xrpinvest.io
Open in
urlscan Pro
104.21.14.144
Malicious Activity!
Public Scan
Submission Tags: @phish_report
Submission: On April 07 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by GTS CA 1P5 on April 6th 2024. Valid for: 3 months.
This is the only time xrpinvest.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Community Verdicts: Malicious — 1 votes Show Verdicts
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
20 | 104.21.14.144 104.21.14.144 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2.19.96.40 2.19.96.40 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
4 | 23.59.234.22 23.59.234.22 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
26 | 4 |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-19-96-40.deploy.static.akamaitechnologies.com
cdn.livechatinc.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-59-234-22.deploy.static.akamaitechnologies.com
api.livechatinc.com | |
secure.livechatinc.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
xrpinvest.io
xrpinvest.io |
932 KB |
5 |
livechatinc.com
cdn.livechatinc.com — Cisco Umbrella Rank: 5784 api.livechatinc.com — Cisco Umbrella Rank: 5257 secure.livechatinc.com |
33 KB |
26 | 2 |
Domain | Requested by | |
---|---|---|
20 | xrpinvest.io |
xrpinvest.io
|
3 | api.livechatinc.com |
cdn.livechatinc.com
|
1 | secure.livechatinc.com |
cdn.livechatinc.com
|
1 | cdn.livechatinc.com |
xrpinvest.io
|
26 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
xrpinvest.io GTS CA 1P5 |
2024-04-06 - 2024-07-05 |
3 months | crt.sh |
livechat.com DigiCert TLS RSA SHA256 2020 CA1 |
2024-01-31 - 2025-01-31 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://xrpinvest.io/
Frame ID: AC7E63B8242A19E4F2DED3091726928F
Requests: 26 HTTP requests in this frame
Frame:
https://secure.livechatinc.com/customer/action/open_chat?license_id=17565399&group=0&embedded=1&widget_version=3&unique_groups=0
Frame ID: A5EFC41BA7D34A36E25C38A9B15221CB
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
100,000,000 XRP AirdropPage URL History Show full URLs
- https://xrpinvest.io/ Page URL
- https://xrpinvest.io/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
LiveChat (Live Chat) Expand
Detected patterns
- cdn\.livechatinc\.com/.*tracking\.js
Vue.js (JavaScript Frameworks) Expand
Detected patterns
- <[^>]+\sdata-v(?:ue)?-
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://xrpinvest.io/ Page URL
- https://xrpinvest.io/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
xrpinvest.io/ |
729 B 861 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
aes.js
xrpinvest.io/ |
25 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
xrpinvest.io/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index-DhCmbM-m.js
xrpinvest.io/assets/ |
32 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
modulepreload-polyfill-CbaoF5Aq.js
xrpinvest.io/assets/ |
18 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
vendor-C9IKkyzC.js
xrpinvest.io/assets/ |
147 KB 56 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap-DwSVtSv0.js
xrpinvest.io/assets/ |
32 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
QRCode-CVvsc_IA.js
xrpinvest.io/assets/ |
1020 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
vendor-CHHssw76.css
xrpinvest.io/assets/ |
226 B 633 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
QRCode-CCttx8VP.css
xrpinvest.io/assets/ |
567 B 752 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index-DSRg_0f6.css
xrpinvest.io/assets/ |
30 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tracking.js
cdn.livechatinc.com/ |
89 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo2-1f4e3db8.webp
xrpinvest.io/assets/ |
2 KB 3 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
top-img-14749ba8.webp
xrpinvest.io/assets/ |
390 KB 391 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
arr-r-1c3e0d8d.webp
xrpinvest.io/assets/ |
230 B 712 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
XRP.svg
xrpinvest.io/assets/coins/ |
821 B 900 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ii3-36df11e6.webp
xrpinvest.io/assets/ |
1 KB 2 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Rajdhani-Medium.woff
xrpinvest.io/assets/fonts/ |
141 KB 141 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Rajdhani-SemiBold.woff
xrpinvest.io/assets/fonts/ |
144 KB 145 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Rajdhani-Regular.woff
xrpinvest.io/assets/fonts/ |
138 KB 139 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get_dynamic_configuration
api.livechatinc.com/v3.6/customer/action/ |
346 B 526 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
XRP.svg
xrpinvest.io/assets/coins/ |
821 B 894 B |
XHR
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
821 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
010ee97a-3c4f-4a34-8e11-c5d8b2b6eec9
https://xrpinvest.io/ |
35 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get_configuration
api.livechatinc.com/v3.4/customer/action/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
open_chat
secure.livechatinc.com/customer/action/ Frame A5EF |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get_localization
api.livechatinc.com/v3.4/customer/action/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Malicious
page.domain
Submitted on
April 7th 2024, 2:02:07 am
UTC —
From Netherlands
Threats:
Social Engineering
Phishing
Scam
Comment: A social engineering scam site impersonates Microstrategy CEO Michael Saylor, and disguising a crypto investment event, with the site URL text or QR code on YouTube deep fake live streaming and chat.
