verify-me.netlify.app Open in urlscan Pro
35.198.196.16 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://verify-me.netlify.app/
Submission: On August 01 via api (August 1st 2023, 12:51:26 am UTC) from JP — Scanned from JP

Summary HTTP 22 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 22 HTTP transactions. The main IP is 35.198.196.16, located in Singapore and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is verify-me.netlify.app.
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on December 21st 2022. Valid for: a year.

This is the only time verify-me.netlify.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	35.198.196.16 35.198.196.16	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	18.65.199.24 18.65.199.24	16509 (AMAZON-02) (AMAZON-02)
7	18.65.199.88 18.65.199.88	16509 (AMAZON-02) (AMAZON-02)
1	142.251.222.10 142.251.222.10	() ()
3	52.219.194.64 52.219.194.64	() ()
2	104.17.24.14 104.17.24.14	() ()
22	7

1 35.198.196.16 (Singapore)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 16.196.198.35.bc.googleusercontent.com

verify-me.netlify.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.65.199.24 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-65-199-24.nrt57.r.cloudfront.net

d2owpcwl4v0y1p.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 18.65.199.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-65-199-88.nrt57.r.cloudfront.net

d2jonispl0uhtm.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.222.10 (None, )

ASN- ()

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.219.194.64 (None, )

ASN- ()

s3.us-west-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.24.14 (None, )

ASN- ()

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	cloudfront.net d2owpcwl4v0y1p.cloudfront.net d2jonispl0uhtm.cloudfront.net	72 KB
3	amazonaws.com s3.us-west-1.amazonaws.com	4 KB
2	cloudflare.com cdnjs.cloudflare.com Failed	3 KB
1	googleapis.com ajax.googleapis.com fonts.googleapis.com Failed
1	netlify.app verify-me.netlify.app	767 B
22	5

	Domain	Requested by
7	d2jonispl0uhtm.cloudfront.net	d2owpcwl4v0y1p.cloudfront.net d2jonispl0uhtm.cloudfront.net
3	s3.us-west-1.amazonaws.com	d2jonispl0uhtm.cloudfront.net
2	cdnjs.cloudflare.com	d2jonispl0uhtm.cloudfront.net
1	ajax.googleapis.com	d2jonispl0uhtm.cloudfront.net
1	d2owpcwl4v0y1p.cloudfront.net	verify-me.netlify.app
1	verify-me.netlify.app
0	fonts.googleapis.com Failed	d2jonispl0uhtm.cloudfront.net
22	7

This site contains no links.

Subject Issuer	Validity	Valid
*.netlify.app DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-21` - `2024-01-21`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.s3-us-west-1.amazonaws.com Amazon RSA 2048 M01	`2023-04-11` - `2024-01-21`	9 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://verify-me.netlify.app/
Frame ID: 3748A3C24C0943396DA937B1978315DE
Requests: 9 HTTP requests in this frame

Frame: https://d2jonispl0uhtm.cloudfront.net/public/ct?cpguid=rk1y5kfvi&it=4024949&w=1600&h=1200&key=570f4&m=0&r=
Frame ID: 45E1C76E1F5FA9C27731D955376F8144
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Locked

Detected technologies

Netlify (Web Servers) Expand

Overall confidence: 100%
Detected patterns

^https?://[^/]+\.netlify\.(?:com|app)/

Page Statistics

22
Requests

68 %
HTTPS

0 %
IPv6

5
Domains

7
Subdomains

7
IPs

2
Countries

79 kB
Transfer

231 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
verify-me.netlify.app/ 550 B
767 B 1663ms
596ms Document
text/html 35.198.196.16
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://verify-me.netlify.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.198.196.16 , Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

16.196.198.35.bc.googleusercontent.com

Software

Netlify /

Resource Hash

05257a7ad486a90a269258c3c99b9a7b3b1dc5e3eca3a8ac6b957dbd3ad52c10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: jp-jp,jp;q=0.9

