mallowzama.online
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Effective URL: https://mallowzama.online/?encoded_value=223GDT1&sub1=2530bb9ae0e94237901292fb73b9e00c&sub2=&sub3=&sub4=&sub5=22441&source...
Submission: On November 05 via manual from GB — Scanned from GB
Summary
TLS certificate: Issued by WE1 on September 30th 2024. Valid for: 3 months.
This is the only time mallowzama.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 172.66.0.227 172.66.0.227 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 2606:4700:303... 2606:4700:3037::ac43:c378 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 2606:4700:303... 2606:4700:3034::6815:4327 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 23 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:303... 2606:4700:3037::ac43:8ef5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
27 | 4 |
ASN13335 (CLOUDFLARENET, US)
mallowzama.online | |
trk-consulatu.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
mallowzama.online
1 redirects
mallowzama.online |
2 MB |
4 |
trk-consulatu.com
trk-consulatu.com — Cisco Umbrella Rank: 157217 event.trk-consulatu.com — Cisco Umbrella Rank: 275323 |
4 KB |
1 |
fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1222 |
429 KB |
1 |
red1rectback.com
1 redirects
www.red1rectback.com |
1 KB |
1 |
woularch.com
1 redirects
www.woularch.com |
960 B |
1 |
t.co
t.co — Cisco Umbrella Rank: 859 |
863 B |
27 | 6 |
Domain | Requested by | |
---|---|---|
22 | mallowzama.online |
1 redirects
t.co
mallowzama.online |
3 | event.trk-consulatu.com |
trk-consulatu.com
|
1 | trk-consulatu.com |
mallowzama.online
|
1 | use.fontawesome.com |
mallowzama.online
|
1 | www.red1rectback.com | 1 redirects |
1 | www.woularch.com | 1 redirects |
1 | t.co | |
27 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
t.co E5 |
2024-09-28 - 2024-12-27 |
3 months | crt.sh |
mallowzama.online WE1 |
2024-09-30 - 2024-12-29 |
3 months | crt.sh |
use.fontawesome.com WE1 |
2024-09-09 - 2024-12-09 |
3 months | crt.sh |
trk-consulatu.com WE1 |
2024-10-16 - 2025-01-14 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://mallowzama.online/?encoded_value=223GDT1&sub1=2530bb9ae0e94237901292fb73b9e00c&sub2=&sub3=&sub4=&sub5=22441&source_id=20320&ip=2a00%3A2381%3A5374%3A1b%3A%3A99&domain=www.red1rectback.com
Frame ID: 2169576AC1DCFA8B0C813B3BB61B59A5
Requests: 26 HTTP requests in this frame
Screenshot
Page Title
RAC - Survey RewardsPage URL History Show full URLs
- https://t.co/sbTQEQmnuC Page URL
-
https://www.woularch.com/25XHKMPK/7D7TTFDS/?sub1=620_07&sub2=02&sub3=04_11_01
HTTP 302
https://www.red1rectback.com/2W1Q1KK/2DPZMZTW/?sub1=2530bb9ae0e94237901292fb73b9e00c&source_id=20320&sub5... HTTP 302
https://mallowzama.online/oqtSGEYH0ZhZR3UL0DNwXr66Z/?encoded_value=223GDT1&sub1=2530bb9ae0e94237901292... HTTP 302
http://mallowzama.online/?encoded_value=223GDT1&sub1=2530bb9ae0e94237901292fb73b9e00c&sub2=&sub3=&sub... HTTP 307
https://mallowzama.online/?encoded_value=223GDT1&sub1=2530bb9ae0e94237901292fb73b9e00c&sub2=&sub3=&sub... Page URL
Detected technologies
animate.css (Web Frameworks) ExpandDetected patterns
- <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://t.co/sbTQEQmnuC Page URL
-
https://www.woularch.com/25XHKMPK/7D7TTFDS/?sub1=620_07&sub2=02&sub3=04_11_01
HTTP 302
https://www.red1rectback.com/2W1Q1KK/2DPZMZTW/?sub1=2530bb9ae0e94237901292fb73b9e00c&source_id=20320&sub5=101195 HTTP 302
https://mallowzama.online/oqtSGEYH0ZhZR3UL0DNwXr66Z/?encoded_value=223GDT1&sub1=2530bb9ae0e94237901292fb73b9e00c&sub2=&sub3=&sub4=&sub5=22441&source_id=20320&ip=2a00%3A2381%3A5374%3A1b%3A%3A99&domain=www.red1rectback.com HTTP 302
http://mallowzama.online/?encoded_value=223GDT1&sub1=2530bb9ae0e94237901292fb73b9e00c&sub2=&sub3=&sub4=&sub5=22441&source_id=20320&ip=2a00%3A2381%3A5374%3A1b%3A%3A99&domain=www.red1rectback.com HTTP 307
https://mallowzama.online/?encoded_value=223GDT1&sub1=2530bb9ae0e94237901292fb73b9e00c&sub2=&sub3=&sub4=&sub5=22441&source_id=20320&ip=2a00%3A2381%3A5374%3A1b%3A%3A99&domain=www.red1rectback.com Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
sbTQEQmnuC
t.co/ |
404 B 863 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
mallowzama.online/ Redirect Chain
|
28 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
mallowzama.online/css/ |
16 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
animate.min.css
mallowzama.online/css/ |
70 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.js
use.fontawesome.com/releases/v5.15.4/js/ |
1 MB 429 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
datehead.js
mallowzama.online/js/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.png
mallowzama.online/images/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
flaglogo.png
mallowzama.online/images/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
product.png
mallowzama.online/images/ |
1 MB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
loadingBL.gif
mallowzama.online/images/ |
