ajekalekauonline.icu
Open in
urlscan Pro
72.167.148.78
Malicious Activity!
Public Scan
Submitted URL: https://www.temp.confortex.tn/
Effective URL: https://ajekalekauonline.icu/signin
Submission: On June 27 via api from US — Scanned from DE
Effective URL: https://ajekalekauonline.icu/signin
Submission: On June 27 via api from US — Scanned from DE
Summary
This website contacted 3 IPs
in 2 countries
across 4 domains to perform 15 HTTP transactions.
The main IP is 72.167.148.78, located in
United States and
belongs to GO-DADDY-COM-LLC, US.
The main domain is ajekalekauonline.icu.
TLS certificate: Issued by R3 on May 8th 2024. Valid for: 3 months.
This is the only time ajekalekauonline.icu was scanned on urlscan.io!
TLS certificate: Issued by R3 on May 8th 2024. Valid for: 3 months.
This is the only time ajekalekauonline.icu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Coinbase (Crypto Exchange)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 196.203.63.40 196.203.63.40 | 37693 (TUNISIANA) (TUNISIANA) | |
| 1 14 | 72.167.148.78 72.167.148.78 | 398101 (GO-DADDY-...) (GO-DADDY-COM-LLC) | |
| 1 2 | 2606:4700::68... 2606:4700::6811:f9cb | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 216.58.212.164 216.58.212.164 | 15169 (GOOGLE) (GOOGLE) | |
| 15 | 3 |
14
72.167.148.78
(United States)
ASN398101 (GO-DADDY-COM-LLC, US)
PTR: _unknown.ip.secureserver.net
ASN398101 (GO-DADDY-COM-LLC, US)
PTR: _unknown.ip.secureserver.net
| ajekalekauonline.icu |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 14 |
ajekalekauonline.icu
1 redirects
ajekalekauonline.icu |
628 KB |
| 2 |
unpkg.com
1 redirects
unpkg.com — Cisco Umbrella Rank: 1008 |
276 KB |
| 1 |
google.com
www.google.com — Cisco Umbrella Rank: 5 |
|
| 1 |
confortex.tn
1 redirects
www.temp.confortex.tn |
210 B |
| 15 | 4 |
| Domain | Requested by | |
|---|---|---|
| 14 | ajekalekauonline.icu |
1 redirects
ajekalekauonline.icu
|
| 2 | unpkg.com |
1 redirects
ajekalekauonline.icu
|
| 1 | www.google.com |
ajekalekauonline.icu
|
| 1 | www.temp.confortex.tn | 1 redirects |
| 15 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| cpanel.ajekalekauonline.icu R3 |
2024-05-08 - 2024-08-06 |
3 months | crt.sh |
| *.google.com WR2 |
2024-06-13 - 2024-09-05 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://ajekalekauonline.icu/signin
Frame ID: 70478EA620FDF0FECEFA601844F15C57
Requests: 14 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcTV7IcAAAAAI1CwwRBm58wKn1n6vwyV1QFaoxr&co=aHR0cHM6Ly9sb2dpbi5jb2luYmFzZS5jb206NDQz&hl=en&v=M-QqaF9xk6BpjLH22uHZRhXt&theme=light&size=invisible&badge=bottomright&cb=80kkhbk6ttod
Frame ID: 984CE50E53683F2ABF2F002376C5AB1B
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Sign In - CoinbasePage URL History Show full URLs
-
https://www.temp.confortex.tn/
HTTP 302
https://ajekalekauonline.icu/?asli HTTP 302
https://ajekalekauonline.icu/signin Page URL
Detected technologies
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
reCAPTCHA
(Captchas)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]+recaptcha
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.temp.confortex.tn/
HTTP 302
https://ajekalekauonline.icu/?asli HTTP 302
https://ajekalekauonline.icu/signin Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 7- https://unpkg.com/tailwindcss@%5E1.0/dist/tailwind.min.css HTTP 302
- https://unpkg.com/tailwindcss@1.9.6/dist/tailwind.min.css
15 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
signin
ajekalekauonline.icu/ Redirect Chain
|
23 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-min.js
ajekalekauonline.icu/assets/js/ |
