shn.pansysa.sbs
Open in
urlscan Pro
188.114.97.3
Malicious Activity!
Public Scan
Effective URL: https://shn.pansysa.sbs/?customer-id=rj934scrtm533-ab1316xn9md23-kw111xzx2g863
Submission: On November 01 via api from US — Scanned from DE
Summary
TLS certificate: Issued by WE1 on October 27th 2024. Valid for: 3 months.
This is the only time shn.pansysa.sbs was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3035::6815:425d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 172.67.174.34 172.67.174.34 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
22 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:303... 2606:4700:3036::6815:1b98 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
23 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
pansysa.sbs
shn.pansysa.sbs |
1024 KB |
1 |
fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1222 |
426 KB |
1 |
moonflowsad.shop
1 redirects
aws-services.moonflowsad.shop |
704 B |
1 |
gracelandsad.shop
1 redirects
seveg.gracelandsad.shop |
859 B |
23 | 4 |
Domain | Requested by | |
---|---|---|
22 | shn.pansysa.sbs |
shn.pansysa.sbs
|
1 | use.fontawesome.com |
shn.pansysa.sbs
|
1 | aws-services.moonflowsad.shop | 1 redirects |
1 | seveg.gracelandsad.shop | 1 redirects |
23 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
virus-checked.golfapp.club |
Subject Issuer | Validity | Valid | |
---|---|---|---|
pansysa.sbs WE1 |
2024-10-27 - 2025-01-25 |
3 months | crt.sh |
use.fontawesome.com WE1 |
2024-09-09 - 2024-12-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://shn.pansysa.sbs/?customer-id=rj934scrtm533-ab1316xn9md23-kw111xzx2g863
Frame ID: 0EA638B61A41F76E58583F1B420EC8C2
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
Belohnungen für UmfragenPage URL History Show full URLs
-
http://seveg.gracelandsad.shop/index.php/campaigns/rj934scrtm533/track-url/kw111xzx2g863/5e12c72ccf7cfd6197...
HTTP 307
https://seveg.gracelandsad.shop/index.php/campaigns/rj934scrtm533/track-url/kw111xzx2g863/5e12c72ccf7cfd6197... HTTP 301
https://aws-services.moonflowsad.shop/HuiOmsnHsrWqsYUosnHtseWW?customer-id=rj934scrtm533-ab1316xn9md23-kw111xzx2g863 HTTP 301
http://shn.pansysa.sbs/?customer-id=rj934scrtm533-ab1316xn9md23-kw111xzx2g863 HTTP 307
https://shn.pansysa.sbs/?customer-id=rj934scrtm533-ab1316xn9md23-kw111xzx2g863 HTTP 307
http://shn.pansysa.sbs/?customer-id=rj934scrtm533-ab1316xn9md23-kw111xzx2g863 HTTP 307
https://shn.pansysa.sbs/?customer-id=rj934scrtm533-ab1316xn9md23-kw111xzx2g863 Page URL
Detected technologies
animate.css (Web Frameworks) ExpandDetected patterns
- <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Continuer
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://seveg.gracelandsad.shop/index.php/campaigns/rj934scrtm533/track-url/kw111xzx2g863/5e12c72ccf7cfd6197f9a432905a3a5825b5c083
HTTP 307
https://seveg.gracelandsad.shop/index.php/campaigns/rj934scrtm533/track-url/kw111xzx2g863/5e12c72ccf7cfd6197f9a432905a3a5825b5c083 HTTP 301
https://aws-services.moonflowsad.shop/HuiOmsnHsrWqsYUosnHtseWW?customer-id=rj934scrtm533-ab1316xn9md23-kw111xzx2g863 HTTP 301
http://shn.pansysa.sbs/?customer-id=rj934scrtm533-ab1316xn9md23-kw111xzx2g863 HTTP 307
https://shn.pansysa.sbs/?customer-id=rj934scrtm533-ab1316xn9md23-kw111xzx2g863 HTTP 307
http://shn.pansysa.sbs/?customer-id=rj934scrtm533-ab1316xn9md23-kw111xzx2g863 HTTP 307
https://shn.pansysa.sbs/?customer-id=rj934scrtm533-ab1316xn9md23-kw111xzx2g863 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
shn.pansysa.sbs/ Redirect Chain
|
29 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
shn.pansysa.sbs/css/ |
15 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
animate.min.css
shn.pansysa.sbs/css/ |
70 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.js
use.fontawesome.com/releases/v5.15.4/js/ |
