presbyterlifeguard.online
Open in
urlscan Pro
172.67.207.75
Malicious Activity!
Public Scan
Effective URL: https://presbyterlifeguard.online/?encoded_value=5XQHC8&sub1=&sub2=362885945&sub3=&sub4=&sub5=14265&source_id=2429&ip=80.29.38.17
Submission: On April 24 via manual from ES — Scanned from ES
Summary
TLS certificate: Issued by GTS CA 1P5 on March 7th 2024. Valid for: 3 months.
This is the only time presbyterlifeguard.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 172.217.18.27 172.217.18.27 | 15169 (GOOGLE) (GOOGLE) | |
2 2 | 35.195.30.15 35.195.30.15 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 1 | 34.76.98.215 34.76.98.215 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 1 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 14 | 172.67.207.75 172.67.207.75 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 216.58.206.68 216.58.206.68 | 15169 (GOOGLE) (GOOGLE) | |
1 | 172.67.177.88 172.67.177.88 | () () | |
25 | 5 |
ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f27.1e100.net
storage.googleapis.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 15.30.195.35.bc.googleusercontent.com
myguidancetrack2.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 215.98.76.34.bc.googleusercontent.com
breakingtrackss1.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
presbyterlifeguard.online
1 redirects
presbyterlifeguard.online |
693 KB |
2 |
myguidancetrack2.com
2 redirects
myguidancetrack2.com |
775 B |
2 |
googleapis.com
1 redirects
storage.googleapis.com — Cisco Umbrella Rank: 361 |
793 B |
1 |
virtualpushplatform.com
virtualpushplatform.com |
5 KB |
1 |
google.com
www.google.com — Cisco Umbrella Rank: 2 |
1 KB |
1 |
trackitlivenow.com
1 redirects
www.trackitlivenow.com |
804 B |
1 |
breakingtrackss1.com
1 redirects
breakingtrackss1.com |
754 B |
0 |
fontawesome.com
Failed
use.fontawesome.com Failed |
|
25 | 8 |
Domain | Requested by | |
---|---|---|
14 | presbyterlifeguard.online |
1 redirects
presbyterlifeguard.online
|
2 | myguidancetrack2.com | 2 redirects |
2 | storage.googleapis.com | 1 redirects |
1 | virtualpushplatform.com |
presbyterlifeguard.online
|
1 | www.google.com | |
1 | www.trackitlivenow.com | 1 redirects |
1 | breakingtrackss1.com | 1 redirects |
0 | use.fontawesome.com Failed |
presbyterlifeguard.online
|
25 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
storage.googleapis.com GTS CA 1C3 |
2024-03-18 - 2024-06-10 |
3 months | crt.sh |
presbyterlifeguard.online GTS CA 1P5 |
2024-03-07 - 2024-06-05 |
3 months | crt.sh |
virtualpushplatform.com Cloudflare Inc ECC CA-3 |
2024-01-14 - 2024-12-31 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://presbyterlifeguard.online/?encoded_value=5XQHC8&sub1=&sub2=362885945&sub3=&sub4=&sub5=14265&source_id=2429&ip=80.29.38.17
Frame ID: 5B4DA34F8775BCCC77ECCD538F4DDD72
Requests: 25 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://storage.googleapis.com/bertacanada/hamisudenise.html Page URL
-
https://myguidancetrack2.com/?a=2429&oc=20133&c=54377&p=r&m=3&s1=hamisudenise
HTTP 302
https://myguidancetrack2.com/?a=2429&oc=20133&c=54377&p=r&m=3&s1=hamisudenise&ch-redir=1&ckmxid=cok9j2tp0... HTTP 302
https://breakingtrackss1.com/?a=2429&oc=20133&c=54377&p=r&m=3&s1=hamisudenise&ch-redir=1&ckmxid=cok9j2tp0... HTTP 302
https://www.trackitlivenow.com/B1Z33J/W8GP3KW/?sub2=362885945&source_id=2429 HTTP 302
https://presbyterlifeguard.online/cJy6kh2HOd/?encoded_value=5XQHC8&sub1=&sub2=362885945&sub3=&sub4=&sub5=14265... HTTP 302
http://presbyterlifeguard.online/?encoded_value=5XQHC8&sub1=&sub2=362885945&sub3=&sub4=&sub5=14265&source_id=... HTTP 307
https://presbyterlifeguard.online/?encoded_value=5XQHC8&sub1=&sub2=362885945&sub3=&sub4=&sub5=14265&source_id=... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://storage.googleapis.com/bertacanada/hamisudenise.html Page URL
-
https://myguidancetrack2.com/?a=2429&oc=20133&c=54377&p=r&m=3&s1=hamisudenise
HTTP 302
https://myguidancetrack2.com/?a=2429&oc=20133&c=54377&p=r&m=3&s1=hamisudenise&ch-redir=1&ckmxid=cok9j2tp00018c23hot0 HTTP 302
https://breakingtrackss1.com/?a=2429&oc=20133&c=54377&p=r&m=3&s1=hamisudenise&ch-redir=1&ckmxid=cok9j2tp00018c23hot0&ckmguid=9bf4a207-1ca2-429c-955d-cca5cdbc017f HTTP 302
https://www.trackitlivenow.com/B1Z33J/W8GP3KW/?sub2=362885945&source_id=2429 HTTP 302
https://presbyterlifeguard.online/cJy6kh2HOd/?encoded_value=5XQHC8&sub1=&sub2=362885945&sub3=&sub4=&sub5=14265&source_id=2429&ip=80.29.38.17 HTTP 302
http://presbyterlifeguard.online/?encoded_value=5XQHC8&sub1=&sub2=362885945&sub3=&sub4=&sub5=14265&source_id=2429&ip=80.29.38.17 HTTP 307
https://presbyterlifeguard.online/?encoded_value=5XQHC8&sub1=&sub2=362885945&sub3=&sub4=&sub5=14265&source_id=2429&ip=80.29.38.17 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://storage.googleapis.com/favicon.ico HTTP 307
- https://www.google.com/images/icons/product/cloud_storage-32.png
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
hamisudenise.html
storage.googleapis.com/bertacanada/ |
121 B 588 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
