zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com
Open in
urlscan Pro
198.199.109.95
Malicious Activity!
Public Scan
Effective URL: https://zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com/hfghfkhgky/Info.php
Submission: On May 27 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 20th 2021. Valid for: a year.
This is the only time zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Trustwallet (Crypto)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 3.84.138.3 3.84.138.3 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
1 | 151.101.192.64 151.101.192.64 | 54113 (FASTLY) (FASTLY) | |
1 13 | 198.199.109.95 198.199.109.95 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
14 | 3 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-84-138-3.compute-1.amazonaws.com
drip.io |
ASN14061 (DIGITALOCEAN-ASN, US)
PTR: codeanyproxy.com
zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
codeanyapp.com
1 redirects
zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com |
117 KB |
1 |
disq.us
disq.us — Cisco Umbrella Rank: 21393 |
666 B |
1 |
web.app
trustwallet-update.web.app |
439 B |
1 |
drip.io
1 redirects
drip.io |
339 B |
14 | 4 |
Domain | Requested by | |
---|---|---|
13 | zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com |
1 redirects
disq.us
zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com |
1 | disq.us | |
1 | trustwallet-update.web.app | |
1 | drip.io | 1 redirects |
14 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
web.app GTS CA 1D4 |
2022-04-12 - 2022-07-11 |
3 months | crt.sh |
disq.us GlobalSign Atlas R3 DV TLS CA 2022 Q1 |
2022-01-28 - 2023-03-01 |
a year | crt.sh |
*.codeanyapp.com Sectigo RSA Domain Validation Secure Server CA |
2021-08-20 - 2022-08-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com/hfghfkhgky/Info.php
Frame ID: 137C6BF7AA860848A4AE9D0B48B11367
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
DApps | Decentralized Applications | DApp Mobile Browser | Trust WalletPage URL History Show full URLs
-
https://drip.io/wPYiup
HTTP 301
https://trustwallet-update.web.app/?utm_source=drip&utm_medium=SMS Page URL
- https://disq.us/?url=https%3A%2F%2Fzuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com%2Fhfghfkhg... Page URL
-
https://zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com/hfghfkhgky/
HTTP 302
https://zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com/hfghfkhgky/Info.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://drip.io/wPYiup
HTTP 301
https://trustwallet-update.web.app/?utm_source=drip&utm_medium=SMS Page URL
- https://disq.us/?url=https%3A%2F%2Fzuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com%2Fhfghfkhgky%2F&key=jpdiueXhqFzE6wqRwZCgog Page URL
-
https://zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com/hfghfkhgky/
HTTP 302
https://zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com/hfghfkhgky/Info.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://drip.io/wPYiup HTTP 301
- https://trustwallet-update.web.app/?utm_source=drip&utm_medium=SMS
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
trustwallet-update.web.app/ Redirect Chain
|
171 B 439 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
disq.us/ |
365 B 666 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
Info.php
zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com/hfghfkhgky/ Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
IBMPlexSans-Medium.woff2
zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com/hfghfkhgky/style/ |
58 KB 59 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com/hfghfkhgky/style/ |
231 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_backup.webp
zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com/hfghfkhgky/style/ |
4 KB 4 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
trust_logotype.svg
zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com/hfghfkhgky/style/ |
14 KB 14 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flags.png
zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com/assets/images/ |
334 B 334 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
IBMPlexSans-Medium.woff2
zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com/hfghfkhgky/assets/fonts/IBMPlexSans/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
IBMPlexSans-Bold.woff2
zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com/hfghfkhgky/assets/fonts/IBMPlexSans/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
IBMPlexSans-Regular.woff2
zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com/hfghfkhgky/assets/fonts/IBMPlexSans/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
IBMPlexSans-Regular.woff
zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com/hfghfkhgky/assets/fonts/IBMPlexSans/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
IBMPlexSans-Medium.woff
zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com/hfghfkhgky/assets/fonts/IBMPlexSans/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
IBMPlexSans-Bold.woff
zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com/hfghfkhgky/assets/fonts/IBMPlexSans/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Trustwallet (Crypto)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
disq.us
drip.io
trustwallet-update.web.app
zuhsukwzaqnwzs-0syop756m6795023.codeanyapp.com
151.101.192.64
198.199.109.95
2620:0:890::100
3.84.138.3
0b604741a9a524d97d5a7efbd825b41df289b7487d276ecde59fd94a7528d82a
25562bee211c5993ebf51251c4b2131ccb705ac7b922cb56826122c7e326538f
3e3247651a98958d421659e635590e07f26980783df090ac175a4345dc658f33
61ea304b4cef90b7cbdeb0ca437f90128bd4e52323e19a86e7ea6a50d568d1c8
740325e58779eba8a7ce3006f311a3358780086d3ccd0cc0e7cab568ea303d5c
a61c089861e3cd5bb3a48cf80da84cbe10bd65b5ef6a9276fa43f4e8599876cf