stub.lovelyplayerset.click

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 6 HTTP transactions. The main IP is 3.144.207.224, located in Columbus, United States and belongs to AMAZON-02, US. The main domain is stub.lovelyplayerset.click.
TLS certificate: Issued by R3 on February 6th 2024. Valid for: 3 months.

This is the only time stub.lovelyplayerset.click was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Apple Software Update (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3034::6815:f6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.144.207.224 3.144.207.224	16509 (AMAZON-02) (AMAZON-02)
5	2600:9000:21e... 2600:9000:21ea:e00:3:2be1:2280:21	16509 (AMAZON-02) (AMAZON-02)
6	2

1 2606:4700:3034::6815:f6 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unglovinginducingmisreform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.144.207.224 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-144-207-224.us-east-2.compute.amazonaws.com

stub.lovelyplayerset.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:21ea:e00:3:2be1:2280:21 (United States)

ASN16509 (AMAZON-02, US)

d1igqsiuxonr0q.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	cloudfront.net d1igqsiuxonr0q.cloudfront.net	33 KB
1	lovelyplayerset.click stub.lovelyplayerset.click	5 KB
1	unglovinginducingmisreform.com 1 redirects unglovinginducingmisreform.com	966 B
6	3

	Domain	Requested by
5	d1igqsiuxonr0q.cloudfront.net	stub.lovelyplayerset.click
1	stub.lovelyplayerset.click
1	unglovinginducingmisreform.com	1 redirects
6	3

This site contains links to these domains. Also see Links.

Domain
www.spacetabext.com

Subject Issuer	Validity	Valid
stub.lovelyplayerset.click R3	`2024-02-06` - `2024-05-06`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://stub.lovelyplayerset.click/sets?news=rmBi3CEmAstkaQtBH4N612-vmXtkVbpC7j9iCDi2NPw.&sid=350396&qs1=&cid=ADtQ8mW8WAUA9GYCAFVTFwASAAAAAABS
Frame ID: 6CA6162BBA1B5DEC6D44A1544E339092
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://unglovinginducingmisreform.com/tlrjk1c71688f742d0cf2b119ff40d6ececf672144dc3?s3=mbpse9asu7wy7xoa5ordeo HTTP 302
https://stub.lovelyplayerset.click/sets?news=rmBi3CEmAstkaQtBH4N612-vmXtkVbpC7j9iCDi2NPw.&sid=350396&qs1=&cid=A... Page URL

Page Statistics

6
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

38 kB
Transfer

52 kB
Size

3
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.spacetabext.com/privacy-policy.html
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.spacetabext.com/term-of-use.html
Title: Terms Of Service

