaktura-w9i3k.work.gd/m/jquery-3.5.0.js Requested by Host: duirofaktura-w9i3k.work.gd URL: https://duirofaktura-w9i3k.work.gd/ Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 38.143.181.24 South Bend, United States, ASN36113 (UTL-42-36113, US), Reverse DNS Software Apache / Resource Hash 8524cbd727eb03c2db88d1f86e15efd38738f3deb2ed691a531e05a3f808a0d3 Request headers accept-language en-US,en;q=0.9 Referer https://duirofaktura-w9i3k.work.gd/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Sat, 08 Jul 2023 03:23:06 GMT Last-Modified Sat, 08 Jul 2023 02:57:01 GMT Server Apache ETag "2ae0061-48e19-5fff0e74fe8a8" Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=100 Content-Length 298521
GET H/1.1	200 OK	jquery-3.6.0.min.js Show response duirofaktura-w9i3k.work.gd/m/	87 KB 88 KB	291ms 73ms	Script text/javascript	38.143.181.24 UTL-42-36113
General Check archive.org Show headers Download Go to Full URL https://duirofaktura-w9i3k.work.gd/m/jquery-3.6.0.min.js Requested by Host: duirofaktura-w9i3k.work.gd URL: https://duirofaktura-w9i3k.work.gd/ Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 38.143.181.24 South Bend, United States, ASN36113 (UTL-42-36113, US), Reverse DNS Software Apache / Resource Hash f394dc11fbf652d6e256d1ca42e32a621c9f8dc87093e99538a989f8a310050b Request headers accept-language en-US,en;q=0.9 Referer https://duirofaktura-w9i3k.work.gd/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Sat, 08 Jul 2023 03:23:06 GMT Last-Modified Sat, 08 Jul 2023 02:57:01 GMT Server Apache ETag "2ae0062-15de5-5fff0e74fec90" Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=98 Content-Length 89573
GET DATA	200 OK	truncated /	558 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 578254b8c8e53db6ffe80754d29a9db454d8818885ac826b11e9b95389618b5b Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	520 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 2172033cc841f94e32ca4412cd380e43d873a9e74e54aee03f0d26ed72d20be5 Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/png

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery object| url string| hash string| hasherror string| email string| error number| count undefined| my_email undefined| ind undefined| my_slice undefined| mainPage undefined| sv undefined| image undefined| msg object| alertt function| showEl function| hideEl

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

duirofaktura-w9i3k.work.gd
38.143.181.24
2172033cc841f94e32ca4412cd380e43d873a9e74e54aee03f0d26ed72d20be5
2d1c6efc7ba8d7b7a3bd04a9e11a7761c112e4bbc23f74937749067acea91d70
42171d76548498998da88f032aba50a028b9481fd7004a9a3b5d3b8d98fe48a2
578254b8c8e53db6ffe80754d29a9db454d8818885ac826b11e9b95389618b5b
8524cbd727eb03c2db88d1f86e15efd38738f3deb2ed691a531e05a3f808a0d3
a9850860af8082e67abc3c60e129207ecf63e2c724660a050b2cc682fead2816
f394dc11fbf652d6e256d1ca42e32a621c9f8dc87093e99538a989f8a310050b