surrl9oa.top Open in urlscan Pro
2606:4700:3031::ac43:9609 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://surrl9oa.top/
Submission: On October 29 via api (October 29th 2024, 8:48:52 am UTC) from HK — Scanned from GB

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 2606:4700:3031::ac43:9609, located in United States and belongs to CLOUDFLARENET, US. The main domain is surrl9oa.top.
TLS certificate: Issued by WE1 on October 9th 2024. Valid for: 3 months.

This is the only time surrl9oa.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address		AS Autonomous System
7	2606:4700:303... 2606:4700:3031::ac43:9609		13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2

7 2606:4700:3031::ac43:9609 (United States)

ASN13335 (CLOUDFLARENET, US)

surrl9oa.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	surrl9oa.top surrl9oa.top	161 KB
8	1

	Domain	Requested by
7	surrl9oa.top	surrl9oa.top
8	1

This site contains no links.

Subject Issuer	Validity	Valid
surrl9oa.top WE1	`2024-10-09` - `2025-01-07`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://surrl9oa.top/
Frame ID: FB92936C23C889468731800FA9A5D4F6
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Whats_App

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Page Statistics

8
Requests

88 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

161 kB
Transfer

528 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response surrl9oa.top/	11 KB 6 KB	1402ms 1038ms	Document text/html	2606:4700:3031::ac43:9609 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://surrl9oa.top/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:9609 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a374e4a26aa445b72e838329b0c3a85f4a19ee309ba6a6427126e5c00c92c46d` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8da1e889be726517-LHR content-encoding br content-type text/html date Tue, 29 Oct 2024 08:48:46 GMT last-modified Thu, 31 Aug 2023 13:58:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} priority u=0,i report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fwFT%2BNjhysZ9k%2BG7MBiukppvQChdhnj6LjC2lcPHae6B4ZqCIiYAskR2jHb%2FbwbsJ9IROh7ux7OEpjpmb190jQ5ZbKeZgRjxcLE8iykjB3V2sM7RHaMGUYvBclvwNmPKg%2F%2ByAkpMTfIjE3k%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=32429&sent=13&recv=11&lost=0&retrans=0&sent_bytes=4208&recv_bytes=4467&delivery_rate=538&cwnd=12000&unsent_bytes=0&cid=9a0711aa096f4228&ts=1074&x=1" cfExtPri cfHdrFlush;dur=0 vary Accept-Encoding
GET H3	200	stylex-2d46744708947781f1f33a0069cbc308.css surrl9oa.top/files/	114 KB 34 KB	1450ms 1449ms	Stylesheet text/css	2606:4700:3031::ac43:9609 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://surrl9oa.top/files/stylex-2d46744708947781f1f33a0069cbc308.css Requested by Host: surrl9oa.top URL: https://surrl9oa.top/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:9609 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d3889a9a244c69018e4848bffa27b76845ca2c34813976342d4b122e6533bbca` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://surrl9oa.top/ Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status MISS etag W/"640a919c-1c673" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0J%2BmyR7bcgyjX%2FvDOQOe4XIn7f82K7vHjMGSNFGvNq3lpweQoBo%2F4IcpZOJosd2kSiIpTZY6BvebY5Sogk%2BAGN0NQlQtV2U7E6H43%2Fbgoo56rqD6JInq0Vo8b7NfzLIPU2qdDclH6tibiBw%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8da1e8904ef36517-LHR alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=28537&sent=78&recv=47&lost=0&retrans=0&sent_bytes=77292&recv_bytes=7172&delivery_rate=934628&cwnd=28800&unsent_bytes=0&cid=9a0711aa096f4228&ts=2537&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 29 Oct 2024 08:48:47 GMT content-type text/css last-modified Fri, 10 Mar 2023 02:10:36 GMT vary Accept-Encoding priority u=0,i=?0
GET H3	200	bootstrap_qr-e2b403f65ed52d327e90.css surrl9oa.top/files/	173 KB 61 KB	1295ms 1295ms	Stylesheet text/css	2606:4700:3031::ac43:9609 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://surrl9oa.top/files/bootstrap_qr-e2b403f65ed52d327e90.css Requested by Host: surrl9oa.top URL: https://surrl9oa.top/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:9609 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `40de96c95d1458d29df75c48f966dae08456d012450aa2a32d63d822997d8dd4` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://surrl9oa.top/ Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status MISS etag W/"640a919c-2b2c0" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jYo6wfmQckctnRzvueoV3P8V1R1lc0D257pHDdpWSMPXsuApEQqQI2mLDhNec46fHGIUitASfn8fGf%2By%2FiuL2IlEj0nd7RBSuf%2B%2BmN6a84KhRamOaAY%2FQXeb0RUbABpZazCjdmASgWAGdHM%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8da1e8904ef76517-LHR alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=30294&sent=22&recv=19&lost=0&retrans=0&sent_bytes=13162&recv_bytes=5959&delivery_rate=2740&cwnd=12000&unsent_bytes=0&cid=9a0711aa096f4228&ts=2382&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 29 Oct 2024 08:48:47 GMT content-type text/css last-modified Fri, 10 Mar 2023 02:10:36 GMT vary Accept-Encoding priority u=0,i=?0
