urlscan.io logo urlscan.io
SecurityTrails logo

nk5.us Open in urlscan Pro
2606:4700:3034::6815:463d  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://nk5.us/KCEd3Pf
Submission: On October 31 via manual from FR — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 8 HTTP transactions. The main IP is 2606:4700:3034::6815:463d, located in United States and belongs to CLOUDFLARENET, US. The main domain is nk5.us.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 31st 2021. Valid for: a year.
This is the only time nk5.us was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 3 69.10.36.228 19318 (IS-AS-1)
1 3 67.202.114.214 32748 (STEADFAST)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a03:2880:f02... 32934 (FACEBOOK)
8 7
1    2606:4700:3034::6815:463d (United States)

ASN13335 (CLOUDFLARENET, US)
nk5.us
3    69.10.36.228 (Secaucus, United States)

ASN19318 (IS-AS-1, US)
j69o.icu
3    67.202.114.214 (Chicago, United States)

ASN32748 (STEADFAST, US)
PTR: amung.us
whos.amung.us
1    2606:4700:10::6816:4aab (United States)

ASN13335 (CLOUDFLARENET, US)
widgets.amung.us
1    2606:4700:20::ac43:46e9 (United States)

ASN13335 (CLOUDFLARENET, US)
get.geojs.io
1    2a03:2880:f02d:100:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
static.xx.fbcdn.net
Apex Domain
Subdomains		 Transfer
4 amung.us
whos.amung.us
widgets.amung.us
2 KB
3 j69o.icu
j69o.icu
43 KB
1 fbcdn.net
static.xx.fbcdn.net
2 KB
1 geojs.io
get.geojs.io
988 B
1 nk5.us
nk5.us
770 B
8 5
Domain Requested by
3 whos.amung.us 1 redirects nk5.us
3 j69o.icu 1 redirects nk5.us
1 static.xx.fbcdn.net
1 get.geojs.io nk5.us
1 widgets.amung.us nk5.us
1 nk5.us
8 6

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-31 -
2022-07-30		 a year crt.sh
j69o.icu
cPanel, Inc. Certification Authority		 2021-08-28 -
2021-11-26		 3 months crt.sh
whos.amung.us
Sectigo RSA Domain Validation Secure Server CA		 2020-05-21 -
2022-05-21		 2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-08-09 -
2021-11-07		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://nk5.us/KCEd3Pf
Frame ID: B9F9F2F636376EBBF98378F082DA543A
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Facebook-Video-37.120.204.196

Page Statistics

8
Requests

75 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

7
IPs

2
Countries

48 kB
Transfer

177 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://whos.amung.us/widget/acortadorbr HTTP 307
  • https://widgets.amung.us/classic/09/922.png
Request Chain 3
  • https://j69o.icu/hooka12/location HTTP 301
  • https://j69o.icu/hooka12/location/

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request KCEd3Pf
nk5.us/ 		367 B
770 B 		Document
General
Check archive.org
Download Go to
Full URL
https://nk5.us/KCEd3Pf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:463d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0e57ba9228e3491b4c1b9365e4ef809f625e19c294b7ce661ba3d96c24248d2

Request headers

Upgrade-Insecure-Requests
1
User-Agent
phone MessengerLiteForiOS
Accept-Language
fr-FR,fr;q=0.9

Response headers

date
Sun, 31 Oct 2021 00:16:02 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2xjJ6iCU6rd4C7fDmrTKiqsmyrSBChQAt0SvyfjT1eDLzsU2lS9S3hjX7NM6xwuf9p6tcVPtNX%2FJHwhKHhxHuvtpVvj7xvfXfNsJJyIDJvFH%2BEk%2Fp2m9d2bUozde4PvCuQ8fS6U%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6a68b13d9ace5995-MXP
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
/
j69o.icu/hooka12/ 		170 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j69o.icu/hooka12/?api=1&lan=mobile&ht=1
Requested by
Host: nk5.us
URL: https://nk5.us/KCEd3Pf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.10.36.228 Secaucus, United States, ASN19318 (IS-AS-1, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
ffc0c25ac009f03b82ac0698f77f0d152f5b2dd6463ba4559e242e7a83a5e6b5

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://nk5.us/
User-Agent
phone MessengerLiteForiOS

Response headers

pragma
no-cache
date
Sun, 31 Oct 2021 00:16:02 GMT
content-encoding
br
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-store, no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
expires
Thu, 19 Nov 1981 08:52:00 GMT
922.png
widgets.amung.us/classic/09/
Redirect Chain
  • https://whos.amung.us/widget/acortadorbr
  • https://widgets.amung.us/classic/09/922.png
1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://widgets.amung.us/classic/09/922.png
Requested by
Host: nk5.us
URL: https://nk5.us/KCEd3Pf
Protocol
H2
Server
2606:4700:10::6816:4aab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7bf7bb829fae0ee07a90939c38ccc1bbd7938082e274258cdb2aa7f4dc955f69

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://nk5.us/
User-Agent
phone MessengerLiteForiOS