Response headers

accept-ranges: bytes
age: 64223
cache-control: public, max-age=0, must-revalidate
content-length: 550
content-type: text/html; charset=UTF-8
date: Tue, 01 Aug 2023 00:51:20 GMT
etag: "543ad28f8b3c081c5c1d1867daf8d391-ssl"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01H6Q97YETR9349EYCT9WS51FX

GET
H2 200 Dsg2TI.js Show response
d2owpcwl4v0y1p.cloudfront.net/ 24 KB
7 KB 1731ms
811ms Script
application/javascript 18.65.199.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2owpcwl4v0y1p.cloudfront.net/Dsg2TI.js
Requested by: Host: verify-me.netlify.app
URL: https://verify-me.netlify.app/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.65.199.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-199-24.nrt57.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7cbce275a31a0b2113cb9469ddb1fe41b820be2ba9eb221f618d4cf92c0cafd4

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://verify-me.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 00:30:51 GMT
content-encoding: gzip
via: 1.1 abe247adaab2cff314bfe6787604d9ea.cloudfront.net (CloudFront)
last-modified: Tue, 27 Jun 2023 13:23:05 GMT
server: AmazonS3
x-amz-cf-pop: NRT57-P3
age: 1232
etag: W/"07ace30cbd77eb9d6e74843abfd10980"
vary: Accept-Encoding
x-cache: Error from cloudfront
content-type: application/javascript
x-amz-cf-id: lwf5f5sKvHRVnWt1S6jV53sEvNesO5QB96Mtio5b-8DOm62sJYSwHA==

GET
H2 200 html.4024949.570f4.0.js Show response
d2jonispl0uhtm.cloudfront.net/public/external/v2/ 14 KB
14 KB 1661ms
695ms Script
application/javascript 18.65.199.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2jonispl0uhtm.cloudfront.net/public/external/v2/html.4024949.570f4.0.js
Requested by: Host: d2owpcwl4v0y1p.cloudfront.net
URL: https://d2owpcwl4v0y1p.cloudfront.net/Dsg2TI.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.65.199.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-199-88.nrt57.r.cloudfront.net
Software: Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11
Resource Hash: e9141f58631d02ed5dd43343590cbe445baf355761b667a19c06dbefb9e6dcdb

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://verify-me.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 00:51:24 GMT
via: 1.1 e70028cb30f78307280e23c065d90090.cloudfront.net (CloudFront)
server: Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop: NRT57-P3
x-powered-by: PHP/7.4.11
x-cache: Miss from cloudfront
content-type: application/javascript
x-amz-cf-id: agyVwtrchTNobIU9kWbXUIeVdGE94n66SIEMV3HG0XrqItEFgD115w==

GET
H2 200 css_front.css
d2jonispl0uhtm.cloudfront.net/public/external/ 6 KB
7 KB 1630ms
666ms Stylesheet
text/css 18.65.199.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2jonispl0uhtm.cloudfront.net/public/external/css_front.css
Requested by: Host: d2owpcwl4v0y1p.cloudfront.net
URL: https://d2owpcwl4v0y1p.cloudfront.net/Dsg2TI.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.65.199.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-199-88.nrt57.r.cloudfront.net
Software: Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 /
Resource Hash: a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://verify-me.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 00:51:24 GMT
via: 1.1 e70028cb30f78307280e23c065d90090.cloudfront.net (CloudFront)
last-modified: Tue, 23 Jun 2020 20:06:47 GMT
server: Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop: NRT57-P3
etag: "19c4-5a8c5e62e9d0a"
x-cache: Miss from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 6596
x-amz-cf-id: MPpTrBgn2H_1E7h1HSbNi5EsNbCXrvrHyiHzykwaWSqfOziaqUzyIg==

