detaynet.net
Open in
urlscan Pro
5.253.143.101
Malicious Activity!
Public Scan
Submission Tags: phishing malicious Search All
Submission: On May 13 via api from NL — Scanned from NL
Summary
TLS certificate: Issued by R3 on April 7th 2024. Valid for: 3 months.
This is the only time detaynet.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Mooney (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 5.253.143.101 5.253.143.101 | 42807 (AEROTEK-AS) (AEROTEK-AS) | |
3 | 2a00:1450:400... 2a00:1450:4001:82f::2009 | 15169 (GOOGLE) (GOOGLE) | |
4 | 2a02:4780:27:... 2a02:4780:27:1112:0:1fe0:ea65:2 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
1 | 2a04:4e42:400... 2a04:4e42:400::649 | 54113 (FASTLY) (FASTLY) | |
1 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6812:ba1f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:440... 2606:4700:4400::6812:2844 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 172.67.139.119 172.67.139.119 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 154.49.245.111 154.49.245.111 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
1 | 142.250.181.233 142.250.181.233 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a02:26f0:170... 2a02:26f0:1700:11::b856:6794 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
26 | 13 |
ASN47583 (AS-HOSTINGER, CY)
uae.sharafdg.net | |
kw.sharafdg.net |
ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f9.1e100.net
www.blogger.com |
ASN20940 (AKAMAI-ASN1, NL)
www.fedex.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
sharafdg.net
uae.sharafdg.net kw.sharafdg.net |
66 KB |
4 |
fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 1866 ka-f.fontawesome.com — Cisco Umbrella Rank: 4530 |
24 KB |
4 |
blogger.com
www.blogger.com — Cisco Umbrella Rank: 11861 |
58 KB |
3 |
detaynet.net
detaynet.net |
6 KB |
1 |
fedex.com
www.fedex.com — Cisco Umbrella Rank: 8672 |
1 KB |
1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3044 |
18 KB |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 310 |
8 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237 |
27 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 776 |
30 KB |
26 | 9 |
Domain | Requested by | |
---|---|---|
4 | www.blogger.com |
detaynet.net
|
3 | ka-f.fontawesome.com |
kit.fontawesome.com
|
3 | kw.sharafdg.net |
detaynet.net
kw.sharafdg.net |
3 | detaynet.net |
detaynet.net
|
2 | uae.sharafdg.net |
detaynet.net
|
1 | www.fedex.com | |
1 | kit.fontawesome.com |
detaynet.net
|
1 | stackpath.bootstrapcdn.com |
detaynet.net
|
1 | cdn.jsdelivr.net |
detaynet.net
|
1 | cdnjs.cloudflare.com |
detaynet.net
|
1 | code.jquery.com |
detaynet.net
|
26 | 11 |
This site contains links to these domains. Also see Links.
Domain |
---|
mooneygroup1.blogspot.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
detaynet.net R3 |
2024-04-07 - 2024-07-06 |
3 months | crt.sh |
*.blogger.com GTS CA 1C3 |
2024-04-16 - 2024-07-09 |
3 months | crt.sh |
uae.sharafdg.net R3 |
2024-04-19 - 2024-07-18 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA |
2024-05-04 - 2025-05-04 |
a year | crt.sh |
bootstrapcdn.com GTS CA 1P5 |
2024-03-27 - 2024-06-25 |
3 months | crt.sh |
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-12-04 - 2025-01-03 |
a year | crt.sh |
kw.sharafdg.net R3 |
2024-03-30 - 2024-06-28 |
3 months | crt.sh |
ka-f.fontawesome.com GTS CA 1P5 |
2024-05-03 - 2024-08-01 |
3 months | crt.sh |
www.fedex.com Sectigo RSA Organization Validation Secure Server CA |
2024-04-16 - 2025-04-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://detaynet.net/gdnco/moon/moon/login.php
Frame ID: 6F76E3260C0E5C261D8357E5D52B2DC2
Requests: 26 HTTP requests in this frame
Screenshot
Page Title
milles NRJ double votre salaire.Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Accueil
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
detaynet.net/gdnco/moon/moon/ |
21 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
55013136-widget_css_bundle.css
www.blogger.com/static/v1/widgets/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
uae.sharafdg.net/fdx/file/ |
56 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common-core_SHF.css
detaynet.net/gdnco/moon/moon/file/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
uae.sharafdg.net/fdx/file/ |
87 KB 29 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/ |
85 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/ |
21 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/ |
59 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aae1a073a8.js
kit.fontawesome.com/ |
12 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.6c0d7f22.css
