wandering-bush-0eb4.walici1425.workers.dev
Open in
urlscan Pro
104.21.31.203
Malicious Activity!
Public Scan
Submission: On June 12 via manual from HU — Scanned from CA
Summary
TLS certificate: Issued by E6 on June 10th 2024. Valid for: 3 months.
This is the only time wandering-bush-0eb4.walici1425.workers.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online) WeTransfer (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 104.21.31.203 104.21.31.203 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 173.194.204.95 173.194.204.95 | 15169 (GOOGLE) (GOOGLE) | |
1 | 173.194.207.95 173.194.207.95 | 15169 (GOOGLE) (GOOGLE) | |
3 | 151.101.130.137 151.101.130.137 | 54113 (FASTLY) (FASTLY) | |
1 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.18.10.207 104.18.10.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.26.12.205 104.26.12.205 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
16 | 7 |
ASN15169 (GOOGLE, US)
PTR: qb-in-f95.1e100.net
firebasestorage.googleapis.com |
ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com | |
stackpath.bootstrapcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
googleapis.com
firebasestorage.googleapis.com — Cisco Umbrella Rank: 7014 ajax.googleapis.com — Cisco Umbrella Rank: 457 |
2 MB |
3 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 814 |
132 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1267 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3345 |
32 KB |
2 |
workers.dev
wandering-bush-0eb4.walici1425.workers.dev |
14 KB |
1 |
ipify.org
api.ipify.org — Cisco Umbrella Rank: 2557 |
155 B |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 265 |
7 KB |
16 | 6 |
Domain | Requested by | |
---|---|---|
6 | firebasestorage.googleapis.com |
wandering-bush-0eb4.walici1425.workers.dev
|
3 | code.jquery.com |
wandering-bush-0eb4.walici1425.workers.dev
|
2 | wandering-bush-0eb4.walici1425.workers.dev | |
1 | api.ipify.org |
ajax.googleapis.com
|
1 | stackpath.bootstrapcdn.com |
wandering-bush-0eb4.walici1425.workers.dev
|
1 | maxcdn.bootstrapcdn.com |
wandering-bush-0eb4.walici1425.workers.dev
|
1 | cdnjs.cloudflare.com |
wandering-bush-0eb4.walici1425.workers.dev
|
1 | ajax.googleapis.com |
wandering-bush-0eb4.walici1425.workers.dev
|
16 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
walici1425.workers.dev E6 |
2024-06-10 - 2024-09-08 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-05-21 - 2024-08-13 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
cdnjs.cloudflare.com E1 |
2024-06-02 - 2024-08-31 |
3 months | crt.sh |
bootstrapcdn.com GTS CA 1P5 |
2024-05-25 - 2024-08-23 |
3 months | crt.sh |
ipify.org GTS CA 1P5 |
2024-05-19 - 2024-08-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://wandering-bush-0eb4.walici1425.workers.dev/
Frame ID: CEC052F8796A407BF713D58EE1D7D69F
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
WeTransferDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Popper (Miscellaneous) Expand
Detected patterns
- <script [^>]*src="[^"]*/popper\.js/([0-9.]+)
- /popper\.js/([0-9.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
wandering-bush-0eb4.walici1425.workers.dev/ |
24 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wet%2Ffont-awesome.min.css
firebasestorage.googleapis.com/v0/b/inst-gmal.appspot.com/o/ |
30 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wet%2Fstyle.css
firebasestorage.googleapis.com/v0/b/inst-gmal.appspot.com/o/ |
9 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wet%2Fform.min.css
firebasestorage.googleapis.com/v0/b/inst-gmal.appspot.com/o/ |
10 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.1.1.min.js
code.jquery.com/ |
85 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.js
code.jquery.com/ |
265 KB 79 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wet%2Flogo2.png
firebasestorage.googleapis.com/v0/b/inst-gmal.appspot.com/o/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wet%2Flogo.png
firebasestorage.googleapis.com/v0/b/inst-gmal.appspot.com/o/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.slim.min.js
code.jquery.com/ |
68 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wet%2Fvideo-02.mp4
firebasestorage.googleapis.com/v0/b/inst-gmal.appspot.com/o/ |
2 MB 2 MB |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
api.ipify.org/ |
22 B 155 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
wandering-bush-0eb4.walici1425.workers.dev/ |
24 KB 7 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online) WeTransfer (Online)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| Popper object| bootstrap object| _0xcbb3 string| f string| rc undefined| rdrt undefined| domain_redirect string| userIP0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
api.ipify.org
cdnjs.cloudflare.com
code.jquery.com
firebasestorage.googleapis.com
maxcdn.bootstrapcdn.com
stackpath.bootstrapcdn.com
wandering-bush-0eb4.walici1425.workers.dev
104.17.24.14
104.18.10.207
104.21.31.203
104.26.12.205
151.101.130.137
173.194.204.95
173.194.207.95
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1591f3ae5405bec3a4e3e3ef1fdbc5ef9af87ff2348a5ac2a8346ddc645c43b8
4145c2d9025418d78e3faf00ff88cfb9f829dff968a21984483a0479c9926653
4b614662d1be74f6a964c1e8318e83f4d0a9135acb424b21f2b43484c494807d
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
70082a7cc390868b292ae6f945ff423a39ba1fd12654d25e75b0af360995da2c
72d11555972a6f3b75c19057d0fb0013ea2bb592b6a011e79ed87afcbd2bbfe6
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7f3dd3c5c2e305bfca480c3d1f64c4780f56e43a4514378ca60e33dd01ee1e4b
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8f6922ed0cbf7971f65a03fed92ec1b75bf963f462a947be7930b85a7aba1f23
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b