llevacdicin.top
Open in
urlscan Pro
104.27.160.27
Malicious Activity!
Public Scan
Effective URL: https://llevacdicin.top/snntv/4mask/?c1=BE&n=ProoRevolDE-s03-b00-4mask-sep16de-musk-066&mal=sep16de-musk-066&pro=4mask&s...
Submission: On October 15 via manual from LU
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 23rd 2020. Valid for: a year.
This is the only time llevacdicin.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Crypto (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 4 | 172.67.144.101 172.67.144.101 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 2 | 104.28.24.66 104.28.24.66 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
18 | 104.27.160.27 104.27.160.27 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:800::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:81e::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 157.230.127.24 157.230.127.24 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
3 | 2a00:1450:400... 2a00:1450:4001:819::2003 | 15169 (GOOGLE) (GOOGLE) | |
26 | 6 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
llevacdicin.top
llevacdicin.top |
404 KB |
4 |
gstatic.com
www.gstatic.com fonts.gstatic.com |
146 KB |
4 |
osunpomcau.top
2 redirects
ejky.osunpomcau.top |
3 KB |
2 |
kieraaro.com
2 redirects
aked.kieraaro.com |
2 KB |
1 |
megafastpush.com
megafastpush.com |
3 KB |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
26 | 6 |
Domain | Requested by | |
---|---|---|
18 | llevacdicin.top |
ejky.osunpomcau.top
llevacdicin.top |
4 | ejky.osunpomcau.top | 2 redirects |
3 | fonts.gstatic.com |
llevacdicin.top
|
2 | aked.kieraaro.com | 2 redirects |
1 | megafastpush.com |
llevacdicin.top
|
1 | www.gstatic.com |
llevacdicin.top
|
1 | ajax.googleapis.com |
llevacdicin.top
|
26 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
ai-redirect.link |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-08-10 - 2021-08-10 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-09-22 - 2020-12-15 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-09-22 - 2020-12-15 |
3 months | crt.sh |
megafastpush.com Let's Encrypt Authority X3 |
2020-08-06 - 2020-11-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://llevacdicin.top/snntv/4mask/?c1=BE&n=ProoRevolDE-s03-b00-4mask-sep16de-musk-066&mal=sep16de-musk-066&pro=4mask&ser=s03&b=b00
Frame ID: F27343B865826C65DBC5B8FC092BA24A
Requests: 26 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://ejky.osunpomcau.top/voamuapyahi1-bueanao-itp Page URL
-
http://ejky.osunpomcau.top/gateway.php?frm=dm&token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1cmwiOiJcL2...
HTTP 301
https://ejky.osunpomcau.top/gateway.php?frm=dm&token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1cmwiOiJcL2... Page URL
-
https://ejky.osunpomcau.top/adz?p=4mask&b=b00&s=s03&of=de2&n=sep16de-musk-066
HTTP 302
https://aked.kieraaro.com/4mask?n=sep16de-musk-066&sub_id_1=s03&sub_id_2=sep16de-musk-066&sub_id_3=4ma... HTTP 302
https://aked.kieraaro.com/de2?sub_id_1=s03&sub_id_2=sep16de-musk-066&sub_id_3=4mask&sub_id_4=b00&sub_i... HTTP 302
https://llevacdicin.top/snntv/4mask/?c1=BE&n=ProoRevolDE-s03-b00-4mask-sep16de-musk-066&mal=sep16de-... Page URL
Detected technologies
Firebase (Databases) ExpandDetected patterns
- script /\/(?:([\d.]+)\/)?firebase(?:\.min)?\.js/i
Bootstrap (Web Frameworks) Expand
Detected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /^cloudflare$/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://ejky.osunpomcau.top/voamuapyahi1-bueanao-itp Page URL
-
http://ejky.osunpomcau.top/gateway.php?frm=dm&token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1cmwiOiJcL2Fkej9wPTRtYXNrJmI9YjAwJnM9czAzJm9mPWRlMiZuPXNlcDE2ZGUtbXVzay0wNjYifQ.tzzs4WwpdxKctaoFYvML6ew3XnyRhu0TrJaPHT8QQJQ
HTTP 301
https://ejky.osunpomcau.top/gateway.php?frm=dm&token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1cmwiOiJcL2Fkej9wPTRtYXNrJmI9YjAwJnM9czAzJm9mPWRlMiZuPXNlcDE2ZGUtbXVzay0wNjYifQ.tzzs4WwpdxKctaoFYvML6ew3XnyRhu0TrJaPHT8QQJQ Page URL
-
https://ejky.osunpomcau.top/adz?p=4mask&b=b00&s=s03&of=de2&n=sep16de-musk-066
HTTP 302
https://aked.kieraaro.com/4mask?n=sep16de-musk-066&sub_id_1=s03&sub_id_2=sep16de-musk-066&sub_id_3=4mask&sub_id_4=b00&of=de2 HTTP 302
https://aked.kieraaro.com/de2?sub_id_1=s03&sub_id_2=sep16de-musk-066&sub_id_3=4mask&sub_id_4=b00&sub_id_5=4mask&n=4mask-sep16de-musk-066&pr=4mask HTTP 302
https://llevacdicin.top/snntv/4mask/?c1=BE&n=ProoRevolDE-s03-b00-4mask-sep16de-musk-066&mal=sep16de-musk-066&pro=4mask&ser=s03&b=b00 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- http://ejky.osunpomcau.top/gateway.php?frm=dm&token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1cmwiOiJcL2Fkej9wPTRtYXNrJmI9YjAwJnM9czAzJm9mPWRlMiZuPXNlcDE2ZGUtbXVzay0wNjYifQ.tzzs4WwpdxKctaoFYvML6ew3XnyRhu0TrJaPHT8QQJQ HTTP 301
- https://ejky.osunpomcau.top/gateway.php?frm=dm&token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1cmwiOiJcL2Fkej9wPTRtYXNrJmI9YjAwJnM9czAzJm9mPWRlMiZuPXNlcDE2ZGUtbXVzay0wNjYifQ.tzzs4WwpdxKctaoFYvML6ew3XnyRhu0TrJaPHT8QQJQ