GET
H2 200 guid Show response
d2jonispl0uhtm.cloudfront.net/public/ 0
277 B 631ms
631ms Script
text/html 18.65.199.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2jonispl0uhtm.cloudfront.net/public/guid?cpguid=rk1y5kfvi&e=ll&t=1690851083620
Requested by: Host: d2owpcwl4v0y1p.cloudfront.net
URL: https://d2owpcwl4v0y1p.cloudfront.net/Dsg2TI.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.65.199.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-199-88.nrt57.r.cloudfront.net
Software: Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://verify-me.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 00:51:24 GMT
via: 1.1 e70028cb30f78307280e23c065d90090.cloudfront.net (CloudFront)
server: Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop: NRT57-P3
x-powered-by: PHP/7.4.11
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-length: 0
x-amz-cf-id: Z4Ll_nHOHDmQD6HEbOtFxgIinOPR6h_AMcOuskKIULqeV13WXwhmYw==

GET
H2 200 css.css
d2jonispl0uhtm.cloudfront.net/public/clockers/PrimeApps/ 1010 B
1 KB 519ms
519ms Stylesheet
text/css 18.65.199.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2jonispl0uhtm.cloudfront.net/public/clockers/PrimeApps/css.css
Requested by: Host: d2owpcwl4v0y1p.cloudfront.net
URL: https://d2owpcwl4v0y1p.cloudfront.net/Dsg2TI.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.65.199.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-199-88.nrt57.r.cloudfront.net
Software: Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11 /
Resource Hash: a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://verify-me.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 00:51:24 GMT
via: 1.1 e70028cb30f78307280e23c065d90090.cloudfront.net (CloudFront)
last-modified: Fri, 10 Apr 2020 22:29:00 GMT
server: Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop: NRT57-P3
etag: "3f2-5a2f7428ae907"
x-cache: Miss from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 1010
x-amz-cf-id: 66ea0Ou4Gb237q9QMIlk0Z-LfM-JPXDvFqxXvyBA7n64jMxdAsjorw==

GET
H2 200 ct Show response
d2jonispl0uhtm.cloudfront.net/public/ Frame 45E1 41 KB
41 KB 612ms
612ms Document
text/html 18.65.199.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2jonispl0uhtm.cloudfront.net/public/ct?cpguid=rk1y5kfvi&it=4024949&w=1600&h=1200&key=570f4&m=0&r=
Requested by: Host: d2owpcwl4v0y1p.cloudfront.net
URL: https://d2owpcwl4v0y1p.cloudfront.net/Dsg2TI.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.65.199.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-199-88.nrt57.r.cloudfront.net
Software: Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11
Resource Hash: 965a587bec66a14ae06b2cb434b25b243207f4daafe71a92cbdb711fbd8cb375

Request headers

Referer: https://verify-me.netlify.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: jp-jp,jp;q=0.9

Response headers

cache-control: no-cache, no-transform
content-type: text/html; charset=UTF-8
date: Tue, 01 Aug 2023 00:51:25 GMT
expires: Sat, 26 Jul 1997 05:00:00 GMT
pragma: no-cache
server: Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11
via: 1.1 e70028cb30f78307280e23c065d90090.cloudfront.net (CloudFront)
x-amz-cf-id: pnRqWXgI__LVGIL1cno2XSaoaDHMKaN_SajXV-LpgJozF0ENX-drsA==
x-amz-cf-pop: NRT57-P3
x-cache: Miss from cloudfront
x-powered-by: PHP/7.4.11

GET
H2 200 jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ Frame 45E1 12 KB
0 1373ms
439ms Script
text/javascript 142.251.222.10

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: d2jonispl0uhtm.cloudfront.net
URL: https://d2jonispl0uhtm.cloudfront.net/public/ct?cpguid=rk1y5kfvi&it=4024949&w=1600&h=1200&key=570f4&m=0&r=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.222.10 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://d2jonispl0uhtm.cloudfront.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:05:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 272728
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30028
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Jul 2024 21:05:58 GMT

GET css
fonts.googleapis.com/ Frame 45E1 0
0

GET
H/1.1 200
OK font-awesome.min.css
s3.us-west-1.amazonaws.com/cloudfls.co/themes/startui/css/lib/font-awesome/ Frame 45E1 17 KB
0 1344ms
414ms Stylesheet
text/css 52.219.194.64