https://bafybeifsivhjgahfdln2j7aafq4gzezzt2mlryr4btckwd3hwmzauevvsq.ipfs.w3s.link/xrpinvest.io.pdf
https://bafybeifsivhjgahfdln2j7aafq4gzezzt2mlryr4btckwd3hwmzauevvsq.ipfs.w3s.link/v%3Dw8_fP76HkAM.pdf
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| data object| __lc object| LiveChatWidget object| __VUE_INSTANCE_SETTERS__ object| __VUE_SSR_SETTERS__ boolean| __VUE__ boolean| __lc_inited object| LC_API1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
xrpinvest.io/ | Name: 0x Value: 16332ed82a430d77d8348da5a8b36940 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.livechatinc.com
cdn.livechatinc.com
secure.livechatinc.com
xrpinvest.io
104.21.14.144
2.19.96.40
23.59.234.22
0024f0573e0ce5dee207cfaee46d32f8a264c1001212eee9aa52c84855593d7f
10620c905f13a3f3af6a35efe1f9bd38018a6a15e7e6144855aab5c0543a66b6
11fcf602b7d0d1eb176dece372b99c655f79616ec55604dca5ece30f811726dc
260599c3d72befcd8281ea3e980abefaeedc93eadd23b779051524ade32b5475
2cff995198eee4c04fded9ed960c3fd3904171988606d7a6d21c92cd0c970989
4a2e8430b5d82c4ce975a2003facfeea64a11201596af93ec5abfc7299f9e39d
5e6543a810c4b208d0e46a12a9f913208df2520ea260c4f631b5c9e2ff41d602
68b560debb1ee05a6553a9df618415389748fb1643af778fb5a942c558d336ee
7489e73eca3cd520e7e55f1da467184ed75f32155b7d96ee12859eb354e94bb0
7cade10f582b7e03a423a469aa0a53d323e088fc4fe0719129907fe8aabd380f
8a554370799e0b6d6892f0c1399f0e57d553981e92ccfb7c787a1813ea31646b
8b113dd83ef1b2969525e135e58c81c8e695dde5a8ae55d3a20cef35cd7d51a3
940141bf4c226cc1a29802fc00846b8b08baeaf261b6baada709435b2cff938e
966545f3fd4f2a43b942ba77ae164dfada19dc90f3881ab8bf71406a14bbf5c9
991fa3ac0febff65dd238aa07315e6ccb792fb207828b371de8cb353bd4dd121
a04a91bcac07bac616e55a88954024e7f83d3b72e02c115448bf26f3288adab4
a5513671c178c3a866e8374400c73f4f8b00bb2e38342ede007d0696cd724c69
b4e6e8fd04828fcc108cf0526867c1e0a3eb008d53df6dec50a449a569eb2976
c6d281938be7ae9736d8e63926ba180a76a4d91c00618d6ea369b82262dac973
cecce1e3d12797cc3c93fc76d07d177016eb35c3792309654620ba44b26cd907
d7519f1e86f5d839b724758fa41daf645d916c011c556dad283a1656c7e63567
e85d0bd3d72c80ce1fc6121ffbcb0c05bd23831703b53dfb5983246862e73171
f98b247efb705942145f1d03bf47061f1643f22fb2233ade1a020b8d73db91a2
ff6dab0af0f993de5f96c014ea57d1f961a420f6eaeb6718ab1f9b2d7133e49e