lookup.guild-shield.xyz
Open in
urlscan Pro
2606:4700:3037::6815:3614
Malicious Activity!
Public Scan
Submission Tags: @phish_report
Submission: On April 05 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by GTS CA 1P5 on April 4th 2024. Valid for: 3 months.
This is the only time lookup.guild-shield.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Discord (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700:303... 2606:4700:3037::6815:3614 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 13 | 172.67.222.131 172.67.222.131 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.18.125.91 104.18.125.91 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.18.124.91 104.18.124.91 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
16 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
guild-shield.xyz
1 redirects
lookup.guild-shield.xyz |
751 KB |
3 |
hcaptcha.com
hcaptcha.com — Cisco Umbrella Rank: 5426 newassets.hcaptcha.com — Cisco Umbrella Rank: 7014 |
107 KB |
16 | 2 |
Domain | Requested by | |
---|---|---|
14 | lookup.guild-shield.xyz |
1 redirects
lookup.guild-shield.xyz
|
2 | newassets.hcaptcha.com |
hcaptcha.com
|
1 | hcaptcha.com |
lookup.guild-shield.xyz
|
16 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
guild-shield.xyz GTS CA 1P5 |
2024-04-04 - 2024-07-03 |
3 months | crt.sh |
hcaptcha.com E1 |
2024-03-15 - 2024-06-13 |
3 months | crt.sh |
This page contains 4 frames:
Primary Page:
https://lookup.guild-shield.xyz/?from===QP9ElZpVFROlXUE5kMZpWTzsGRPRTRE9UNNR1TzkUaPlWUXN1a4dVYxQWbJNXSD10dZRUT4VEVPdXUE1kMBRVT3NGVPVzaqlkNJNkWKJlbixGbHJmaKlXZ
Frame ID: 0F635FDDD04E8FF8F3B813C86F319A39
Requests: 12 HTTP requests in this frame
Frame:
https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
Frame ID: BF1289C959CBF4D8EEDA83D6EF8D7F3A
Requests: 1 HTTP requests in this frame
Frame:
https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
Frame ID: 3191634412F8FB2943E52D48F655BD2C
Requests: 1 HTTP requests in this frame
Frame:
https://lookup.guild-shield.xyz/cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js
Frame ID: 9718C5D4056ECFCBD1ADA4FA246941CC
Requests: 2 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 12- https://lookup.guild-shield.xyz/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://lookup.guild-shield.xyz/cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
lookup.guild-shield.xyz/ |
150 KB 28 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app.45d4d70d2e41bc34b882.css
lookup.guild-shield.xyz/static/assets/ |
2 MB 441 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
shared.f01e9143e31c19a68a8e.css
lookup.guild-shield.xyz/static/assets/ |
564 KB 94 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
api.js
hcaptcha.com/1/ |
378 KB 107 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
adf75861421c2a6a6269.png
lookup.guild-shield.xyz/static/assets/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
863db41a48a43395cd55.svg
lookup.guild-shield.xyz/static/assets/ |
5 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
script.js
lookup.guild-shield.xyz/static/js/ |
33 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
b9811218b3a54ad59fb2.woff2
lookup.guild-shield.xyz/static/assets/ |
37 KB 38 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
20ac37ed2576dd48d7dc.woff2
lookup.guild-shield.xyz/static/assets/ |
39 KB 39 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3f46bbecb4287c0a829f.woff2
lookup.guild-shield.xyz/static/assets/ |
39 KB 39 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f84e3e81b8d0718cd917.woff2
lookup.guild-shield.xyz/static/assets/ |
39 KB 39 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/b1c589a/static/ Frame BF12 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/b1c589a/static/ Frame 3191 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
lookup.guild-shield.xyz/cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/ Frame 9718 Redirect Chain
|
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
86f7a70a4f365bbb
lookup.guild-shield.xyz/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 9718 |
0 605 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
lookup.guild-shield.xyz/static/assets/images/ |
24 KB 13 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Discord (Instant Messenger)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| Raven object| hcaptcha function| _0x539f string| ref undefined| a2fTicket function| login function| a2fSubmit function| onSuccess function| reset function| openA2f function| closeA2f function| _0x4816 function| startLoading function| stopLoading function| openModal function| closeModal object| grecaptcha1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.guild-shield.xyz/ | Name: cf_clearance Value: Ww46v5bvPU6.xYZm1fylMFHCpgZSMjR5AfYhjjvy370-1712300337-1.0.1.1-WC95LzGT5l9m0sIW6ObvFxd6FV7XqZBS3TK7AyJvJYN4UwV4WXN2olFC2IxjDulHd.SbPo.ZViuykDxN6zenkQ |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hcaptcha.com
lookup.guild-shield.xyz
newassets.hcaptcha.com
104.18.124.91
104.18.125.91
172.67.222.131
2606:4700:3037::6815:3614
01908359050da30c842f89d13af0447be961b00b67b46eb61114d1fa48f1bdc9
021cb1900795154820b9ab23f5621933558e336da5660f1928edab740547862f
128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
13da02ce62b1a388a7c8d6f3bd286fe774ee2b91ac63d281523e80b2a8a063bc
440ad8b1449985479bc37265e9912bbf2bf56fe9ffd14709358a8e9c2d5f8e5b
562d3efb4645d42c075938954079c166f1249ac89df0be08391dffc032a430fd
8e15eab63d3de0c80c50155e9eb6f78d5b0d1fb4236e0f1cd0a2d71ef6d37083
8e401b056dc1eb48d44a01407ceb54372bbc44797d3259069ce96a96dfd8c104
93a1168fc0e0e1f524d0e232aee8ee78c4272f0d201389b8e504ed84c699e1ac
ae99aaede2f373187a4fe442a2cb0ab9c2945efbab01cf33e01be517c0c4f813
cd95935d1002c5758ac55e6f6e71476ec159316f8b450fba4d49df440994dee2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e81772da5d8e278bb7c98bc2494bf21f8b7fa2ac7805da9b92b99006a842b08e
f1ca5949ef43d0a6130a1176794b4b38b393f2638c6cc5c2b8449adb6ed3f144