GET H3	200	bootstrap_main.9d6050e3d2fff5b782d3.css surrl9oa.top/files/	226 KB 54 KB	1373ms 1372ms	Stylesheet text/css	2606:4700:3031::ac43:9609 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://surrl9oa.top/files/bootstrap_main.9d6050e3d2fff5b782d3.css Requested by Host: surrl9oa.top URL: https://surrl9oa.top/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:9609 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9cbfd4f00c4210688faaecdace3d2877e5c789a7c8d06f1d0c49507b55de6a2b` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://surrl9oa.top/ Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status MISS etag W/"640a919c-38629" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j59dUYZhvwr0DEcX%2F7WDrE28QQbf4xZtwjnO88oN1fR9MWSvMGt41gsPrUVfJjv4Xlvk9LhrbwheIr95zbc3A8ad5GbPq21g%2FbTB6Ok04tv6lQ6biUwpj0sPs9StBw4Oa1fbYtGY%2Bnxpobw%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8da1e8904efa6517-LHR alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=28222&sent=49&recv=32&lost=0&retrans=0&sent_bytes=45207&recv_bytes=6518&delivery_rate=777002&cwnd=24000&unsent_bytes=0&cid=9a0711aa096f4228&ts=2458&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 29 Oct 2024 08:48:47 GMT content-type text/css last-modified Fri, 10 Mar 2023 02:10:36 GMT vary Accept-Encoding priority u=0,i=?0
GET H3	200	screenshot.png surrl9oa.top/	2 KB 3 KB	1141ms 1140ms	Image image/png	2606:4700:3031::ac43:9609 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://surrl9oa.top/screenshot.png Requested by Host: surrl9oa.top URL: https://surrl9oa.top/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:9609 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `16cc0c0ccbf24a8aa9b1c7df1d2578e8e759b3c2887dc24c0d197b7adf899ccf` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://surrl9oa.top/ Response headers cf-cache-status MISS etag "671f51f2-94b" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4hN%2BQyJw7tC3AT0Sy8bBvSqgt%2Bvc8G9S6gGvpRbW6GGTyqFzDnY9xDUm%2FtEgpEY4QXTs%2F%2FPWnNOjFhC%2ByMkuGkAqv9EBpblrcQO9I1ukF0pwUXG94dBFfy%2BP4Ii71%2BZeeoAyc5l32E8pBLc%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=30843&sent=19&recv=17&lost=0&retrans=0&sent_bytes=10045&recv_bytes=5872&delivery_rate=210643&cwnd=12000&unsent_bytes=0&cid=9a0711aa096f4228&ts=2228&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 29 Oct 2024 08:48:47 GMT content-type image/png last-modified Mon, 28 Oct 2024 08:57:22 GMT vary Accept-Encoding priority u=2,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8da1e8904efd6517-LHR accept-ranges bytes content-length 2379 server cloudflare
GET H3	404	favicon.ico surrl9oa.top/	548 B 762 B	1155ms 1155ms	Other text/html	2606:4700:3031::ac43:9609 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://surrl9oa.top/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:9609 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://surrl9oa.top/ Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status MISS report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y0yCsN5lr8Te6woY5y4tKCJT0urlRv8wzjoYYnq2ofwhYiouObhzFqwLRiT4bxsqbwQE8clxMSP1Lgh8V6XF4DUVEpWr3u6Q9aMV1BcV9xp9edP3r3mvKVN4rLpqMj9nWP6X4KMhZYuUmeI%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8da1e89afc796517-LHR alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=30852&sent=158&recv=69&lost=0&retrans=0&sent_bytes=169362&recv_bytes=8444&delivery_rate=732180&cwnd=36000&unsent_bytes=0&cid=9a0711aa096f4228&ts=3946&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 29 Oct 2024 08:48:48 GMT content-type text/html vary Accept-Encoding server cloudflare priority u=1,i
GET H3	200	screenshot.png surrl9oa.top/	2 KB 3 KB	1076ms 1076ms	Image image/png	2606:4700:3031::ac43:9609 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://surrl9oa.top/screenshot.png?v=1730191729301 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:9609 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `16cc0c0ccbf24a8aa9b1c7df1d2578e8e759b3c2887dc24c0d197b7adf899ccf` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://surrl9oa.top/ Response headers cf-cache-status MISS etag "671f51f2-94b" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JjD7%2BXkYu4RW2XQYEKx0ncrv14R7M3rcnXziUDQ8o%2Bd%2FafX%2FY75SMBUEExrmM6uJMYy402VhvGbrVzwt3aUhPHJESjHLOFS60DaKPq%2FsKpqVI%2FqWx0RRGrDnGP0Wa%2F6GlOVew2MNQhlqKDw%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=30452&sent=160&recv=71&lost=0&retrans=0&sent_bytes=170172&recv_bytes=8834&delivery_rate=676&cwnd=36000&unsent_bytes=0&cid=9a0711aa096f4228&ts=5348&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 29 Oct 2024 08:48:50 GMT content-type image/png last-modified Mon, 28 Oct 2024 08:57:22 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8da1e8a43ffe6517-LHR accept-ranges bytes content-length 2379 server cloudflare
GET		screenshot.png surrl9oa.top/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: surrl9oa.top
URL: https://surrl9oa.top/screenshot.png?v=1730191730800

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| UrlExists function| CheckUrl

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://surrl9oa.top/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

surrl9oa.top
surrl9oa.top
2606:4700:3031::ac43:9609
16cc0c0ccbf24a8aa9b1c7df1d2578e8e759b3c2887dc24c0d197b7adf899ccf
40de96c95d1458d29df75c48f966dae08456d012450aa2a32d63d822997d8dd4
9cbfd4f00c4210688faaecdace3d2877e5c789a7c8d06f1d0c49507b55de6a2b
a374e4a26aa445b72e838329b0c3a85f4a19ee309ba6a6427126e5c00c92c46d
d3889a9a244c69018e4848bffa27b76845ca2c34813976342d4b122e6533bbca
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

surrl9oa.top Open in urlscan Pro 2606:4700:3031::ac43:9609 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

8 Requests

88 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

161 kBTransfer

528 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

surrl9oa.top Open in urlscan Pro
2606:4700:3031::ac43:9609 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

88 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

161 kB
Transfer

528 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!