kw.sharafdg.net/monn/file/ |
92 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-mooney.1330f350147445f5103b36dac80a6726.svg
kw.sharafdg.net/monn/file/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Icon_99e4c76d41.svg
kw.sharafdg.net/monn/file/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
scrollButton.372d5008fb0996706305047d7e23d56d.svg
kw.sharafdg.net/monn/file/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
detaynet.net/gdnco/moon/moon/file/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1671891383-widgets.js
www.blogger.com/static/v1/widgets/ |
142 KB 51 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
59 KB 13 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
26 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
3 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
authorization.css
www.blogger.com/dyn-css/ |
1 B 684 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Gotham-Book_Web.7fa96aa06775160ee646.woff2
kw.sharafdg.net/online/static/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Gotham-Medium_Web.1ddab6f832b5d19ddd8f.woff2
kw.sharafdg.net/online/static/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Gotham-Bold_Web.d23d96aefe768329255e.woff2
kw.sharafdg.net/online/static/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Mooney_characters_ea6989a335.svg
kw.sharafdg.net/monn/file/ |
41 KB 12 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
authorization.css
www.blogger.com/dyn-css/ |
1 B 43 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
www.fedex.com/secure-login/de-ch/ |
5 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- kw.sharafdg.net
- URL
- https://kw.sharafdg.net/monn/file/Icon_99e4c76d41.svg
- Domain
- kw.sharafdg.net
- URL
- https://kw.sharafdg.net/monn/file/scrollButton.372d5008fb0996706305047d7e23d56d.svg
- Domain
- kw.sharafdg.net
- URL
- https://kw.sharafdg.net/online/static/media/Gotham-Book_Web.7fa96aa06775160ee646.woff2
- Domain
- kw.sharafdg.net
- URL
- https://kw.sharafdg.net/online/static/media/Gotham-Medium_Web.1ddab6f832b5d19ddd8f.woff2
- Domain
- kw.sharafdg.net
- URL
- https://kw.sharafdg.net/online/static/media/Gotham-Bold_Web.d23d96aefe768329255e.woff2
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Mooney (Banking)45 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| cookieChoices function| $ function| jQuery function| Popper object| bootstrap object| FontAwesomeKitConfig function| BLOG_attachCsiOnload function| _WidgetManager function| _WidgetInfo function| widget_module_provide function| _AdSenseView function| _BlogArchiveView function| _AttributionView function| _BlogView function| _BlogListView function| _BlogSearchView function| _ContactFormView function| _ExampleView function| _FeaturedPostView function| _FeedView function| _FollowersView function| _HeaderView function| _TextView function| _HTMLView function| _ImageView function| _LabelView function| _TextListView function| _LinkListView function| _BloggerButtonView function| _NavbarView function| _PageListView function| _PollView function| _PopularPostsView function| _ProfileView function| _RecentPostsView function| _ReportAbuseView function| _SharingView function| _StatsView function| _SubscribeView function| _SW_toggleReaderList function| _SW_hideReaderList function| _TranslateView function| _WikipediaView string| __wavt function| __gjsload__0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
detaynet.net
ka-f.fontawesome.com
kit.fontawesome.com
kw.sharafdg.net
stackpath.bootstrapcdn.com
uae.sharafdg.net
www.blogger.com
www.fedex.com
kw.sharafdg.net
104.17.25.14
104.18.11.207
142.250.181.233
154.49.245.111
172.67.139.119
2606:4700:4400::6812:2844
2606:4700::6812:ba1f
2a00:1450:4001:82f::2009
2a02:26f0:1700:11::b856:6794
2a02:4780:27:1112:0:1fe0:ea65:2
2a04:4e42:400::649
5.253.143.101
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
037c44143ce2129b555a74c8fcbf777c4bf054506c9bb617e671f3a7566c3d9f
1a2eca9e492e3a21e02dd77ad44d7af45c4091d35ede79e948b7a3f23e5b3617
2aadb7ab6f8ab2778447898f71b6d2b32bd2386bb00da9433638895b887d1036
345dfa6ca7308f86946f82f7d416deea9e9788cd16c11be8569a0c930131f972
49616c860ff4ad5bed99b66a2b1295e7ef5213d5d5cf76ad2560d2f1daa06635
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38
a332ca3d23059d37a26c3957b44670cada5a32ecaf94987b3ebe127a8dc0ce4d
a7ca5c0d12b974ad99685fd44983f85b2a0b00360dd820437b33f862e0ee44ae
c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060
cad7083525c46d9c6b4fd0a954725885f40a1c58a6ae3550bb25ad15afad9c80
eab1b9a0ef942d84e3a8ed8c3e3996acb7a46af9a0b9f914ced662bcbe0e54be
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e