webplatform.buzz
Open in
urlscan Pro
2606:4700:3031::6815:912
Malicious Activity!
Public Scan
Submission: On November 07 via api from US — Scanned from DE
Summary
TLS certificate: Issued by WE1 on October 26th 2024. Valid for: 3 months.
This is the only time webplatform.buzz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: SberBank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
14 | 2606:4700:303... 2606:4700:3031::6815:912 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 202.168.102.27 202.168.102.27 | 10122 (NETSTAR-A...) (NETSTAR-AS-AP NETSTAR SG PTE. LTD.) | |
1 | 104.166.188.188 104.166.188.188 | 21859 (ZEN-ECN) (ZEN-ECN) | |
19 | 4 |
ASN10122 (NETSTAR-AS-AP NETSTAR SG PTE. LTD., SG)
api.imotech.video |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
webplatform.buzz
webplatform.buzz |
708 KB |
5 |
imotech.video
api.imotech.video — Cisco Umbrella Rank: 71219 |
22 KB |
19 | 2 |
Domain | Requested by | |
---|---|---|
14 | webplatform.buzz |
webplatform.buzz
|
5 | api.imotech.video |
webplatform.buzz
api.imotech.video |
19 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
webplatform.buzz WE1 |
2024-10-26 - 2025-01-24 |
3 months | crt.sh |
*.imotech.video GlobalSign GCC R6 AlphaSSL CA 2023 |
2024-06-03 - 2025-07-05 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://webplatform.buzz/SSQ
Frame ID: 133A0263EA98017EE9AABE13548A5CBD
Requests: 19 HTTP requests in this frame
Frame:
https://api.imotech.video/ad/pixelfile.html
Frame ID: 33D9EE92AF7F2CE15927A0047ED9B3F3
Requests: 1 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
SSQ
webplatform.buzz/ |
226 KB 130 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg_180.png
webplatform.buzz/lander/sber-180-with-agreement----sberq-v2-klmt-/images/ |
238 KB 239 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1a51d04b48ae2e7e.css
webplatform.buzz/lander/sber-180-with-agreement----sberq-v2-klmt-/_next/static/css/ |
36 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webpack-b82cc81a783008b5.js
webplatform.buzz/lander/sber-180-with-agreement----sberq-v2-klmt-/_next/static/chunks/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
67cfe1a8-2fc55acb4a00f961.js
webplatform.buzz/lander/sber-180-with-agreement----sberq-v2-klmt-/_next/static/chunks/ |
169 KB 53 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
221-89baa616a8f4e3e1.js
webplatform.buzz/lander/sber-180-with-agreement----sberq-v2-klmt-/_next/static/chunks/ |
121 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-app-789985ef8480450d.js
webplatform.buzz/lander/sber-180-with-agreement----sberq-v2-klmt-/_next/static/chunks/ |
463 B 726 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3723546d-cf7ac19b252cd23a.js
webplatform.buzz/lander/sber-180-with-agreement----sberq-v2-klmt-/_next/static/chunks/ |
693 B 953 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
394-a0764dc538c9e769.js
webplatform.buzz/lander/sber-180-with-agreement----sberq-v2-klmt-/_next/static/chunks/ |
45 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
466-573f668dbff00d7d.js
webplatform.buzz/lander/sber-180-with-agreement----sberq-v2-klmt-/_next/static/chunks/ |
407 KB 112 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
86-42c5b9d59b45d324.js
webplatform.buzz/lander/sber-180-with-agreement----sberq-v2-klmt-/_next/static/chunks/ |
20 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
page-71e94b0534cc14df.js
webplatform.buzz/lander/sber-180-with-agreement----sberq-v2-klmt-/_next/static/chunks/app/ |
159 KB 104 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
635-5f2cab273f5e0921.js
webplatform.buzz/lander/sber-180-with-agreement----sberq-v2-klmt-/_next/static/chunks/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layout-4487e13d8944ad03.js
webplatform.buzz/lander/sber-180-with-agreement----sberq-v2-klmt-/_next/static/chunks/app/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
103 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
events.js
api.imotech.video/ad/ |
62 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
trackingview
api.imotech.video/bigoad/ |
104 B 241 B |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
trackingview
api.imotech.video/bigoad/ |
104 B 242 B |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pixelfile.html
api.imotech.video/ad/ Frame 33D9 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
trackingview
api.imotech.video/bigoad/ |
104 B 240 B |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: SberBank (Banking)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| __next_f object| webpackChunk_N_E object| next function| bge function| bge_ec_register object| bgdataLayer function| onSendLead object| $$baseConfig object| $$requestStack object| $$bgeConfigs boolean| $$finishCheckBBG4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
webplatform.buzz/ | Name: _subid Value: 2b5nook23i16 |
|
webplatform.buzz/ | Name: 22272 Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjczXCI6MTczMDk2MzU1Mn0sXCJjYW1wYWlnbnNcIjp7XCIyMlwiOjE3MzA5NjM1NTJ9LFwidGltZVwiOjE3MzA5NjM1NTJ9In0.iJwUKUJKyiAzC0mO0hCDfALC-4Pa-y70mkAZVc5WtK0 |
|
webplatform.buzz/ | Name: _token Value: uuid_2b5nook23i16_2b5nook23i16672c6860d59e75.36018241 |
|
webplatform.buzz/ | Name: _bge_ci Value: BA1.1.182849153.1730963554 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.imotech.video
webplatform.buzz
104.166.188.188
202.168.102.27
2606:4700:3031::6815:912
01edb16f9542c1d539b3a907596b9e011bb88bf4e3b2bce5887b6a4cb6dd73f9
02783eeb754ecf8558090fcb333b86bbc4679b4596d11fb61499afe95de5fda4
053dce4170a3cfb99f0740049f5870f5831b8c4435c86bc9fde32b8d2cdd0e39
392edc1bab5e4efa39865ce86a89442f8a167d8ef1e44ab8421ef5972243c5c4
4058c13ad64355d07a53a55cf28e259115c2240fdbe5e2d7f425b051ea26f39d
408fa4202fb7215854b8df73fdf975ab2f598f54b2c0f7a04b9e8a11772e2e44
45c11446f7a40d2704e42ee14e18b7c3f757c9c4d7148b8bf0c67f484d806e4f
4de1f50340d63966ec43c7198fc65cdd55599bd931f571c07b8b6424b1c05136
686a2efd3acf18539e665c6d82e8ed4561c0ffa11e854b738d0c97295abc8d1a
7d337a8dd4c9965b9e18b0ed60d86565a6be0ca72580aee934e1d6f4d979c3bd
99c03797d12d32a99ac90a9c83d7f223d7adc1f0d6b5fcf01826d1b2c52aae38
99ca24887d2b1c9e2fc220bd201d4565210aeccff8b0ae279b995de5ed0e97d1
9e0c93ff9ff4c5837e632e0be3840d7bb6692d64851df3768d62000896680976
9fcaa637ae5fbbebb862692b83eefadf49e29f74dd90ae6f2d160604dd2cfe06
ae9c4d16eb4e31b0985c5425cc1e84e259d96a1baa0d117c665227c95eee4c88
aead8b44de6b3bbe49836f1047541c53687cd08e204ac06aca8a5c038bfcf95f
c80f537c406044d22d7d57820b23c5645d823b75012d3493fbda129f8d159184
cffecd29de59e09d8cdbb3d63b876434a071fa4f8094a9a9a2a9fbb0b4670f3f
f07667fa63c5a0cdbae096811caec8619f7a8113e70e8477f20e7af4c1482670