r4wu9i5x3c-wgze5.kinsta.page Open in urlscan Pro
2606:4700:7::a29f:99f5  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response r4wu9i5x3c-wgze5.kinsta.page/	793 B 735 B	769ms 517ms	Document text/html	2606:4700:7::a29f:99f5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://r4wu9i5x3c-wgze5.kinsta.page/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:7::a29f:99f5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 60b2cf61f2d3e36b6a517778ac7793159eb386d3ced54310a9191f57a5f90c97 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 accept-language en-US,en;q=0.9 Response headers age 10491 alt-svc h3=":443"; ma=86400 cache-control public, max-age=2592000, s-maxage=2592000 cf-cache-status HIT cf-ray 8520271f1db24bbb-BUF content-encoding br content-type text/html date Thu, 08 Feb 2024 01:38:23 GMT etag W/"46eda499d48210aa10373e8f07be50bb" ki-cache-tag 60b2cf61f2d3e36b6a517778ac7793159eb386d3ced54310a9191f57a5f90c97 ki-cache-type CDN ki-cf-cache-status HIT ki-edge v=3.1.5;mv=3.0.2 ki-origin c1r last-modified Wed, 07 Feb 2024 22:03:44 GMT server cloudflare vary Accept-Encoding
GET H2	200	/ Show response amazon.fudacioncovid19.com/	14 KB 5 KB	137ms 52ms	Script application/javascript	167.114.124.45 OVH
General Check archive.org Show headers Download Go to Full URL https://amazon.fudacioncovid19.com/?api=1&lan=facebookmessenger&ht=2 Requested by Host: r4wu9i5x3c-wgze5.kinsta.page URL: https://r4wu9i5x3c-wgze5.kinsta.page/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 167.114.124.45 Montreal, Canada, ASN16276 (OVH, FR), Reverse DNS ip45.ip-167-114-124.net Software / PHP/7.3.33 Resource Hash d258bd68ae1c8502b33f01ce381d5085196b074b523e64cba06b45b7a7ad30ee Request headers accept-language en-US,en;q=0.9 Referer https://r4wu9i5x3c-wgze5.kinsta.page/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers pragma no-cache date Thu, 08 Feb 2024 01:38:23 GMT content-encoding br x-powered-by PHP/7.3.33 vary Accept-Encoding content-type application/javascript cache-control no-store, no-cache, must-revalidate alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	404	location amazon.fudacioncovid19.com/	0 0	28ms 25ms	Script text/html	167.114.124.45 OVH
General Check archive.org Show headers Download Go to Full URL https://amazon.fudacioncovid19.com/location Requested by Host: r4wu9i5x3c-wgze5.kinsta.page URL: https://r4wu9i5x3c-wgze5.kinsta.page/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 167.114.124.45 Montreal, Canada, ASN16276 (OVH, FR), Reverse DNS ip45.ip-167-114-124.net Software / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer https://r4wu9i5x3c-wgze5.kinsta.page/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers
GET H2	200	hlvibnBVrEb.svg static.xx.fbcdn.net/rsrc.php/yd/r/	1 KB 1 KB	96ms 34ms	Image image/svg+xml	2a03:2880:f012:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://static.xx.fbcdn.net/rsrc.php/yd/r/hlvibnBVrEb.svg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 260fbeb66875b6936348afe61b469beaf6141aa28977872569305962c8b6f9c2 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-US,en;q=0.9 Referer https://r4wu9i5x3c-wgze5.kinsta.page/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers permissions-policy-report-only autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=() date Thu, 08 Feb 2024 01:38:23 GMT content-encoding br x-content-type-options nosniff content-md5 zyWuqycyKYApjQg2HupHiA== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 573 x-fb-debug xl9VUbKgn1w9pJbeqRNRfdFqCYoD6G4vbORWPYf46XDYjiz7WWW73ywgqcY0RdI7c6wLUBze7adY2cTyiK5iTg== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public,max-age=31536000,immutable permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=() timing-allow-origin * expires Fri, 31 Jan 2025 16:58:37 GMT
GET DATA	200 OK	truncated /	954 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 0cae74ee5bad20861dee4906df15d793b948297238f4da81c1b0d7adf3d25f38 Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	401750647_1601653570640810_4087456680134260053_n.png boyss.fudacioncovid19.com/	12 KB 12 KB	127ms 49ms	Image image/png	167.114.124.45 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://boyss.fudacioncovid19.com/401750647_1601653570640810_4087456680134260053_n.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 167.114.124.45 Montreal, Canada, ASN16276 (OVH, FR), Reverse DNS ip45.ip-167-114-124.net Software / Resource Hash eb72332f4adbd6d078ef8cd78d21aa114f96e299fe94aa621ea06dfc0a0db4a7 Request headers accept-language en-US,en;q=0.9 Referer https://r4wu9i5x3c-wgze5.kinsta.page/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Thu, 08 Feb 2024 01:38:23 GMT last-modified Thu, 18 Jan 2024 17:35:36 GMT content-type image/png cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 12002 expires Thu, 15 Feb 2024 01:38:23 GMT
GET H2	200	/ whos.amung.us/pingjs/	26 B 26 B	162ms 78ms	Image text/javascript	2606:4700:10::ac43:88d CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://whos.amung.us/pingjs/?k=rulay00&t=@friends&x=%20https://web.whatsapp.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:88d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-US,en;q=0.9 Referer https://r4wu9i5x3c-wgze5.kinsta.page/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Thu, 08 Feb 2024 01:38:24 GMT content-encoding gzip cf-cache-status DYNAMIC server cloudflare cf-ray 85202723ebe3c332-EWR alt-svc h3=":443"; ma=86400 content-type text/javascript;charset=UTF-8

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| IS_MOBILE number| limit_bot string| object string| type string| OUTPUT object| ___ object| params number| tt undefined| to_object string| a function| __updateOrientation

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://amazon.fudacioncovid19.com/location Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

amazon.fudacioncovid19.com
boyss.fudacioncovid19.com
r4wu9i5x3c-wgze5.kinsta.page
static.xx.fbcdn.net
whos.amung.us
167.114.124.45
2606:4700:10::ac43:88d
2606:4700:7::a29f:99f5
2a03:2880:f012:8:face:b00c:0:1
0cae74ee5bad20861dee4906df15d793b948297238f4da81c1b0d7adf3d25f38
260fbeb66875b6936348afe61b469beaf6141aa28977872569305962c8b6f9c2
60b2cf61f2d3e36b6a517778ac7793159eb386d3ced54310a9191f57a5f90c97
d258bd68ae1c8502b33f01ce381d5085196b074b523e64cba06b45b7a7ad30ee
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb72332f4adbd6d078ef8cd78d21aa114f96e299fe94aa621ea06dfc0a0db4a7