Response headers

date
Sun, 31 Oct 2021 00:16:02 GMT
cf-cache-status
HIT
last-modified
Sun, 13 Jun 2010 09:03:10 GMT
server
cloudflare
age
37611
etag
"4c149ece-5f4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=432000
accept-ranges
bytes
cf-ray
6a68b1423d215a19-MXP
content-length
1524
expires
Sun, 31 Oct 2021 13:49:10 GMT

Redirect headers

location
https://widgets.amung.us/classic/09/922.png
date
Sun, 31 Oct 2021 00:16:02 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
/
whos.amung.us/pingjs/ 		31 B
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://whos.amung.us/pingjs/?k=acortadorbr&t=%F0%9F%94%A5%F0%9F%94%A5%F0%9F%94%A5%20Panelsbr%20%F0%9F%94%A5%F0%9F%94%A5%F0%9F%94%A5&x=https://panelsbr.cc/
Requested by
Host: nk5.us
URL: https://nk5.us/KCEd3Pf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.202.114.214 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS
amung.us
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://nk5.us/
User-Agent
phone MessengerLiteForiOS

Response headers

date
Sun, 31 Oct 2021 00:16:02 GMT
content-encoding
gzip
content-type
text/javascript;charset=UTF-8
/
j69o.icu/hooka12/location/
Redirect Chain
  • https://j69o.icu/hooka12/location
  • https://j69o.icu/hooka12/location/
1 KB
594 B 		Script
General
Check archive.org
Download Go to
Full URL
https://j69o.icu/hooka12/location/
Protocol
H2
Server
69.10.36.228 Secaucus, United States, ASN19318 (IS-AS-1, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
6e67d9e9a9f3414293cb83a59fc284a9b3bf7b75dea1fda2d233ab2c137a636d

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://nk5.us/
User-Agent
phone MessengerLiteForiOS

Response headers

date
Sun, 31 Oct 2021 00:16:03 GMT
content-encoding
br
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
content-length
514
expires
Sun, 07 Nov 2021 00:16:03 GMT

Redirect headers

location
https://j69o.icu/hooka12/location/
date
Sun, 31 Oct 2021 00:16:03 GMT
server
LiteSpeed
content-length
707
content-type
text/html
geo.json
get.geojs.io/v1/ip/ 		331 B
988 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://get.geojs.io/v1/ip/geo.json
Requested by
Host: nk5.us
URL: https://nk5.us/KCEd3Pf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:46e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d6ea2b6b2ef7aeeb279bbaadb4972c3925f05bf2ed46e014c84bdae98d3ee44
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://nk5.us/
User-Agent
phone MessengerLiteForiOS

Response headers

date
Sun, 31 Oct 2021 00:16:03 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id
6fc9a3342cc381a6cf8395add1619208-AMS
x-geojs-location
AMS
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MyZ53e98fPe5g0AOsH4pYbSJV6AB5YgWvDHSgkiMXw0rMYdWYytwpjESkmPpYm%2FUdVhC0nBpNetwF0448%2BQI%2Bq9c%2B0pV2rRTti6kpPlI4U4Mm6tgncnJrlLd4wnAYzB%2FvcFRT1wvBSrtbA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, private, max-age=0
cf-ray
6a68b14509b03759-MXP
dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/y8/r/dF5SId3UHWd.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self';script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src 'unsafe-inline';connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://nk5.us/
User-Agent
phone MessengerLiteForiOS

Response headers

content-security-policy
default-src data: blob: 'self';script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src 'unsafe-inline';connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
br
x-content-type-options
nosniff
content-md5
NiMA5zHIsmaYxSYEaw9fHg==
content-security-policy-report-only
default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1027
x-xss-protection
0
x-fb-debug
ez0fXTlqK4XrFoEz67CkJtamQ+uakwd7P/HBID2Asy/33g5/YmiDlvAXFXzLUifI+pTvfcSzfXB9bA6DLcjUXQ==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
date
Sun, 31 Oct 2021 00:16:03 GMT
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
x-fb-rlafr
0
timing-allow-origin
*
priority
u=3,i
expires
Thu, 20 Oct 2022 19:06:07 GMT
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
User-Agent
phone MessengerLiteForiOS

Response headers

Content-Type
image/png
/
whos.amung.us/pingjs/ 		26 B
26 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://whos.amung.us/pingjs/?k=jeison02&t=%F0%9F%A5%B6%20Volvio%20El%20Ganster%20%F0%9F%A5%B6&x=https://www.twitch.tv/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.202.114.214 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS
amung.us
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://nk5.us/
User-Agent
phone MessengerLiteForiOS

Response headers

date
Sun, 31 Oct 2021 00:16:03 GMT
content-encoding
gzip
content-type
text/javascript;charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| sh boolean| IS_MOBILE number| limit_bot string| object string| type string| OUTPUT object| ___ object| params number| tt undefined| to_object string| a function| checking function| creatingInput function| searchingForms

0 Cookies