twitch.threeleaves.dev
Open in
urlscan Pro
50.87.171.53
Public Scan
Submission Tags: phishingrod
Submission: On August 20 via api from DE — Scanned from DE
Summary
TLS certificate: Issued by R10 on June 20th 2024. Valid for: 3 months.
This is the only time twitch.threeleaves.dev was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 | 50.87.171.53 50.87.171.53 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
| 1 | 151.101.2.167 151.101.2.167 | 54113 (FASTLY) (FASTLY) | |
| 3 | 2 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box2500.bluehost.com
| twitch.threeleaves.dev |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 2 |
threeleaves.dev
twitch.threeleaves.dev |
770 B |
| 1 |
twitch.tv
player.twitch.tv — Cisco Umbrella Rank: 48858 |
|
| 3 | 2 |
| Domain | Requested by | |
|---|---|---|
| 2 | twitch.threeleaves.dev | |
| 1 | player.twitch.tv |
twitch.threeleaves.dev
|
| 3 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| twitch.threeleaves.dev R10 |
2024-06-20 - 2024-09-18 |
3 months | crt.sh |
| twitch.tv GlobalSign Atlas R3 DV TLS CA 2024 Q2 |
2024-07-04 - 2025-08-05 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://twitch.threeleaves.dev/
Frame ID: 69831A87C9D4F9AF7F39F797A544BB7A
Requests: 2 HTTP requests in this frame
Frame:
https://player.twitch.tv/?channel=valorant&parent=twitch.threeleaves.dev
Frame ID: 732040E0E4E8B94B2AB6EC2E951DB194
Requests: 1 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
twitch.threeleaves.dev/ |
178 B 382 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
player.twitch.tv/ Frame 7320 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon.ico
twitch.threeleaves.dev/ |
315 B 388 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 08 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .twitch.tv/ | Name: unique_id Value: efa64801aec483c3 |
|
| .twitch.tv/ | Name: unique_id_durable Value: efa64801aec483c3 |
|
| .twitch.tv/ | Name: referrer_url Value: https://twitch.threeleaves.dev/ |
|
| .twitch.tv/ | Name: experiment_overrides Value: {%22experiments%22:{}%2C%22disabled%22:[]} |
|
| .twitch.tv/ | Name: api_token Value: twilight.cec11f7764c95369085711c38aaa5477 |
|
| .twitch.tv/ | Name: server_session_id Value: f58fba128e5a4b629dcfae20ad5615b1 |
|
| passport.twitch.tv/ | Name: ga__15_abel-ssn Value: 02cDfbIICYHjpBqEqXkHP5QVuxy2tnU2SwCkSgD85sL2zXH64Ysc2Pp5cq7MQrOFCe9Oge7y7hdeaYeZK0ULVMsVdTvvBBmh7qjZQoUxQ5e4WFiLqWL7ydSsClHMfEnYgVAcwNy0APW1VPQvgss3NHNi9ouCkVn4q78xln |
|
| gql.twitch.tv/ | Name: KP_UIDZ_1-ssn Value: 02Q8wXpKM6tGvQoD8e40AGPAT6FdqFO0pofyB6j3FX75e55nSekhgMF3ws3RXXr2Grf3AXrhHcq2adnHUt2Zk26tNXPYRqrFttrZSHbfIhOPERGbH3u1s1cSfGjXXpzhzxOJRxGvELfO1FS9hlm29XWWOk0nF4hCko3GjE |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
player.twitch.tv
twitch.threeleaves.dev
151.101.2.167
50.87.171.53
3c7a88a089f9b449f6b86653820c41814463bb1fc11a67a1bae4ea79df80ffea
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3