1 MB 426 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
datehead.js
shn.pansysa.sbs/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.png
shn.pansysa.sbs/images/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
flaglogo.png
shn.pansysa.sbs/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
product.png
shn.pansysa.sbs/images/ |
203 KB 204 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
loadingBL.gif
shn.pansysa.sbs/images/ |
118 KB 118 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
prize1.png
shn.pansysa.sbs/images/ |
205 KB 206 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1.jpg
shn.pansysa.sbs/images/ |
44 KB 45 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2.jpg
shn.pansysa.sbs/images/ |
45 KB 45 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
comm_pic_1.jpg
shn.pansysa.sbs/images/ |
110 KB 110 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3.jpg
shn.pansysa.sbs/images/ |
38 KB 39 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4.jpg
shn.pansysa.sbs/images/ |
38 KB 39 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
comm_pic_2.jpg
shn.pansysa.sbs/images/ |
112 KB 112 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
5.jpg
shn.pansysa.sbs/images/ |
46 KB 47 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f_guarantee.png
shn.pansysa.sbs/images/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f_secure_1.png
shn.pansysa.sbs/images/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo2.png
shn.pansysa.sbs/images/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
script.js
shn.pansysa.sbs/js/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bg.png
shn.pansysa.sbs/images/ |
196 B 196 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
shn.pansysa.sbs/ |
196 B 799 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| datehax function| datenhax function| datenhay object| answers number| lastQnum function| toNext object| states object| dones object| loadImg object| loadBgCol function| drawloader number| qn number| dsq object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
seveg.gracelandsad.shop/ | Name: mwsid Value: 5mmb7cao4e777mhd9r4flkh53u |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aws-services.moonflowsad.shop
seveg.gracelandsad.shop
shn.pansysa.sbs
use.fontawesome.com
172.67.174.34
188.114.97.3
2606:4700:3035::6815:425d
2606:4700:3036::6815:1b98
08cca3a01826c51da3ba67e576c6edc01819ad7d1fac69888e1cb18638b62bd6
12848411efa2d4d07a355d984599585dcf70a54213f832586e3a59761b349529
1a62547fc8c0c744eb759f4cb2e5ab9cba00d7b9cb4e611d927858e2177fa9bb
25f0ba58034d30ccc00d3729101232d003487e5232f9822876b0267a66fdfa8d
3515884df670714dd723c7a0fd9ecfd8cf73aea40d0f3ea9d92608c04b9655eb
36940f375ccd0d827d78f05e0b3296d140efe4e586abc40ffdbb5395e3277f18
46d008df1bea7669fe4503b6b2c4426728e44aacf5027308e823fffb2ac74c8a
58669c15b15430de02d4aa06b4e725ad0763e1edcd99f946d998dfa9b350c699
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
7dee8a0808bb4da85e2b5fa3009a4589c87ee7474108585f7dda8202f67b5825
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
80e4781f9a5c59e6dd06e2a0663c83a74a6e7f72b75240e1251d0f47822baaa0
812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf
9876a7ae2fff3841f6815203eea614d8cd0022ebbe6b9b4d97bfbc53bf422fe4
b1e617a903f71d9dd18155c7d58b363adccb2c7a44791ffee539a374d25710b6
ba795d196aba3b3bf80a2341c81d2701b2b9d9e4414a8e91a60992deefd221b2
bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b
c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95
ceda9844af365a90c7ff889499c21af8947a4b885d6a448cdc78759fef4e5e75
d59f849bd004f0145fe46845f941fa5787ef30c4b333839c74085839cdd2eba3
e9df25f929c635ea6775d4fadbe5697c039ed5132658d35d524830d2c1590c31
f6aea3c07288caf07a7decf4f1d8d1cbf202394255169570f5205af4a553d899