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://unglovinginducingmisreform.com/tlrjk1c71688f742d0cf2b119ff40d6ececf672144dc3?s3=mbpse9asu7wy7xoa5ordeo HTTP 302
https://stub.lovelyplayerset.click/sets?news=rmBi3CEmAstkaQtBH4N612-vmXtkVbpC7j9iCDi2NPw.&sid=350396&qs1=&cid=ADtQ8mW8WAUA9GYCAFVTFwASAAAAAABS Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request sets Show response stub.lovelyplayerset.click/ Redirect Chain http://unglovinginducingmisreform.com/tlrjk1c71688f742d0cf2b119ff40d6ececf672144dc3?s3=mbpse9asu7wy7xoa5ordeo https://stub.lovelyplayerset.click/sets?news=rmBi3CEmAstkaQtBH4N612-vmXtkVbpC7j9iCDi2NPw.&sid=350396&qs1=&cid=ADtQ8mW8WAUA9GYCAFVTFwASAAAAAABS	21 KB 5 KB	223ms 72ms	Document text/html	3.144.207.224 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://stub.lovelyplayerset.click/sets?news=rmBi3CEmAstkaQtBH4N612-vmXtkVbpC7j9iCDi2NPw.&sid=350396&qs1=&cid=ADtQ8mW8WAUA9GYCAFVTFwASAAAAAABS Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 3.144.207.224 Columbus, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-144-207-224.us-east-2.compute.amazonaws.com Software nginx / Resource Hash `9f2fab5b823df6ddff2e38afc969cc1bdea4376b01d5df2dc405d6c1e318ea51` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Thu, 14 Mar 2024 01:17:47 GMT Server nginx Transfer-Encoding chunked Redirect headers Accept-Ch Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Mobile, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64 CF-Cache-Status DYNAMIC CF-RAY 86406d13bdd3742a-MIA Connection keep-alive Content-Type text/html; charset=utf-8 Date Thu, 14 Mar 2024 01:17:47 GMT Location https://stub.lovelyplayerset.click/sets?news=rmBi3CEmAstkaQtBH4N612-vmXtkVbpC7j9iCDi2NPw.&sid=350396&qs1=&cid=ADtQ8mW8WAUA9GYCAFVTFwASAAAAAABS NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yO9pkkaHBY8LPYdgdf9CNpo67bAEdRCChXM%2F0uVfZ0U4zC2MsxUhiUpSXGm%2BVIbRoTPih7Zp3xPtcs0Rc8qzwFKXCQBjwMp1WmdA0rUo67UEYf93%2BOdRQkY2%2Bzas6N%2BwI2zDLuPGZLBHs5%2FbsxbodeF8BIhv%2FZ3KtH9cpUw%3D"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked alt-svc h3=":443"; ma=86400
GET H2	200	logo_1.png d1igqsiuxonr0q.cloudfront.net/lps/download_ext/images/	544 B 910 B	636ms 76ms	Image image/png	2600:9000:21ea:e00:3:2be1:2280:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d1igqsiuxonr0q.cloudfront.net/lps/download_ext/images/logo_1.png Requested by Host: stub.lovelyplayerset.click URL: https://stub.lovelyplayerset.click/sets?news=rmBi3CEmAstkaQtBH4N612-vmXtkVbpC7j9iCDi2NPw.&sid=350396&qs1=&cid=ADtQ8mW8WAUA9GYCAFVTFwASAAAAAABS Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21ea:e00:3:2be1:2280:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `5edc99996d04888432ff40494a8dd8c2b13f710f321d73ede1c8d29212a8503f` Request headers accept-language en-US,en;q=0.9 Referer https://stub.lovelyplayerset.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 23:38:32 GMT via 1.1 e8bd72d9a7c5eaf252aab1ed2d79e1a6.cloudfront.net (CloudFront) last-modified Thu, 20 Aug 2020 10:15:05 GMT server AmazonS3 x-amz-cf-pop EWR50-C1 age 5957 etag "b93f3be846e7bc39a4ad235429a1f451" x-amz-meta-origin-date-iso8601 2020-08-20T10:04:54.000Z x-cache Hit from cloudfront content-type image/png accept-ranges bytes content-length 544 x-amz-cf-id erhZAq2silv_megWWWHkRHXKYxjUUQ7413TsaK3OqpeUPqFk3e6d-A==
GET H2	200	arrow__blue.png d1igqsiuxonr0q.cloudfront.net/lps/flash_mac/images/	2 KB 3 KB	636ms 76ms	Image image/png	2600:9000:21ea:e00:3:2be1:2280:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d1igqsiuxonr0q.cloudfront.net/lps/flash_mac/images/arrow__blue.png Requested by Host: stub.lovelyplayerset.click URL: https://stub.lovelyplayerset.click/sets?news=rmBi3CEmAstkaQtBH4N612-vmXtkVbpC7j9iCDi2NPw.&sid=350396&qs1=&cid=ADtQ8mW8WAUA9GYCAFVTFwASAAAAAABS Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21ea:e00:3:2be1:2280:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `5bbee510c3b5965532d53185cadd47753740b6445f2b9bded3849424fcd2661a` Request headers accept-language en-US,en;q=0.9 Referer https://stub.lovelyplayerset.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 15:29:45 GMT via 1.1 e8bd72d9a7c5eaf252aab1ed2d79e1a6.cloudfront.net (CloudFront) last-modified Wed, 30 May 2018 18:11:30 GMT server AmazonS3 x-amz-cf-pop EWR50-C1 age 35284 etag "6d26faedbdd557f7dcd86e9060de347f" x-cache Hit from cloudfront content-type image/png accept-ranges bytes content-length 2266 x-amz-cf-id ha6Of32zhqbJc_fno4B32r7khlqSG5s76saYYvMx3x5PP32YqihUFA==
GET H2	200	pattern__safari1.jpg d1igqsiuxonr0q.cloudfront.net/lps/flash_mac/images/	25 KB 25 KB	634ms 77ms	Image image/jpeg	2600:9000:21ea:e00:3:2be1:2280:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d1igqsiuxonr0q.cloudfront.net/lps/flash_mac/images/pattern__safari1.jpg Requested by Host: stub.lovelyplayerset.click URL: https://stub.lovelyplayerset.click/sets?news=rmBi3CEmAstkaQtBH4N612-vmXtkVbpC7j9iCDi2NPw.&sid=350396&qs1=&cid=ADtQ8mW8WAUA9GYCAFVTFwASAAAAAABS Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21ea:e00:3:2be1:2280:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `7b4d70d5fb64a31f115e1e853b7272e1415ffec2234e78e00847350c23d607fe` Request headers accept-language en-US,en;q=0.9 Referer https://stub.lovelyplayerset.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 15:29:45 GMT via 1.1 e8bd72d9a7c5eaf252aab1ed2d79e1a6.cloudfront.net (CloudFront) last-modified Wed, 30 May 2018 18:11:28 GMT server AmazonS3 x-amz-cf-pop EWR50-C1 age 35284 etag "918dfef192de7b99284e969e75d6cc29" x-cache Hit from cloudfront content-type image/jpeg accept-ranges bytes content-length 25293 x-amz-cf-id NFUJRiaXli3abtR8OZjM9jVbYq76E6qxDsQR_0lXC7kj9fWIdw-Zpw==
GET H2	200	pattern__safari-arrow.png d1igqsiuxonr0q.cloudfront.net/lps/flash_mac/images/	3 KB 4 KB	634ms 77ms	Image image/png	2600:9000:21ea:e00:3:2be1:2280:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d1igqsiuxonr0q.cloudfront.net/lps/flash_mac/images/pattern__safari-arrow.png Requested by Host: stub.lovelyplayerset.click URL: https://stub.lovelyplayerset.click/sets?news=rmBi3CEmAstkaQtBH4N612-vmXtkVbpC7j9iCDi2NPw.&sid=350396&qs1=&cid=ADtQ8mW8WAUA9GYCAFVTFwASAAAAAABS Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21ea:e00:3:2be1:2280:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `7c48ecdfda540af22ecb4d9638c8c0082e401cc4b45aa2df46c976ec80d38c12` Request headers accept-language en-US,en;q=0.9 Referer https://stub.lovelyplayerset.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 22:46:54 GMT via 1.1 e8bd72d9a7c5eaf252aab1ed2d79e1a6.cloudfront.net (CloudFront) last-modified Wed, 30 May 2018 18:10:05 GMT server AmazonS3 x-amz-cf-pop EWR50-C1 age 9055 etag "496171f7f5272b0c3b8ae1d526110caf" x-cache Hit from cloudfront content-type image/png accept-ranges bytes content-length 3478 x-amz-cf-id VgPETg6QZO9s_p8S7AZ0fbfTeJLe9SG0f2EdOsq7fFJDb1GPtJnHdg==
GET H2	200	download_arrow.png d1igqsiuxonr0q.cloudfront.net/lps/download_ext/images/	173 B 540 B	609ms 77ms	Image image/png	2600:9000:21ea:e00:3:2be1:2280:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d1igqsiuxonr0q.cloudfront.net/lps/download_ext/images/download_arrow.png Requested by Host: stub.lovelyplayerset.click URL: https://stub.lovelyplayerset.click/sets?news=rmBi3CEmAstkaQtBH4N612-vmXtkVbpC7j9iCDi2NPw.&sid=350396&qs1=&cid=ADtQ8mW8WAUA9GYCAFVTFwASAAAAAABS Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21ea:e00:3:2be1:2280:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `8e32d99e816a42958b9473f470a2600963602981007576d85220044e6137965b` Request headers accept-language en-US,en;q=0.9 Referer https://stub.lovelyplayerset.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 14:25:58 GMT via 1.1 e8bd72d9a7c5eaf252aab1ed2d79e1a6.cloudfront.net (CloudFront) last-modified Thu, 20 Aug 2020 10:15:02 GMT server AmazonS3 x-amz-cf-pop EWR50-C1 age 39111 etag "551bb1d3f364bc5fd05bf6e99b16bfc0" x-amz-meta-origin-date-iso8601 2020-08-20T10:08:40.000Z x-cache Hit from cloudfront content-type image/png accept-ranges bytes content-length 173 x-amz-cf-id oYVW0DVr36cOQEUw6O6qCSaX6VEICp1EbO_FkKGeMIy_WeOxWYBO5g==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Apple Software Update (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| getWindowLayout

