freim-regulation.hostfree.pw
Open in
urlscan Pro
185.27.134.222
Malicious Activity!
Public Scan
Effective URL: http://freim-regulation.hostfree.pw/?i=1
Submission: On June 09 via manual from CO — Scanned from US
Summary
This is the only time freim-regulation.hostfree.pw was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Tuya (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 185.27.134.222 185.27.134.222 | 34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited) | |
2 | 143.204.146.14 143.204.146.14 | 16509 (AMAZON-02) (AMAZON-02) | |
13 | 45.60.44.18 45.60.44.18 | 19551 (INCAPSULA) (INCAPSULA) | |
21 | 3 |
ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
freim-regulation.hostfree.pw |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-146-14.ewr52.r.cloudfront.net
script.hotjar.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
tuya.com.co
www.tuya.com.co — Cisco Umbrella Rank: 530063 |
114 KB |
6 |
hostfree.pw
freim-regulation.hostfree.pw |
58 KB |
2 |
hotjar.com
script.hotjar.com — Cisco Umbrella Rank: 777 |
34 KB |
21 | 3 |
Domain | Requested by | |
---|---|---|
13 | www.tuya.com.co |
freim-regulation.hostfree.pw
|
6 | freim-regulation.hostfree.pw |
freim-regulation.hostfree.pw
|
2 | script.hotjar.com |
freim-regulation.hostfree.pw
|
21 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.hotjar.com Amazon |
2021-11-25 - 2022-12-23 |
a year | crt.sh |
*.tuya.com.co Go Daddy Secure Certificate Authority - G2 |
2020-06-09 - 2022-07-06 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://freim-regulation.hostfree.pw/?i=1
Frame ID: 53A29556E26F9BFF2D8B98EEAB035687
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
Portal Transaccional EXITOPage URL History Show full URLs
- http://freim-regulation.hostfree.pw/ Page URL
- http://freim-regulation.hostfree.pw/?i=1 Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://freim-regulation.hostfree.pw/ Page URL
- http://freim-regulation.hostfree.pw/?i=1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
freim-regulation.hostfree.pw/ |
839 B 831 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aes.js
freim-regulation.hostfree.pw/ |
30 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
freim-regulation.hostfree.pw/ |
110 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Default1.css
freim-regulation.hostfree.pw/index_files/ |
16 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
preact-incoming-feedback.417f8858abb528f56b1d.js
freim-regulation.hostfree.pw/index_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
preact-incoming-feedback.563a27a83688364f89f9.js
script.hotjar.com/ |
153 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
botonAceptar.png
freim-regulation.hostfree.pw/index_files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bannerPortal.PNG
www.tuya.com.co/PortalTransaccionalTuya/App_Themes/Imagenes/ |
19 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boton7.png
www.tuya.com.co/PortalTransaccionalTuya/App_Themes/Imagenes/ |
390 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boton2.png
www.tuya.com.co/PortalTransaccionalTuya/App_Themes/Imagenes/ |
488 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boton1.png
www.tuya.com.co/PortalTransaccionalTuya/App_Themes/Imagenes/ |
329 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boton6.png
www.tuya.com.co/PortalTransaccionalTuya/App_Themes/Imagenes/ |
517 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boton8.png
www.tuya.com.co/PortalTransaccionalTuya/App_Themes/Imagenes/ |
490 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boton3.png
www.tuya.com.co/PortalTransaccionalTuya/App_Themes/Imagenes/ |
526 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boton0.png
www.tuya.com.co/PortalTransaccionalTuya/App_Themes/Imagenes/ |
478 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boton4.png
www.tuya.com.co/PortalTransaccionalTuya/App_Themes/Imagenes/ |
430 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boton5.png
www.tuya.com.co/PortalTransaccionalTuya/App_Themes/Imagenes/ |
487 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boton9.png
www.tuya.com.co/PortalTransaccionalTuya/App_Themes/Imagenes/ |
517 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BotonBorrar.png
www.tuya.com.co/PortalTransaccionalTuya/App_Themes/Imagenes/ |
845 B 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
PublicidadPortal.JPG
www.tuya.com.co/PortalTransaccionalTuya/App_Themes/Imagenes/ |
77 KB 78 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-hotjar_5.65042d.woff2
script.hotjar.com/ |
2 KB 3 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Tuya (Financial)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation string| key_new string| key object| theForm function| __doPostBack function| key_pass function| clear_key function| soloNumeros3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
freim-regulation.hostfree.pw/ | Name: __test Value: 095e46917960c8f0734644a879c7e8e3 |
|
.tuya.com.co/ | Name: visid_incap_1881794 Value: Ylh/1Or7TCeAKUWCVnoMtzsPomIAAAAAQUIPAAAAAAAgDGjZpL5oA0l2C6TGGhkp |
|
.tuya.com.co/ | Name: incap_ses_1170_1881794 Value: NLnZD2nA1GsFcoUHfq08EDsPomIAAAAAbMVB64MVB40EMyuJOQUOxA== |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
freim-regulation.hostfree.pw
script.hotjar.com
www.tuya.com.co
143.204.146.14
185.27.134.222
45.60.44.18
00cb7af9fe26b7938c6dae7dadeef23dcffd61ac52df210615514d29d5beef51
09bc03deef596fae14add51fc997a74b5706e3324b53ae654a940141ab76797b
0bb4bb2a713120f9e011d7c58f39f5efcbe8ccde211fc91683e0828bbdcb39d8
12fc39cdac1886eba91a0882380f130d9cff3534eec583aaaa349e5afcde14a4
2411bc81e5dd4fdc795a7c765c31646965ff3fdbcaba38b9796b23ca3e817191
29bb7140bb550ab6462f97744b0517fb8a7c2df23f452a9e6be930f588ca1f7e
2d0daec75f26c52c01310f34eb530f1bb7be8a63a5255c921342f900c6289997
349b21999b2ff55c8a6cde0e6c59d8de30c8174eb477102026fac3daa04a2207
45cac3045106999a87b8f867765d0487a6580553db77eb2fdbb79210ef72dd96
815f48ded9f8de365f0843f95781f21fe108ad84cbc9fec2db8260365e036c7c
883d0861ea6fc9fb497342decbc083f5a6c56ce1215c325c1d323886f0763155
8dda372f4a3d8531c00fae6565385ca7e4236e4f650260a387fd86dbfb36a39c
9e92deeeefa3bc60c2ce77feb04cebb5cbd0696eb184d52530db195661e96ce5
a4713e3c1063ab18c1319bf940a36bc597d7e85407f2568642b114845a9b9e5d
ce4c41a5f975970fa6b4dcca965882e19c3e32ec39cbbac1bf6aef06d0b3f898
d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc
d31390e89366f51a42e5520688b7c602c5f7235d71b721eea5f5ec8b0af7b071
e7187f115b4479924d6a12618adb811fd4376fb97666ed433a8afddd54160931
fab4fef6bbfa8d6464403a14be7de1be5e3e63637a96d994fab10266e1eaf6da
fdd025456871d99b45cf95a30a097d5c168a62c91fd86852cba4802321f6e36a