myrtle.com.pk
Open in
urlscan Pro
192.185.198.14
Malicious Activity!
Public Scan
Effective URL: https://myrtle.com.pk/meta/Active92.php
Submission Tags: @phish_report
Submission: On September 08 via api from FI — Scanned from CH
Summary
TLS certificate: Issued by R3 on August 4th 2023. Valid for: 3 months.
This is the only time myrtle.com.pk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Viseca (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 192.185.198.136 192.185.198.136 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
1 3 | 192.185.198.14 192.185.198.14 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
4 | 217.111.139.8 217.111.139.8 | 208305 (AS_VISECA) (AS_VISECA) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 192.229.220.206 192.229.220.206 | 15133 (EDGECAST) (EDGECAST) | |
14 | 5 |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 192-185-198-136.unifiedlayer.com
match-power-ind.co.uk |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 192-185-198-14.unifiedlayer.com
myrtle.com.pk |
ASN208305 (AS_VISECA, CH)
PTR: one.viseca.ch
one-digitalservice.ch |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
one-digitalservice.ch
one-digitalservice.ch |
60 KB |
3 |
myrtle.com.pk
1 redirects
myrtle.com.pk |
8 KB |
1 |
dribbble.com
cdn.dribbble.com — Cisco Umbrella Rank: 57524 |
70 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 249 |
5 KB |
1 |
match-power-ind.co.uk
1 redirects
match-power-ind.co.uk |
93 B |
14 | 5 |
Domain | Requested by | |
---|---|---|
4 | one-digitalservice.ch |
myrtle.com.pk
one-digitalservice.ch |
3 | myrtle.com.pk | 1 redirects |
1 | cdn.dribbble.com |
myrtle.com.pk
|
1 | cdnjs.cloudflare.com |
myrtle.com.pk
|
1 | match-power-ind.co.uk | 1 redirects |
14 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
myrtle.com.pk R3 |
2023-08-04 - 2023-11-02 |
3 months | crt.sh |
one-digitalservice.ch DigiCert TLS RSA SHA256 2020 CA1 |
2023-07-17 - 2024-08-16 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
*.dribbble.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-03-18 - 2024-04-17 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://myrtle.com.pk/meta/Active92.php
Frame ID: CF8A6166AF1252A3D9DC43D03132135B
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
Login | one Digital ServiceDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://match-power-ind.co.uk/ HTTP 302
- https://myrtle.com.pk/meta HTTP 301
- https://myrtle.com.pk/meta/
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
myrtle.com.pk/meta/ Redirect Chain
|
0 173 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
Active92.php
myrtle.com.pk/meta/ |
64 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
one-digitalservice.ch/login/css/ |
55 KB 55 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ispin.css
one-digitalservice.ch/login/css/ |
470 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ |
20 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
one.svg
one-digitalservice.ch/login/images/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
one-small.svg
one-digitalservice.ch/login/images/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
13539-sign-for-error-or-explanation-alert.gif
cdn.dribbble.com/users/251873/screenshots/9288094/ |
70 KB 70 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
FrutigerLTStd-Roman.woff
one-digitalservice.ch/login/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
FrutigerLTStd-Bold.woff
one-digitalservice.ch/login/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
FrutigerLTStd-Light.woff
one-digitalservice.ch/login/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
FrutigerLTStd-Roman.ttf
one-digitalservice.ch/login/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
FrutigerLTStd-Light.ttf
one-digitalservice.ch/login/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
FrutigerLTStd-Bold.ttf
one-digitalservice.ch/login/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- one-digitalservice.ch
- URL
- https://one-digitalservice.ch/login/fonts/FrutigerLTStd-Roman.woff
- Domain
- one-digitalservice.ch
- URL
- https://one-digitalservice.ch/login/fonts/FrutigerLTStd-Bold.woff
- Domain
- one-digitalservice.ch
- URL
- https://one-digitalservice.ch/login/fonts/FrutigerLTStd-Light.woff
- Domain
- one-digitalservice.ch
- URL
- https://one-digitalservice.ch/login/fonts/FrutigerLTStd-Roman.ttf
- Domain
- one-digitalservice.ch
- URL
- https://one-digitalservice.ch/login/fonts/FrutigerLTStd-Light.ttf
- Domain
- one-digitalservice.ch
- URL
- https://one-digitalservice.ch/login/fonts/FrutigerLTStd-Bold.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Viseca (Financial)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
myrtle.com.pk/ | Name: PHPSESSID Value: fddo2i3ktln64ci1uacn7heqe2 |
14 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.dribbble.com
cdnjs.cloudflare.com
match-power-ind.co.uk
myrtle.com.pk
one-digitalservice.ch
one-digitalservice.ch
192.185.198.136
192.185.198.14
192.229.220.206
217.111.139.8
2606:4700::6811:180e
2cbfba442e84de59ee547ea3195984c2e9b15d5974d4b324cc7f592df1fa2fa3
36607cbe3073907d0a37b1cad63285124d9793f2e204f9d30f35f2e7c4d2ed72
56a0acab710b61892ebd25df8067eb339b65117c4db12cbd06ef3c7f780fe0ab
8b1ac825153c2c2e7321901e800fdaf9ca16e65aaf28d362698400ac3642b18b
9e5d9608c0a0edfe0e7661a72da49cdf56cb1341eed20b240a1ab1fdb3057026
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855