buildarockatboy.com
Open in
urlscan Pro
194.39.45.235
Malicious Activity!
Public Scan
Submission: On August 18 via api from JP — Scanned from JP
Summary
This is the only time buildarockatboy.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 194.39.45.235 194.39.45.235 | 206892 (Rendszeri...) (Rendszerinformatika Zrt.) | |
1 3 | 2404:6800:400... 2404:6800:4004:80b::200d | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 2404:6800:400... 2404:6800:4004:826::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.244.42.1 104.244.42.1 | 13414 (TWITTER) (TWITTER) | |
12 | 4 |
ASN206892 (Rendszerinformatika Zrt., HU)
PTR: p.alverad.hu
buildarockatboy.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
buildarockatboy.com
buildarockatboy.com |
137 KB |
4 |
google.com
2 redirects
accounts.google.com — Cisco Umbrella Rank: 99 plus.google.com — Cisco Umbrella Rank: 7397 |
3 KB |
1 |
twitter.com
twitter.com — Cisco Umbrella Rank: 202 |
|
0 |
Failed
function sub() { [native code] }. Failed |
|
12 | 4 |
Domain | Requested by | |
---|---|---|
8 | buildarockatboy.com |
buildarockatboy.com
|
3 | accounts.google.com |
1 redirects
buildarockatboy.com
|
1 | twitter.com |
buildarockatboy.com
|
1 | plus.google.com | 1 redirects |
0 | dphoaaiomekdhacmfoblfblmncpnbahm Failed |
buildarockatboy.com
|
12 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
passwordreset.microsoftonline.com |
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
accounts.google.com GTS CA 1C3 |
2022-08-01 - 2022-10-24 |
3 months | crt.sh |
twitter.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-01-24 - 2023-01-23 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://buildarockatboy.com/7xti20jmc10sqyyw
Frame ID: C75E5023C7D5C073F46CE01D28728B00
Requests: 15 HTTP requests in this frame
3 Outgoing links
These are links going to different origins than the main page.
Title: Forgot my password
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- https://plus.google.com/up/?continue=https://www.google.com/intl/en/images/logos/accounts_logo.png&type=st&gpsrc=ogpy0 HTTP 302
- https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://plus.google.com/up/?continue%3Dhttps://www.google.com/intl/en/images/logos/accounts_logo.png%26type%3Dst%26gpsrc%3Dogpy0&followup=https://plus.google.com/up/?continue%3Dhttps://www.google.com/intl/en/images/logos/accounts_logo.png%26type%3Dst%26gpsrc%3Dogpy0 HTTP 302
- https://accounts.google.com/v3/signin/identifier?dsh=S302351481%3A1660817140082255&continue=https%3A%2F%2Fplus.google.com%2Fup%2F%3Fcontinue%3Dhttps%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fimages%2Flogos%2Faccounts_logo.png%26type%3Dst%26gpsrc%3Dogpy0&followup=https%3A%2F%2Fplus.google.com%2Fup%2F%3Fcontinue%3Dhttps%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fimages%2Flogos%2Faccounts_logo.png%26type%3Dst%26gpsrc%3Dogpy0&osid=1&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmWTgfvOhI8w2O-nlCB2bumaXNiuPeE50-dMxb8ixJ5PwxodAPPPAmKnLmPPNYqqvFQXxsZN
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
7xti20jmc10sqyyw
buildarockatboy.com/ |
369 KB 125 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
events.js
buildarockatboy.com/js/ |
558 B 918 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
513 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
108 KB 108 KB |
Image
image/* |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
icon48_green.png
dphoaaiomekdhacmfoblfblmncpnbahm/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
timeme.min.js
buildarockatboy.com/js/ |
4 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
time-tracker.js
buildarockatboy.com/js/ |
1 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
analyse.js
buildarockatboy.com/js/ |
3 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CheckCookie
accounts.google.com/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
identifier
accounts.google.com/v3/signin/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login
twitter.com/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
run-analyse
buildarockatboy.com/7xti20jmc10sqyyw/ |
0 495 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
run-analyse
buildarockatboy.com/7xti20jmc10sqyyw/ |
0 495 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
track-time
buildarockatboy.com/scenario/ |
0 665 B |
Ping
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- dphoaaiomekdhacmfoblfblmncpnbahm
- URL
- chrome-extension://dphoaaiomekdhacmfoblfblmncpnbahm/images/icon48_green.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| lucyDispatchEvent function| savepage_ShadowLoader object| TimeMe boolean| injected function| trackTime function| sendData function| isChrome object| dataAnalyse string| analysisUrl function| sendAnalyseData function| updateSocialStatus function| runAnalyse function| doAnalysis6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
buildarockatboy.com/ | Name: link Value: 7xti20jmc10sqyyw |
|
.google.com/ | Name: NID Value: 511=C1lW1MDsJXyGGnoOf9Opct2eHUZ_39xJDKYFMUmq6_LflRKg7KxArYKelyZ9aDs-GrNAfYzh4c0OHfuQtRuiHqVhkulD-SEfbx93-nfBf8_4w6prPQb6_63v8uPfV5J8W3XJYfFs3npW7nRUfINLygQ_tiTdbfy4a5JR5lBA8AA |
|
.twitter.com/ | Name: guest_id_marketing Value: v1%3A166081713999626038 |
|
.twitter.com/ | Name: guest_id_ads Value: v1%3A166081713999626038 |
|
.twitter.com/ | Name: personalization_id Value: "v1_thGYFt1UGrPYIS33/h8mMQ==" |
|
.twitter.com/ | Name: guest_id Value: v1%3A166081713999626038 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.google.com
buildarockatboy.com
dphoaaiomekdhacmfoblfblmncpnbahm
plus.google.com
twitter.com
dphoaaiomekdhacmfoblfblmncpnbahm
104.244.42.1
194.39.45.235
2404:6800:4004:80b::200d
2404:6800:4004:826::200e
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
3ae66a8d261814acf0678914f1832973fe5be31912abf545f81fe4f97fd707dd
494abd60578b48528db8656e6336d1b803fdc0bb86e2f4f8b071d090a26bebef
a8f7e59c2a6d75c51e1898b2d1ff9f6f666caad39a12d215e506202fce2ce150
abcd8fa9d8e0d63875daa71ace49ce26213016df091bd2b63385572c79992e15
b1c9c0a18219eaef9ce76f3ca58ab9097259e5e5c78574e3f7f3eb4a9f98f004
df44e74c857de0cd2b94ae343fe1afced4203aacb6dce3a7107338b0c9a76593
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855