entry5500-js2024r2.usercontent.dev
Open in
urlscan Pro
178.128.255.27
Malicious Activity!
Public Scan
Submission: On October 15 via api from CA — Scanned from NL
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on September 19th 2023. Valid for: a year.
This is the only time entry5500-js2024r2.usercontent.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
15 | 178.128.255.27 178.128.255.27 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
21 | 2 |
ASN14061 (DIGITALOCEAN-ASN, US)
entry5500-js2024r2.usercontent.dev |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
usercontent.dev
entry5500-js2024r2.usercontent.dev |
249 KB |
21 | 1 |
Domain | Requested by | |
---|---|---|
15 | entry5500-js2024r2.usercontent.dev |
entry5500-js2024r2.usercontent.dev
|
21 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.usercontent.dev Go Daddy Secure Certificate Authority - G2 |
2023-09-19 - 2024-10-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://entry5500-js2024r2.usercontent.dev/
Frame ID: 92B6143D1CEF65A4A023700F71392E92
Requests: 20 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
entry5500-js2024r2.usercontent.dev/ |
13 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index-DAwVIcSV.js
entry5500-js2024r2.usercontent.dev/ |
133 KB 48 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index-CTVyo94k.css
entry5500-js2024r2.usercontent.dev/ |
490 KB 84 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
mtproto.worker-B-1JLZRa.js
entry5500-js2024r2.usercontent.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
crypto.worker-CfCshcpI.js
entry5500-js2024r2.usercontent.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
369 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
crypto.worker-CfCshcpI.js
entry5500-js2024r2.usercontent.dev/ |
67 KB 24 KB |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
59 B 59 B |
Image
image/jxl |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
311 B 0 |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
entry5500-js2024r2.usercontent.dev/assets/img/ |
15 KB 15 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lang-DnpZoegq.js
entry5500-js2024r2.usercontent.dev/ |
130 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
langSign-CN-ja8rh.js
entry5500-js2024r2.usercontent.dev/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
countries-CzeCvYH8.js
entry5500-js2024r2.usercontent.dev/ |
24 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pageSignQR-fn28410v.js
entry5500-js2024r2.usercontent.dev/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
page-CpEWAtN3.js
entry5500-js2024r2.usercontent.dev/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
button-D7nDcb2b.js
entry5500-js2024r2.usercontent.dev/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
putPreloader-nJa2X1eP.js
entry5500-js2024r2.usercontent.dev/ |
699 B 783 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
textToSvgURL-Cnw_Q8Rw.js
entry5500-js2024r2.usercontent.dev/ |
357 B 589 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qr-code-styling-CvBVNv73.js
entry5500-js2024r2.usercontent.dev/ |
65 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_commonjsHelpers-Cpj98o6Y.js
entry5500-js2024r2.usercontent.dev/ |
290 B 539 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
a070e3f7-b128-4835-9246-f01d289ec3c5
https://entry5500-js2024r2.usercontent.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
59662ad9-576f-4de0-a3cb-aee05292c5e1
https://entry5500-js2024r2.usercontent.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
e8b759a8-6571-4deb-bfd8-7f61fa450b2d
https://entry5500-js2024r2.usercontent.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_padded.svg
entry5500-js2024r2.usercontent.dev/assets/img/ |
1 KB 0 |
Fetch
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- entry5500-js2024r2.usercontent.dev
- URL
- https://entry5500-js2024r2.usercontent.dev/mtproto.worker-B-1JLZRa.js
- Domain
- entry5500-js2024r2.usercontent.dev
- URL
- https://entry5500-js2024r2.usercontent.dev/crypto.worker-CfCshcpI.js
- Domain
- entry5500-js2024r2.usercontent.dev
- URL
- blob:https://entry5500-js2024r2.usercontent.dev/a070e3f7-b128-4835-9246-f01d289ec3c5
- Domain
- entry5500-js2024r2.usercontent.dev
- URL
- blob:https://entry5500-js2024r2.usercontent.dev/59662ad9-576f-4de0-a3cb-aee05292c5e1
- Domain
- entry5500-js2024r2.usercontent.dev
- URL
- blob:https://entry5500-js2024r2.usercontent.dev/e8b759a8-6571-4deb-bfd8-7f61fa450b2d
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)30 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| rootScope function| deferredPromise function| AppStorage object| stateStorage function| wrapUrl object| I18n object| webpWorkerController object| appStorage object| appNavigationController object| singleInstance object| webPushApiManager object| telegramMeWebManager object| opusDecodeController object| cryptoMessagePort object| mtprotoMessagePort object| serviceMessagePort object| apiManagerProxy function| calcImageInBox object| mediaSizes object| customProperties object| windowSize object| liteMode object| themeController object| overlayCounter function| formatDateAccordingToTodayNew function| fillTipDates function| dispatchHeavyAnimationEvent object| pagesManager object| sequentialDom function| putPreloader0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
entry5500-js2024r2.usercontent.dev
entry5500-js2024r2.usercontent.dev
178.128.255.27
0023f0bb0c3821799bd519707ab25a88964d55fabab8acc4754ad3207bf545c5
04dfc8e1a6e59e36a3a3a5c15443a97a92a6d2a7da9d276b050d58be3c7952a7
2b3cb7fcd5a7cba31f0932276d0673437bb4d8ba9fcfcc3602ec85ea60458ae4
4d5108399b82641dbf80148c27bb49203d32e211cec1ed139557ceff975c3896
59603047eac7cf946dc4aa982a74193c206781b0570c33cb0b627ea34c0e801c
6876bde98b3f0c4013107f69f6bf375f60a2807bd79c11592131d9b8bbbb76ae
6f2cf0c99091af44641cb27eee6a0f32a56aa85f446f60a9482864f2ade413d4
71e9feab271f163d0eb27197c5c9bae04717388c62089aba5349849a33dce451
72c34a540e7ab561851bf947b03a0ae5c18853e251e61609807d12e1080e3326
7e2388ec283fe17472ef02829a93da550af8f3ad4a975f50a0110bff61afe523
7e898f2560233fe672543bbaffe66542d387208b18f5639cb3050bd75d167e48
88ef7b589f467f4a280126e59b5428d5169f80a165500687699209f60ca39998
db66f764c311c8c976601370a59831be1b792fe9535c8f36f7de75334226b071
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46b8b6fbdf4f480df7b7d8cd5019c55aac431d4ef12b412c6409cdd50d5967f
ed25fa6b74fbac273a12bb8d04faf6b84e478348a807fdf6fba3b3da09723910
edb840b9f5c98a4f5248f3b188718801c5880cb58b683bb3f77aa847c1ce09cc
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4
f94a378dc9474d7ea89d55485b242b9d0d0708c00bc5dfb0d7b82e073ead5a30