presbyterlifeguard.online/ Redirect Chain
|
29 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cloud_storage-32.png
www.google.com/images/icons/product/ Redirect Chain
|
850 B 1 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
presbyterlifeguard.online/css/ |
15 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
animate.min.css
presbyterlifeguard.online/css/ |
70 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
all.js
use.fontawesome.com/releases/v5.15.4/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ace-push.js
virtualpushplatform.com/ |
13 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
datehead.js
presbyterlifeguard.online/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo111.png
presbyterlifeguard.online/images/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flaglogo.png
presbyterlifeguard.online/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
product111.png
presbyterlifeguard.online/images/ |
362 KB 363 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loadingRD.gif
presbyterlifeguard.online/images/ |
122 KB 122 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
prize111.png
presbyterlifeguard.online/images/ |
96 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.jpg
presbyterlifeguard.online/images/ |
36 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.jpg
presbyterlifeguard.online/images/ |
39 KB 40 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
comm_pic_1.jpg
presbyterlifeguard.online/images/ |
90 KB 90 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
3.jpg
presbyterlifeguard.online/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
4.jpg
presbyterlifeguard.online/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
comm_pic_2.jpg
presbyterlifeguard.online/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
5.jpg
presbyterlifeguard.online/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f_guarantee.png
presbyterlifeguard.online/images/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
f_secure_1.png
presbyterlifeguard.online/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
logo222.png
presbyterlifeguard.online/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
script.js
presbyterlifeguard.online/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
bg.png
presbyterlifeguard.online/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- use.fontawesome.com
- URL
- https://use.fontawesome.com/releases/v5.15.4/js/all.js
- Domain
- presbyterlifeguard.online
- URL
- https://presbyterlifeguard.online/images/3.jpg
- Domain
- presbyterlifeguard.online
- URL
- https://presbyterlifeguard.online/images/4.jpg
- Domain
- presbyterlifeguard.online
- URL
- https://presbyterlifeguard.online/images/comm_pic_2.jpg
- Domain
- presbyterlifeguard.online
- URL
- https://presbyterlifeguard.online/images/5.jpg
- Domain
- presbyterlifeguard.online
- URL
- https://presbyterlifeguard.online/images/f_secure_1.png
- Domain
- presbyterlifeguard.online
- URL
- https://presbyterlifeguard.online/images/logo222.png
- Domain
- presbyterlifeguard.online
- URL
- https://presbyterlifeguard.online/js/script.js
- Domain
- presbyterlifeguard.online
- URL
- https://presbyterlifeguard.online/images/bg.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.breakingtrackss1.com/ | Name: som Value: kycKUEuq4bdVk67sXj7aRPAQzH/ZMnfK3p3rOmIxdj0SsAilyG3oVQ== |
|
.breakingtrackss1.com/ | Name: tm Value: FfDMmd94yJeChbvI9S9t9/AQzH/ZMnfK3p3rOmIxdj0SsAilyG3oVQ== |
|
.breakingtrackss1.com/ | Name: c20081 Value: kycKUEuq4be6bnQun75b4WqnqZVsR9axFt8jXdFrMB8biynTZp1fRQ== |
|
www.trackitlivenow.com/ | Name: uniqueClick_W8GP3KW Value: 448dd344-933e-40e8-87b7-d71ad7c7ed42:1713936781 |
|
www.trackitlivenow.com/ | Name: transaction_id Value: a7e902dfa3214fb990b0c6e18c27a8ae |
|
presbyterlifeguard.online/ | Name: SESSIONIDS Value: cJy6kh2HOd |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
breakingtrackss1.com
myguidancetrack2.com
presbyterlifeguard.online
storage.googleapis.com
use.fontawesome.com
virtualpushplatform.com
www.google.com
www.trackitlivenow.com
presbyterlifeguard.online
use.fontawesome.com
172.217.18.27
172.67.177.88
172.67.207.75
188.114.96.3
216.58.206.68
34.76.98.215
35.195.30.15
0308c356e81daaf8d33e8f6255988d10b16b4ea03a86eec00a4e2da61594625b
21c4a88c43c6ffda845d1140cc4935a956c04a55c8fd2294282c393c31eb9bf3
32c8ec80b88c926ac896f2eb0318bbdd580a65926b9f666dfa3c70fa9e5c38ec
5b817d86aff80a58f7440cbf3f6e24eeab0c41cef66274d6972a465106af99fc
5e022f994f6d13fa695a6c04be38f0113ac3f297e7ddf6d6b7ff3ff16893121a
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
6eeaef40c6f32a9b0394061c34c5ac5f1ebfa0b7162ccf7579625e63c8b654ee
87910e1ad10e02a9d917a224d113eb00db143946dda6afddb14b63b654621d26
bd9dc7cbaf2657132e76a987f1e3a1ae32e533ef0010cacc58199dd15e4ca608
bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b
c4e731cb202ccd03a6da7083d25dc9e3ff3986d9fd708b615584f45b16bdc836
d077d095c4a034f2af04412bbabe203880557c80db5b8c7db9a065395626f231
f2c4cafb6cd6c92a61a5d68188458309497bae90663e7b8c7cdfbbb5d82418ec
f6fb83d2d458c97a8258557e6931c0655a24a19d71af5c0a8220c7f4a7c85814