96 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
custom.js
ajekalekauonline.icu/assets/js/ |
2 MB 352 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
login.css
ajekalekauonline.icu/assets/css/ |
76 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
login-min.css
ajekalekauonline.icu/assets/css/ |
57 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
additional.css
ajekalekauonline.icu/assets/css/ |
15 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
add.css
ajekalekauonline.icu/assets/css/ |
118 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
recaptcha.css
ajekalekauonline.icu/assets/css/ |
57 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
tailwind.min.css
unpkg.com/tailwindcss@1.9.6/dist/ Redirect Chain
|
2 MB 276 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
8a6a40a08f92d9a9b3e5.woff2
ajekalekauonline.icu/assets/additional/ |
39 KB 39 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
502b733210ea3fdd4bf8.woff2
ajekalekauonline.icu/assets/additional/ |
39 KB 39 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
71371380d08a07cda58a.woff2
ajekalekauonline.icu/assets/additional/ |
40 KB 40 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
2a5dafc68ca015ca866a.woff2
ajekalekauonline.icu/assets/additional/ |
38 KB 38 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
anchor
www.google.com/recaptcha/enterprise/ Frame 984C |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
favicon-32.png
ajekalekauonline.icu/assets/img/ |
557 B 798 B |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Coinbase (Crypto Exchange)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 undefined| event object| fence object| sharedStorage function| $ function| jQuery object| webpackChunk_mono_repo2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| ajekalekauonline.icu/ | Name: XSRF-TOKEN Value: eyJpdiI6IjlTSzFnNFZsaU45VmpVT3VHd0ZLWWc9PSIsInZhbHVlIjoiOGwrV0JURHBQYjlrWjRiZUExQU5yOVVldE9tMEhGUnYxK0hWYWowZGxkeXYxYVRVaTF5REFIc3dRWlk0VkZMY1p6MGNCdzlrdWFwVmpEK2ZyYVVuZXRYbDZnakN1RFRDRE80U3pvOWsvU0hpU0hCNHRBM2VyaUxDWDNUNlJrWnoiLCJtYWMiOiI0YTBhNTZlNmQxNGE0MjQ3ZDM5YTc2NWZiZWVkM2E5ZjU1MDZkODRmYmFjYTlhNmJhMGI3NDEzYzVjMDllNDUwIiwidGFnIjoiIn0%3D |
|
| ajekalekauonline.icu/ | Name: elsevezpro_session Value: eyJpdiI6ImgrSE5sUEJVUXgrNW5pL2djUmhqV2c9PSIsInZhbHVlIjoiQjVqQmRIRUVWN3pqZWc2ck1Fc2NHa3FScm9XeHAzNHp1ZnY1c1M0OEFyTG15SVQrUHdxTVc4UElIR1EwVElya0JXQjFyOFducDBmL2lYQ210S25vM1ZXU2Y3blpVZ1pBd3dnSU9FdzE5aXJQakJjZXVObEpDejBXaWhjVzk2VnQiLCJtYWMiOiIwNjE4OTA2OWJiMGUwODYzY2I1MjEwZTk4OTVmZjg4MWM2NThkZWFjZDRjYTQ2YTU2MGQwNDFiOTMxYzdhMzMzIiwidGFnIjoiIn0%3D |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajekalekauonline.icu
unpkg.com
www.google.com
www.temp.confortex.tn
196.203.63.40
216.58.212.164
2606:4700::6811:f9cb
72.167.148.78
06c2166681b36b45ac33dda70074354f5ae5c6ec2dda9735a6f0ad40ec2cbd09
117a969882d0c9accb5e5cda9f92b5d7f6b7c10712d7c9577e592ce9d69c85ae
2afe6ac505ae2f5f33d8401aa4058707157360d526f19e6140b604d1440b1cc2
465af1e16966f18866fe01296d1d44c211cea6dd584790562e1d3bedc03374d9
5db56ddf9ab991fc7a3a5b188b6b0c92331213ec4991b71d9821c36dcbcdb687
81368223143520415fe7fbdc3792d2d52ad7e422d8b214661ff932afe577b779
a1f75e7f702059493bb74cfcb3178d095b3f6da4d313e92b3ceabc3e63eb914c
b1ad2f9d383ef7e0adb2760405b4a8518ae632f1e7efdd2963bec491c44e2f69
b2943cf448795751c6a309662c5237904fcb74e31507271deb64437350274b8d
b90cdcbe9e842bf371d9c5e7dd13359fde26879a4642ad6f752e86a65fab4fb5
e1bd2df42d033de739d93d7241b3be17d6f5a32cbadbbe6ccdb5e68cd40c8a73
f969120f6f90068708852bfa27b95df994da2c63742ddb09447e5b78e99ddde9
fa194cd0c546d143cf745fe7a54c329dfbb3b1ddacd1699ee2df12319f9aebc7