confirmationhelpsteam.ml

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 4 HTTP transactions. The main IP is 37.221.120.206, located in Bulgaria and belongs to NETERRA-AS, BG. The main domain is confirmationhelpsteam.ml.
TLS certificate: Issued by R3 on February 16th 2022. Valid for: 3 months.

This is the only time confirmationhelpsteam.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Instagram (Social Network) Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1 3	37.221.120.206 37.221.120.206	34224 (NETERRA-AS) (NETERRA-AS)
1	89.252.151.50 89.252.151.50	207429 (KAPTEYAN) (KAPTEYAN)
1	185.213.209.203 185.213.209.203	204601 (ON-LINE-D...) (ON-LINE-DATA Server location - Netherlands)
4	3

3 37.221.120.206 (Bulgaria) 1 redirects

ASN34224 (NETERRA-AS, BG)

confirmationhelpsteam.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.252.151.50 (Turkey)

ASN207429 (KAPTEYAN, TR)
PTR: rdns50.kapteyan.com.tr

istalya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.213.209.203 (Netherlands)

ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL)
PTR: logos-marcas.com

marka-logo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	confirmationhelpsteam.ml 1 redirects confirmationhelpsteam.ml	288 KB
1	marka-logo.com marka-logo.com	34 KB
1	istalya.com istalya.com	179 KB
4	3

	Domain	Requested by
3	confirmationhelpsteam.ml	1 redirects confirmationhelpsteam.ml
1	marka-logo.com	confirmationhelpsteam.ml
1	istalya.com	confirmationhelpsteam.ml
4	3

This site contains no links.

Subject Issuer	Validity	Valid
confirmationhelpsteam.ml R3	`2022-02-16` - `2022-05-17`	3 months	crt.sh
istalya.com R3	`2022-02-03` - `2022-05-04`	3 months	crt.sh
marka-logo.com R3	`2021-12-28` - `2022-03-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://confirmationhelpsteam.ml/
Frame ID: 5E3804DC5A2B528F88E500B197A7FD14
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Home

Page URL History Show full URLs

http://confirmationhelpsteam.ml/ HTTP 301
https://confirmationhelpsteam.ml/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

502 kB
Transfer

502 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://confirmationhelpsteam.ml/ HTTP 301
https://confirmationhelpsteam.ml/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response confirmationhelpsteam.ml/ Redirect Chain http://confirmationhelpsteam.ml/ https://confirmationhelpsteam.ml/	3 KB 1 KB	986ms 343ms	Document text/html	37.221.120.206 NETERRA-AS
General Check archive.org Show headers Download Go to Full URL https://confirmationhelpsteam.ml/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 37.221.120.206 , Bulgaria, ASN34224 (NETERRA-AS, BG), Reverse DNS Software nginx / PHP/7.4.27 PleskLin Resource Hash `cc9539c5f0f412776bfcb28d1b631d49a098404699a732f8d2b3fae720867e01` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Response headers server nginx date Fri, 18 Feb 2022 16:05:48 GMT content-type text/html; charset=UTF-8 x-powered-by PHP/7.4.27 PleskLin content-encoding br Redirect headers Server nginx Date Fri, 18 Feb 2022 16:05:47 GMT Content-Type text/html Content-Length 162 Connection keep-alive Location https://confirmationhelpsteam.ml/
GET H2	200	logoinsta.gif confirmationhelpsteam.ml/	287 KB 287 KB	649ms 648ms	Image image/gif	37.221.120.206 NETERRA-AS
General Check archive.org Show headers Download Go to Show image Full URL https://confirmationhelpsteam.ml/logoinsta.gif Requested by Host: confirmationhelpsteam.ml URL: https://confirmationhelpsteam.ml/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 37.221.120.206 , Bulgaria, ASN34224 (NETERRA-AS, BG), Reverse DNS Software nginx / PleskLin Resource Hash `0baaa290c62fe208a4e6f14c81ebab5debac9828e19bf312999cecb314549721` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://confirmationhelpsteam.ml/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Fri, 18 Feb 2022 16:05:48 GMT last-modified Wed, 16 Feb 2022 15:35:28 GMT server nginx x-powered-by PleskLin etag "620d19c0-47a18" content-type image/gif accept-ranges bytes content-length 293400
GET H2	200	Varl%C4%B1k%201-1080x1080w.png istalya.com/image/cache/catalog/resimler/	179 KB 179 KB	1121ms 556ms	Image image/png	89.252.151.50 KAPTEYAN
General Check archive.org Show headers Download Go to Show image Full URL https://istalya.com/image/cache/catalog/resimler/Varl%C4%B1k%201-1080x1080w.png Requested by Host: confirmationhelpsteam.ml URL: https://confirmationhelpsteam.ml/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 89.252.151.50 , Turkey, ASN207429 (KAPTEYAN, TR), Reverse DNS rdns50.kapteyan.com.tr Software nginx / PleskLin Resource Hash `38e0fc729a48ab90004406e7c728fa0bdb87b638c6301d4e5de05b22d275bf84` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://confirmationhelpsteam.ml/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Fri, 18 Feb 2022 16:05:49 GMT last-modified Sun, 10 May 2020 08:27:40 GMT server nginx x-powered-by PleskLin etag "5eb7bafc-2cc3a" content-type image/png accept-ranges bytes content-length 183354
GET H2	200	Facebook-Logo.png marka-logo.com/wp-content/uploads/2020/04/	34 KB 34 KB	719ms 237ms	Image image/png	185.213.209.203 Netherlands
General Check archive.org Show headers Download Go to Show image Full URL https://marka-logo.com/wp-content/uploads/2020/04/Facebook-Logo.png Requested by Host: confirmationhelpsteam.ml URL: https://confirmationhelpsteam.ml/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 185.213.209.203 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS logos-marcas.com Software nginx/1.20.0 / Resource Hash `4c403fc26b9b547d1a430fec0f1c2fc07bcd001a5ac82867c017347f0f6e4c19` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://confirmationhelpsteam.ml/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Fri, 18 Feb 2022 16:05:49 GMT last-modified Wed, 08 Apr 2020 18:24:35 GMT server nginx/1.20.0 accept-ranges bytes etag "5e8e16e3-88e8" content-length 35048 content-type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Instagram (Social Network) Facebook (Social Network)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

confirmationhelpsteam.ml
istalya.com
marka-logo.com
185.213.209.203
37.221.120.206
89.252.151.50
0baaa290c62fe208a4e6f14c81ebab5debac9828e19bf312999cecb314549721
38e0fc729a48ab90004406e7c728fa0bdb87b638c6301d4e5de05b22d275bf84
4c403fc26b9b547d1a430fec0f1c2fc07bcd001a5ac82867c017347f0f6e4c19
cc9539c5f0f412776bfcb28d1b631d49a098404699a732f8d2b3fae720867e01

confirmationhelpsteam.ml Open in urlscan Pro 37.221.120.206 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

4 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

502 kBTransfer

502 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

confirmationhelpsteam.ml Open in urlscan Pro
37.221.120.206 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

502 kB
Transfer

502 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!