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
voamuapyahi1-bueanao-itp
ejky.osunpomcau.top/ |
344 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gateway.php
ejky.osunpomcau.top/ Redirect Chain
|
314 B 409 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
llevacdicin.top/snntv/4mask/ Redirect Chain
|
21 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
llevacdicin.top/snntv/4mask/ |
119 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.css
llevacdicin.top/snntv/4mask/ |
36 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
llevacdicin.top/snntv/4mask/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
comments.css
llevacdicin.top/snntv/4mask/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
firebase.js
www.gstatic.com/firebasejs/3.6.8/ |
294 KB 97 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
firebase_subscribe.js
megafastpush.com/js/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fintips_logo_bright@4x.png
llevacdicin.top/snntv/4mask/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
elon_hero.jpg
llevacdicin.top/snntv/4mask/ |
135 KB 135 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
elon_2.jpg
llevacdicin.top/snntv/4mask/ |
60 KB 60 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
millionaire_secret_thumb.jpg
llevacdicin.top/snntv/4mask/ |
16 KB 16 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
29yo_thumb.jpg
llevacdicin.top/snntv/4mask/ |
18 KB 18 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
work-from-home_thumb.jpg
llevacdicin.top/snntv/4mask/ |
19 KB 19 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
avatar.png
llevacdicin.top/snntv/4mask/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fintips_logo_dark@4x.png
llevacdicin.top/snntv/4mask/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
llevacdicin.top/snntv/4mask/ |
85 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fixto.min.js
llevacdicin.top/snntv/4mask/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scripts.js
llevacdicin.top/snntv/4mask/ |
1 KB 692 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
llevacdicin.top/snntv/4mask/ |
14 KB 966 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v11/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
u-440qyriQwlOrhSvowK_l5-fCZM.woff2
fonts.gstatic.com/s/merriweather/v19/ |
18 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v11/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff2
llevacdicin.top/snntv/4mask/ |
75 KB 76 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Crypto (Crypto Exchange)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes string| mybp function| $ function| jQuery object| firebase function| __extends function| __decorate function| __metadata function| __param function| __awaiter undefined| messaging function| subscribe function| sendTokenToServer function| isTokenSentToServer function| setTokenSentToServer object| fixto1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.llevacdicin.top/ | Name: __cfduid Value: dd8988452985bb7829627a7f83ac7fed31602745561 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
aked.kieraaro.com
ejky.osunpomcau.top
fonts.gstatic.com
llevacdicin.top
megafastpush.com
www.gstatic.com
104.27.160.27
104.28.24.66
157.230.127.24
172.67.144.101
2a00:1450:4001:800::200a
2a00:1450:4001:819::2003
2a00:1450:4001:81e::2003
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
25d8e661ee6c6961bead620b6bdac082d49836fd2a7e2eff8c1c47e10a7e2986
27418acfec3221f6b5452b999cfe0a92bd772ab0da8f308ddef3a90cb9763707
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2dc08fd6ff155de6997e6de400a8f008a6d9b1d7bced0d4ea3bd769e80ecf432
41c8871d281fe25d8ad6e8d5558025cf1b84ddd6020538fbbf23241ea47b09d2
53adac8847f77b5b72b3e9854aec655babaef178a420acef7263449a46e1816c
5d68df0af7b07aea0e12b811f623f595b73860ed69e70793b4244146abe9ba2e
62fe793b592a1e9948ce8cd385dfae84e1b59a25c2344a3c4cb603445f7e89c5
65018b34848eb6741d45d2b003c3aeec4c8456d9c4da4d680593c1af935c190b
6c181393ca5c9654fbf43199d606bd79c2760b0e91d5d8d7e93b10aa45bcf71e
7e9e4f90f03b2f453d368920b3c02bff1e29f0adf180618a68b1229e41362dfe
8196a199b4d94464d93ad792a9e48bf852c6bf2200e5f07cce96ee65d279d891
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
93a3f8ce7cec2ac6e2e01b0a2ef0b38229b186aa7aeb0eef01a112287238811b
a45828948140ae2a503c32314a972210a567d99f8798081643c5876bd76b93bd
c09055f0d3ce5ac45f886c935226d1e4cb0f7488525e9f8b298f26fc0171e5a8
c45e52b0991d6818b6289fb3a0fffd2b4c42a7d783d93663daa24250814cd59c
ca61695b1a98fdb8cbea99e37de798d43723408c4ced92b6a34725f8958d1074
cb992eae898417162c48b37712991d9ad8053c4a64fce51aff195edc69dc35f2
ce73e0b7673fe802be78c6e47b507bd415ad88d5768e6e94e961d79cdb42def1
d291a99807a8821c97bd0ec0f0fac20c8191bba4e92ec6de9fbe5debaaa47a2a
df74633dfee4fe9c2b3a6d776cc0362617a2fa1ce0d3fd23da6da38b4790acb1
e46e31dd135f7e538c95a670fe0e8d0f71cc841048459bdc8f77c489227f918f
ee46998e4527bc0c4b66819eaf54b0521e29bb3a9b41c820ceeaa563f8f9ac43
f3e4b089d70c29544cc71899286e1df077a4205f47e83586f57dfc4e18231f1e