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.us-west-1.amazonaws.com/cloudfls.co/themes/startui/css/lib/font-awesome/font-awesome.min.css
Requested by: Host: d2jonispl0uhtm.cloudfront.net
URL: https://d2jonispl0uhtm.cloudfront.net/public/ct?cpguid=rk1y5kfvi&it=4024949&w=1600&h=1200&key=570f4&m=0&r=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.219.194.64 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://d2jonispl0uhtm.cloudfront.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 00:51:27 GMT
x-amz-version-id: ePIWjfMKtCaP4bDE.eZHRaP_PF6hOabL
Last-Modified: Mon, 20 Jul 2020 19:18:06 GMT
Server: AmazonS3
x-amz-request-id: N0MY9N1DTY9HFVP1
ETag: "8f6faef8ee84c7d1bad83516f21d84a7"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 27502
x-amz-id-2: FGoeRsuSTuZR3ZQsQHI6iwWzQ5c4EwaikGU0VOe0gl09h9ucvXKNSVXS361jRbLHlxhBy05re10=

GET sweetalert2.min.js
cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/6.6.6/ Frame 45E1 0
0

GET
H2 200 sweetalert2.min.css
cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/6.6.6/ Frame 45E1 15 KB
3 KB 1351ms
443ms Stylesheet
text/css 104.17.24.14

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/6.6.6/sweetalert2.min.css

Requested by

Host: d2jonispl0uhtm.cloudfront.net
URL: https://d2jonispl0uhtm.cloudfront.net/public/ct?cpguid=rk1y5kfvi&it=4024949&w=1600&h=1200&key=570f4&m=0&r=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

ce068a9212a95f34ab3f25d57dccc787281c3d21f28470fe3d25a7ab72d91c7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://d2jonispl0uhtm.cloudfront.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 00:51:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1673430
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2411
last-modified: Mon, 04 May 2020 16:12:01 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ed1-3a93"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6NYsZ3116WmrL6b71Pn9dpBA1RgJ8WFCrAFgXYxMqILScMMKXuVCtQ9vb0XyYXeNBHws9LniUiuNY728GnyjivfWgUim4s3BYZLZ43Ovy6dalrycrrfdFtjCNBhNrX0eZDkTnOBm"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7efa17bb3dff261a-NRT
expires: Sun, 21 Jul 2024 00:51:26 GMT

GET
H2 200 core.js
cdnjs.cloudflare.com/ajax/libs/core-js/2.4.1/ Frame 45E1 88 KB
0 1352ms
445ms Script
application/javascript 104.17.24.14

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/core-js/2.4.1/core.js

Requested by

Host: d2jonispl0uhtm.cloudfront.net
URL: https://d2jonispl0uhtm.cloudfront.net/public/ct?cpguid=rk1y5kfvi&it=4024949&w=1600&h=1200&key=570f4&m=0&r=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://d2jonispl0uhtm.cloudfront.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 00:51:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 4513094
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 42723
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-3a1e2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fv3fomdLnSMQZ%2FtlA9gloPA4jyBw3wCaxX%2BYhnR5vJhpJcibARn3kCDqczpIZrmDEV9BT3n9DJW9OfoMQaY8GtSPdoZ70lekXfP9kxpaNq6BzrHkFM8Yr2dFJlP39BwKF3fLiK5d"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7efa17bb3e02261a-NRT
expires: Sun, 21 Jul 2024 00:51:26 GMT

GET colorpicker.js
s3.us-west-1.amazonaws.com/cloudfls.co/themes/startui/css/lib/colorpicker/js/ Frame 45E1 0
0

GET
H/1.1 200
OK colorpicker.css
s3.us-west-1.amazonaws.com/cloudfls.co/themes/startui/css/lib/colorpicker/css/ Frame 45E1 3 KB
4 KB 1346ms
415ms Stylesheet
text/css 52.219.194.64

