installcurrentoverlythefile.vip
Open in
urlscan Pro
3.210.174.206
Public Scan
Effective URL: https://installcurrentoverlythefile.vip/NEhrCeV-PFioT7m6mmTfSd82BALwJsr34wzv6jyoHZw?cid=467167890148168814&sid=4419386
Submission: On September 30 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by R3 on September 24th 2021. Valid for: 3 months.
This is the only time installcurrentoverlythefile.vip was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 107.20.106.95 107.20.106.95 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 3.210.174.206 3.210.174.206 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:3b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
2 | 3 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-106-95.compute-1.amazonaws.com
rox.neptuntrack.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-210-174-206.compute-1.amazonaws.com
installcurrentoverlythefile.vip |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
jquery.com
code.jquery.com |
30 KB |
1 |
installcurrentoverlythefile.vip
installcurrentoverlythefile.vip |
115 KB |
1 |
neptuntrack.com
1 redirects
rox.neptuntrack.com |
286 B |
2 | 3 |
Domain | Requested by | |
---|---|---|
1 | code.jquery.com |
installcurrentoverlythefile.vip
|
1 | installcurrentoverlythefile.vip | |
1 | rox.neptuntrack.com | 1 redirects |
2 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
installcurrentoverlythefile.vip R3 |
2021-09-24 - 2021-12-23 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://installcurrentoverlythefile.vip/NEhrCeV-PFioT7m6mmTfSd82BALwJsr34wzv6jyoHZw?cid=467167890148168814&sid=4419386
Frame ID: 4B1DD5F572C119409FF48C76C9659FE1
Requests: 7 HTTP requests in this frame
Screenshot
Page Title
Flash PlayerPage URL History Show full URLs
-
http://rox.neptuntrack.com/sdgvbds/setfgse/?utm_source=24&utm_campaign=8307908&cid=467167890148168814&s...
HTTP 302
https://installcurrentoverlythefile.vip/NEhrCeV-PFioT7m6mmTfSd82BALwJsr34wzv6jyoHZw?cid=467167890148168814&sid=4419386 Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://rox.neptuntrack.com/sdgvbds/setfgse/?utm_source=24&utm_campaign=8307908&cid=467167890148168814&sid=4419386
HTTP 302
https://installcurrentoverlythefile.vip/NEhrCeV-PFioT7m6mmTfSd82BALwJsr34wzv6jyoHZw?cid=467167890148168814&sid=4419386 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
2 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
NEhrCeV-PFioT7m6mmTfSd82BALwJsr34wzv6jyoHZw
installcurrentoverlythefile.vip/ Redirect Chain
|
115 KB 115 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
22 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
12 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster string| qs function| $ function| jQuery boolean| cwswindowclosed undefined| oldCWSLeft undefined| oldCWSTop function| openInstall function| myMove1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
installcurrentoverlythefile.vip/ | Name: session Value: l4qg_GSWvf4cforqzJPlLvyE4ZtNKPw5 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
installcurrentoverlythefile.vip
rox.neptuntrack.com
107.20.106.95
2001:4de0:ac18::1:a:3b
3.210.174.206
37b739671532eac967502640c41b6a040a14cbb077b2ef68b25dc0606367b96e
63922506fdbfb3ae80fdd5f314480e13c69fec443b88aaa37f7784715a4c77c6
645176a5b72abf4bd90019bf77fe76603c92146e62e9d69d2537e942188a4431
7bb08cff016e0d62b638e0fc1a4bf9c130a96d04ae5bccded0a5de8441d79d39
cb581c108e747e5625b80e92c27dc682a47ed4a2dc28a72684251a44c52c7518
f1a74bb53703e2b6c94acbc23bb53e937747d0685a6fec3a043b85fdbf4b0e69
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e