![](/screenshots/222930e6-011b-4cf7-9510-8f6f34214b8b.png)
ngaburimiijetes.al
Open in
urlscan Pro
104.21.47.228
Malicious Activity!
Public Scan
Effective URL: https://ngaburimiijetes.al/wp-includes/IXXR/of8gljniysafob5jatbytduszt.php?0=&.verify??guce_referrer=aHR0cHM6Ly9sb2dpbi55YW...
Submission: On March 03 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 11th 2022. Valid for: a year.
This is the only time ngaburimiijetes.al was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 8 | 104.21.47.228 104.21.47.228 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 172.217.174.106 172.217.174.106 | 15169 (GOOGLE) (GOOGLE) | |
1 | 172.217.175.67 172.217.175.67 | 15169 (GOOGLE) (GOOGLE) | |
10 | 4 |
ASN15169 (GOOGLE, US)
PTR: nrt12s28-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: nrt20s20-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
ngaburimiijetes.al
1 redirects
ngaburimiijetes.al |
266 KB |
1 |
gstatic.com
fonts.gstatic.com |
21 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 36 |
932 B |
10 | 3 |
Domain | Requested by | |
---|---|---|
8 | ngaburimiijetes.al |
1 redirects
ngaburimiijetes.al
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
ngaburimiijetes.al
|
10 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-11 - 2023-06-11 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-02-08 - 2023-05-03 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-02-08 - 2023-05-03 |
3 months | crt.sh |
This page contains 1 frames:
Frame:
https://ngaburimiijetes.al/wp-includes/IXXR/load.php?0=&guce_referrer=aHR0cHM6Ly9sb2dpbi55YWhvby5jb20v&guce_referrer_sig=AQAAABA99NmGR9iNQOyU5mI3ASjQfYjcPATD_A8modgjxpNXYNmo8n5zxdi8EZV7GFYPzoSc_RpMz0hYfdCk0OLmxnMB6tpfZnd5ENc
Frame ID: BCDC4A016A67A4ED8590A63C371FEF0A
Requests: 10 HTTP requests in this frame
Screenshot
![](/screenshots/222930e6-011b-4cf7-9510-8f6f34214b8b.png)
Page Title
Detecting Mail Server...Page URL History Show full URLs
-
https://ngaburimiijetes.al/wp-includes/IXXR/?i=i&0=
HTTP 302
https://ngaburimiijetes.al/wp-includes/IXXR/of8gljniysafob5jatbytduszt.php?0=&.verify??guce_referrer=aH... Page URL
Detected technologies
Detected patterns
- /wp-(?:content|includes)/
Detected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ngaburimiijetes.al/wp-includes/IXXR/?i=i&0=
HTTP 302
https://ngaburimiijetes.al/wp-includes/IXXR/of8gljniysafob5jatbytduszt.php?0=&.verify??guce_referrer=aHR0cHM6Ly9sb2dpbi55YWhvby5jb20v&guce_referrer_sig=AQAAABA99NmGR9iNQOyU5mI3ASjQfYjcPATD_A8modgjxpNXYNmo8n5zxdi8EZV7GFYPzoSc_RpMz0hYfdCk0OLmxnMB6tpfZnd5ENcxTcI3e56K0Vz3pSL6PoIoDveE6VV6vAiBzqdjcYAbAHdiaf7gx2w9XRGmCh4orbe2VcZO9aN_ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
of8gljniysafob5jatbytduszt.php
ngaburimiijetes.al/wp-includes/IXXR/ Redirect Chain
|
906 B 801 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
background_styles.css
ngaburimiijetes.al/wp-includes/IXXR/cache/ |
377 B 524 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
ngaburimiijetes.al/wp-includes/IXXR/cache/ |
391 B 593 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rocket-loader.min.js
ngaburimiijetes.al/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 932 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
ngaburimiijetes.al/wp-includes/IXXR/cache/ |
258 B 483 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bgr.jpg
ngaburimiijetes.al/wp-includes/IXXR/cache/ |
244 KB 245 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Technology-Bold.ttf
ngaburimiijetes.al/wp-includes/IXXR/cache/ |
40 KB 14 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
fonts.gstatic.com/s/raleway/v28/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
load.php
ngaburimiijetes.al/wp-includes/IXXR/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ngaburimiijetes.al
- URL
- https://ngaburimiijetes.al/wp-includes/IXXR/load.php?0=&guce_referrer=aHR0cHM6Ly9sb2dpbi55YWhvby5jb20v&guce_referrer_sig=AQAAABA99NmGR9iNQOyU5mI3ASjQfYjcPATD_A8modgjxpNXYNmo8n5zxdi8EZV7GFYPzoSc_RpMz0hYfdCk0OLmxnMB6tpfZnd5ENc
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| __cfQR boolean| __cfRLUnblockHandlers1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ngaburimiijetes.al/ | Name: PHPSESSID Value: 56b0c5d1d17981862d5c05a8b371d7c3 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
ngaburimiijetes.al
ngaburimiijetes.al
104.21.47.228
172.217.174.106
172.217.175.67
7d3b9b124ab86b33b4c72d29ceca9c5a56e5205e546394f55e1ca7fac57d58d5
93082477bd2c2df0beea88069c94ad0f95d9be83d44612d06ba3f7b875650033
ae3ca3cd183c8dfe9acdf92751d544555cb50b5e2f3adfdd57edb1ba9a6250a4
c78a1da5fd0868a547cf285748c7fb73006571190385eb71c0d601b6b240ffaf
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
dfb37dea37d0e48711c8f5c2249d57276a9c599c7097dab5aae1fe607b778b66
e0820a01e8be18589121c87e194a0f23f631ad9da45637c4719d218f5d124bf5
eab362bcabb43f9282e475cb02923fae0a2acb1af1c1cf17f5096a30a6d95a2d
f779fe75a86684a8d1aaf9301c790895571c61b047aa3e565be551a99472bb83