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.us-west-1.amazonaws.com/cloudfls.co/themes/startui/css/lib/colorpicker/css/colorpicker.css
Requested by: Host: d2jonispl0uhtm.cloudfront.net
URL: https://d2jonispl0uhtm.cloudfront.net/public/ct?cpguid=rk1y5kfvi&it=4024949&w=1600&h=1200&key=570f4&m=0&r=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.219.194.64 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8157923832e020c3a4ed7ef85ad7d032d7b1b03b02e5502dce8ac9af9cedea53

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://d2jonispl0uhtm.cloudfront.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 00:51:27 GMT
x-amz-version-id: hOb.o1RIbFLjoUZHs0hFqKqWfq13uMQ1
Last-Modified: Mon, 20 Jul 2020 19:18:06 GMT
Server: AmazonS3
x-amz-request-id: N0MR9Q0P8BY8GHRM
ETag: "88ad8a6ad0054fcfa70e25a6c2474272"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 3181
x-amz-id-2: AXaJKCdYxkMQieBlAWWXt7ux81COfOmRMUvwQFlTUmPNNenZhmnrtsNj+xbKL7w1o/ODyYDXXPc=

GET
H/1.1 200
OK 151981978211ad81ad9b8c843e4b3c3052a8d6138c.css
s3.us-west-1.amazonaws.com/cloudfls.co/uploads/assets/ Frame 45E1 8 KB
0 1346ms
416ms Stylesheet
text/css 52.219.194.64

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.us-west-1.amazonaws.com/cloudfls.co/uploads/assets/151981978211ad81ad9b8c843e4b3c3052a8d6138c.css
Requested by: Host: d2jonispl0uhtm.cloudfront.net
URL: https://d2jonispl0uhtm.cloudfront.net/public/ct?cpguid=rk1y5kfvi&it=4024949&w=1600&h=1200&key=570f4&m=0&r=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.219.194.64 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://d2jonispl0uhtm.cloudfront.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 00:51:27 GMT
x-amz-version-id: mEuybZeBqZEWEnAJn0ikiMLlTy4658dV
Last-Modified: Mon, 20 Jul 2020 19:44:07 GMT
Server: AmazonS3
x-amz-request-id: N0MXMBDM48QBFVF4
ETag: "4ee41ce0944001dd398a94528668aa9b"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 22376
x-amz-id-2: AFIkMf8yiMBU3gE22T6n8KQo5uCPvu/W+GXkGl3fsfDyYlQaqKK9pS4hFVXPRDZB3NCj46RRLQk=

GET 151999678694833b4c5a49a55ef7f9224b286820f0.js
s3.us-west-1.amazonaws.com/cloudfls.co/uploads/assets/ Frame 45E1 0
0

GET 150170764295f591d2e1daeb4fda0985149aa31c04.png
s3.us-west-1.amazonaws.com/cloudfls.co/uploads/ Frame 45E1 0
0

GET guid.js
d2jonispl0uhtm.cloudfront.net/public/external/ Frame 45E1 0
0

GET
H2 200 impression.php Show response
d2jonispl0uhtm.cloudfront.net/public/external/ 10 B
305 B 515ms
515ms Script
text/html 18.65.199.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2jonispl0uhtm.cloudfront.net/public/external/impression.php?it=4024949&time=1690851085784
Requested by: Host: d2owpcwl4v0y1p.cloudfront.net
URL: https://d2owpcwl4v0y1p.cloudfront.net/Dsg2TI.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.65.199.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-199-88.nrt57.r.cloudfront.net
Software: Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11
Resource Hash: 3efc61bcf3a2a65c875e501412e9db8b00b4b554e4351e01fab46c2793e87b3d

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://verify-me.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 00:51:26 GMT
via: 1.1 e70028cb30f78307280e23c065d90090.cloudfront.net (CloudFront)
server: Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop: NRT57-P3
x-powered-by: PHP/7.4.11
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-length: 10
x-amz-cf-id: FtE3peBdW5ISL1RMVq8Da7MzeiKqKykiyGvVVtWqtcZbYC9i8MepPQ==