122 KB 122 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
prize1.png
mallowzama.online/images/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1.jpg
mallowzama.online/images/ |
44 KB 45 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2.jpg
mallowzama.online/images/ |
37 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
comm_pic_1.jpg
mallowzama.online/images/ |
117 KB 118 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3.jpg
mallowzama.online/images/ |
43 KB 43 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4.jpg
mallowzama.online/images/ |
29 KB 29 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
comm_pic_2.jpg
mallowzama.online/images/ |
101 KB 102 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
5.jpg
mallowzama.online/images/ |
60 KB 60 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f_guarantee.png
mallowzama.online/images/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f_secure_1.png
mallowzama.online/images/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo2.png
mallowzama.online/images/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
script.js
mallowzama.online/js/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bg.png
mallowzama.online/images/ |
300 KB 301 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
64d5p99gj0
trk-consulatu.com/scripts/push/script/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H3 |
q5ej23ryg0
event.trk-consulatu.com/register/event_log/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
q5ej23ryg0
event.trk-consulatu.com/register/event_log/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
q5ej23ryg0
event.trk-consulatu.com/register/event_log/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)32 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| datehax function| datenhax function| datenhay function| startTimer object| answers number| lastQnum function| toNext object| states object| dones object| loadImg object| loadBgCol function| drawloader number| qn number| dsq object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome function| urlBase64ToUint8Array function| pullUrlParams function| push_subscribe function| push_subscribe_promise function| setIfNull function| logPushEvent function| push_unsubscribe function| push_init function| setSessionId function| setUtm function| getSessionId function| getUrlVars function| getDomainName function| getStore function| setAttributes7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.t.co/ | Name: muc Value: 3bcc41ef-829c-496f-b610-e55660d5b728 |
|
.t.co/ | Name: __cf_bm Value: PWjTs82zdFZRg7kDKMwLWJobWTzUl6WDBDz5I9TYTkM-1730799900-1.0.1.1-pvjllAIxSkSMuusNp9WG_HztJ3xCh0nmYcFq2YGPbxk3JZlxl.uTjjbswF.XhYAdtRRcYw995IPg3JQA1WkhjQ |
|
www.woularch.com/ | Name: uniqueClick_7D7TTFDS Value: 53ddead2-93fb-4fa5-933c-fca621cffaae:1730799900 |
|
www.woularch.com/ | Name: transaction_id Value: 2530bb9ae0e94237901292fb73b9e00c |
|
www.red1rectback.com/ | Name: uniqueClick_2DPZMZTW Value: 79c2f64f-756d-4d63-93ad-82132a938f41:1730799901 |
|
www.red1rectback.com/ | Name: transaction_id Value: b8076e538db14843ad6def7efa0d27ef |
|
mallowzama.online/ | Name: SESSIONIDS Value: oqtSGEYH0ZhZR3UL0DNwXr66Z |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=0 |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
event.trk-consulatu.com
mallowzama.online
t.co
trk-consulatu.com
use.fontawesome.com
www.red1rectback.com
www.woularch.com
172.66.0.227
2606:4700:3034::6815:4327
2606:4700:3037::ac43:8ef5
2606:4700:3037::ac43:c378
2a06:98c1:3120::3
2a06:98c1:3121::3
062986fbe6c922fbc3e7993bcd582d96c58eb1132d19058a0b2e2cb5a53a9a51
37e5d12238df11751984a474ffc6e3120985605e4070d4db757995a36abdb7f7
37f08b72a8979b3faed73629ede662e40c80f4d22b6d9b807368d02387e82b2b
49daeee75a844be2792d54e31e60eb3a37d1b97f16f9d9fbca9cc676c7ec0cfd
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
624a7a5d76af17f419dc83d2d76da7169984a8c0aab3e6dcca44d65f1a3bda9c
668ede796290bf07168d2a1bd1a2bb204c0309168b461cb56d20a06b20926e67
7efe3233a8511d2101e189628413af3f29eaa8ac39bb75dcff1c9ccaa18905c8
801a107aba7446bde1e48d63a2b066014a1a310cb2d9d884545d77ff6e89a31f
812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf
a1713fcdfdf4715b08d5a6275e3b5a170cb38ec4c37414c25ac281402a2d315d
a26cca18f04e54da46d2c56bc74db2c3824fa3bf8a07d014e000e0e6d81d347a
acd5297abee4b6b5ba2a06d2e654c9daa71ec632de8de03a8eec76ce7bfb603d
bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b
c0acefaab37732f6979096afcc259d00ed81235bab3b723e592db986a98d1b75
c6ad96b74d962eb5735006f415a00d26e5be5989871a5a99446b4bf8c15f019e
c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95
d62dcdb3449970f612971eb8e27a20fc132fa439ebfafae9d1e969c70359ab32
e095b91cc9a20149cef660cd11b5ea0dfb7b13b511d2841913984bf78354740b
fcd4752d6984d393fdc5367f7e9de201e13d6529977b8856bee14d92ce7127ec
fceb0d068af15a9a7f7e1164b97f543a1755fcadfe95ca71dea2eb8dbd07be1d
ff69860c9620303eed4896fd74a5e6235eb9de8364ef5984eb4474bed35b833b