work365uzb.lol
Open in
urlscan Pro
2606:4700:3030::6815:5ff8
Malicious Activity!
Public Scan
Effective URL: https://work365uzb.lol/
Submission Tags: threatview.io malwar3ninja rule: suspected phishing scam automated-submission Search All
Submission: On December 09 via api from DE — Scanned from US
Summary
TLS certificate: Issued by WE1 on December 5th 2024. Valid for: 3 months.
This is the only time work365uzb.lol was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
14 | 2606:4700:303... 2606:4700:3030::6815:5ff8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6812:bb1f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
24 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
work365uzb.lol
work365uzb.lol |
226 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 318 |
19 KB |
24 | 2 |
Domain | Requested by | |
---|---|---|
14 | work365uzb.lol |
work365uzb.lol
cdn.jsdelivr.net |
2 | cdn.jsdelivr.net |
work365uzb.lol
|
24 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
work365uzb.lol WE1 |
2024-12-05 - 2025-03-05 |
3 months | crt.sh |
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA |
2024-05-04 - 2025-05-04 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://work365uzb.lol/
Frame ID: D3C94D7EA49DAB52D7C3B58D3516D9BB
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
Telegram WebPage URL History Show full URLs
-
http://work365uzb.lol/
HTTP 307
https://work365uzb.lol/ Page URL
Detected technologies
jsDelivr (CDN) ExpandDetected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://work365uzb.lol/
HTTP 307
https://work365uzb.lol/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
work365uzb.lol/ Redirect Chain
|
15 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index-e-jlGVAF.js
work365uzb.lol/ |
133 KB 48 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index-vX_PR0Tt.css
work365uzb.lol/ |
477 KB 82 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
axios.min.js
cdn.jsdelivr.net/npm/axios/dist/ |
53 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
send.php
work365uzb.lol/server/ |
6 B 666 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
axios.min.js
cdn.jsdelivr.net/npm/axios/dist/ |
53 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
mtproto.worker-ByDWDGLw.js
work365uzb.lol/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
crypto.worker-CfCshcpI.js
work365uzb.lol/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
369 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
crypto.worker-CfCshcpI.js
work365uzb.lol/ |
67 KB 24 KB |
Fetch
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
59 B 59 B |
Image
image/jxl |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
311 B 0 |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
work365uzb.lol/assets/img/ |
15 KB 4 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
lang-CNYDDQNH.js
work365uzb.lol/ |
137 KB 40 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
langSign-CN-ja8rh.js
work365uzb.lol/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
countries-CzeCvYH8.js
work365uzb.lol/ |
24 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pageSignQR-C3lXUpHx.js
work365uzb.lol/ |
5 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
page-BMz-rky6.js
work365uzb.lol/ |
10 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
button-DNOYFSTy.js
work365uzb.lol/ |
9 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
putPreloader-CByTF1BW.js
work365uzb.lol/ |
699 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
textToSvgURL-Cnw_Q8Rw.js
work365uzb.lol/ |
357 B 996 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
abe2d173-c0c6-4545-821d-bed7191fd39e
https://work365uzb.lol/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
813b47e4-dca9-48b9-9898-12258f9a5d18
https://work365uzb.lol/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ff832e14-d075-4ab5-83d2-a0512aa214c2
https://work365uzb.lol/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
qr-code-styling-CvBVNv73.js
work365uzb.lol/ |
65 KB 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
_commonjsHelpers-Cpj98o6Y.js
work365uzb.lol/ |
290 B 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_padded.svg
work365uzb.lol/assets/img/ |
1 KB 0 |
Fetch
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- work365uzb.lol
- URL
- https://work365uzb.lol/mtproto.worker-ByDWDGLw.js
- Domain
- work365uzb.lol
- URL
- https://work365uzb.lol/crypto.worker-CfCshcpI.js
- Domain
- work365uzb.lol
- URL
- blob:https://work365uzb.lol/abe2d173-c0c6-4545-821d-bed7191fd39e
- Domain
- work365uzb.lol
- URL
- blob:https://work365uzb.lol/813b47e4-dca9-48b9-9898-12258f9a5d18
- Domain
- work365uzb.lol
- URL
- blob:https://work365uzb.lol/ff832e14-d075-4ab5-83d2-a0512aa214c2
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)33 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| axios number| interval function| postLocalStorageWithFatch object| rootScope function| deferredPromise function| AppStorage object| stateStorage function| wrapUrl object| I18n object| webpWorkerController object| appStorage object| appNavigationController object| singleInstance object| webPushApiManager object| telegramMeWebManager object| opusDecodeController object| cryptoMessagePort object| mtprotoMessagePort object| serviceMessagePort object| apiManagerProxy function| calcImageInBox object| mediaSizes object| customProperties object| windowSize object| liteMode object| themeController object| overlayCounter function| formatDateAccordingToTodayNew function| fillTipDates function| dispatchHeavyAnimationEvent object| pagesManager object| sequentialDom function| putPreloader1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
work365uzb.lol/ | Name: token_abc Value: ecc195e9fd9ea18b20ba533ca1f71098 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
work365uzb.lol
work365uzb.lol
2606:4700:3030::6815:5ff8
2606:4700::6812:bb1f
04dfc8e1a6e59e36a3a3a5c15443a97a92a6d2a7da9d276b050d58be3c7952a7
084e02dc3f7facf0f9744705d2211e97633cc8127ce579a95fa50337e92df665
2b3cb7fcd5a7cba31f0932276d0673437bb4d8ba9fcfcc3602ec85ea60458ae4
4d5108399b82641dbf80148c27bb49203d32e211cec1ed139557ceff975c3896
53215a998c994f1475191e266b3658282cec121c0ce01db226313eba52644565
55073646800c2dafa80abb6f0fd1dc1cd230b64dafd19496dc12242834294a8a
6876bde98b3f0c4013107f69f6bf375f60a2807bd79c11592131d9b8bbbb76ae
6f2cf0c99091af44641cb27eee6a0f32a56aa85f446f60a9482864f2ade413d4
7e2388ec283fe17472ef02829a93da550af8f3ad4a975f50a0110bff61afe523
7e898f2560233fe672543bbaffe66542d387208b18f5639cb3050bd75d167e48
879d4f4091627258a6b4f30e1ffa7e12273c302c77387b870c2e7c63d76bdfcb
88ef7b589f467f4a280126e59b5428d5169f80a165500687699209f60ca39998
9cf48244581d6cb6486d6702f7372292284faef2489a3be419ac1bc70606be72
abdfbffecbe18ed94df9829819e596ee285b52a94aa108514452a9121721c789
b04e833ae43c5493e983f070356392a25e11942e3f4ec8fd705b0e8e8950f8b0
b171db41d29e787f28dc29eadc2d50f414aba3e6e85f6249b119956d265e0dfa
b565e185c7c2c3cdcac2c73df77098ff3aa6cce17102ce9e01cfc9f4ac408d73
c83e96a914db1e2c858e798c86cdbf9c0cb372241d2d8e925bbd79457d1703b3
db66f764c311c8c976601370a59831be1b792fe9535c8f36f7de75334226b071
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4