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
stub.lovelyplayerset.click/	1970-01-20 19:06:20	Name: channel Value: m1_ChextSTname_allg2
stub.lovelyplayerset.click/	1970-01-20 19:06:20	Name: dist_id Value: 8898
stub.lovelyplayerset.click/	1970-01-20 19:06:20	Name: lp_id Value: 3453

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d1igqsiuxonr0q.cloudfront.net
stub.lovelyplayerset.click
unglovinginducingmisreform.com
2600:9000:21ea:e00:3:2be1:2280:21
2606:4700:3034::6815:f6
3.144.207.224
5bbee510c3b5965532d53185cadd47753740b6445f2b9bded3849424fcd2661a
5edc99996d04888432ff40494a8dd8c2b13f710f321d73ede1c8d29212a8503f
7b4d70d5fb64a31f115e1e853b7272e1415ffec2234e78e00847350c23d607fe
7c48ecdfda540af22ecb4d9638c8c0082e401cc4b45aa2df46c976ec80d38c12
8e32d99e816a42958b9473f470a2600963602981007576d85220044e6137965b
9f2fab5b823df6ddff2e38afc969cc1bdea4376b01d5df2dc405d6c1e318ea51

stub.lovelyplayerset.click Open in urlscan Pro 3.144.207.224 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

6 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

2 IPs

1 Countries

38 kBTransfer

52 kBSize

3 Cookies

2 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

3 Cookies

Indicators

stub.lovelyplayerset.click Open in urlscan Pro
3.144.207.224 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

38 kB
Transfer

52 kB
Size

3
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!