GET
H2 200 guid Show response
d2jonispl0uhtm.cloudfront.net/public/ 0
276 B 513ms
512ms Script
text/html 18.65.199.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2jonispl0uhtm.cloudfront.net/public/guid?cpguid=rk1y5kfvi&e=opl&t=1690851085785
Requested by: Host: d2owpcwl4v0y1p.cloudfront.net
URL: https://d2owpcwl4v0y1p.cloudfront.net/Dsg2TI.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.65.199.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-199-88.nrt57.r.cloudfront.net
Software: Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: jp-jp,jp;q=0.9
Referer: https://verify-me.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 00:51:26 GMT
via: 1.1 e70028cb30f78307280e23c065d90090.cloudfront.net (CloudFront)
server: Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop: NRT57-P3
x-powered-by: PHP/7.4.11
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-length: 0
x-amz-cf-id: IAYtM9KYxiU_8p6dSqQqO0zVCo3Cf2NvMJps75Trbw5nFjeHGkZtfg==

GET check.php
d2jonispl0uhtm.cloudfront.net/public/external/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700|Open+Sans:400,700|Roboto:400,700

Domain: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/6.6.6/sweetalert2.min.js

Domain: s3.us-west-1.amazonaws.com
URL: https://s3.us-west-1.amazonaws.com/cloudfls.co/themes/startui/css/lib/colorpicker/js/colorpicker.js

Domain: s3.us-west-1.amazonaws.com
URL: https://s3.us-west-1.amazonaws.com/cloudfls.co/uploads/assets/151999678694833b4c5a49a55ef7f9224b286820f0.js

Domain: s3.us-west-1.amazonaws.com
URL: https://s3.us-west-1.amazonaws.com/cloudfls.co/uploads/150170764295f591d2e1daeb4fda0985149aa31c04.png

Domain: d2jonispl0uhtm.cloudfront.net
URL: https://d2jonispl0uhtm.cloudfront.net/public/external/guid.js

Domain: d2jonispl0uhtm.cloudfront.net
URL: https://d2jonispl0uhtm.cloudfront.net/public/external/check.php?it=4024949&time=1690851086283

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			verify-me.netlify.app/	1970-01-20 13:55:15	Name: _cpguid Value: rk1y5kfvi

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdnjs.cloudflare.com
d2jonispl0uhtm.cloudfront.net
d2owpcwl4v0y1p.cloudfront.net
fonts.googleapis.com
s3.us-west-1.amazonaws.com
verify-me.netlify.app
cdnjs.cloudflare.com
d2jonispl0uhtm.cloudfront.net
fonts.googleapis.com
s3.us-west-1.amazonaws.com
104.17.24.14
142.251.222.10
18.65.199.24
18.65.199.88
35.198.196.16
52.219.194.64
05257a7ad486a90a269258c3c99b9a7b3b1dc5e3eca3a8ac6b957dbd3ad52c10
3efc61bcf3a2a65c875e501412e9db8b00b4b554e4351e01fab46c2793e87b3d
7cbce275a31a0b2113cb9469ddb1fe41b820be2ba9eb221f618d4cf92c0cafd4
8157923832e020c3a4ed7ef85ad7d032d7b1b03b02e5502dce8ac9af9cedea53
965a587bec66a14ae06b2cb434b25b243207f4daafe71a92cbdb711fbd8cb375
a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de
a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec
ce068a9212a95f34ab3f25d57dccc787281c3d21f28470fe3d25a7ab72d91c7b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9141f58631d02ed5dd43343590cbe445baf355761b667a19c06dbefb9e6dcdb

verify-me.netlify.app Open in urlscan Pro 35.198.196.16 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

22 Requests

68 %HTTPS

0 %IPv6

5 Domains

7 Subdomains

7 IPs

2 Countries

79 kBTransfer

231 kBSize

1 Cookies

0 Outgoing links

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

16 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

verify-me.netlify.app Open in urlscan Pro
35.198.196.16 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

68 %
HTTPS

0 %
IPv6

5
Domains

7
Subdomains

7
IPs

2
Countries

79 kB
Transfer

231 kB
Size

1
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!