ledgrcmstrat.azurewebsites.net
Open in
urlscan Pro
20.119.16.58
Malicious Activity!
Public Scan
Submission: On April 08 via automatic, source links-suspicious — Scanned from DE
Summary
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 08 on March 13th 2024. Valid for: a year.
This is the only time ledgrcmstrat.azurewebsites.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Ledger (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 20.119.16.58 20.119.16.58 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
1 | 2a00:1450:400... 2a00:1450:4001:82f::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.16.88.20 104.16.88.20 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a00:1450:400... 2a00:1450:4001:809::2003 | 15169 (GOOGLE) (GOOGLE) | |
20 | 7 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ledgrcmstrat.azurewebsites.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
azurewebsites.net
ledgrcmstrat.azurewebsites.net |
593 KB |
2 |
gstatic.com
fonts.gstatic.com |
61 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 332 |
61 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237 |
36 KB |
1 |
cdn-js.xyz
cdn-js.xyz — Cisco Umbrella Rank: 326450 |
600 B |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 38 |
1 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 759 |
30 KB |
20 | 7 |
Domain | Requested by | |
---|---|---|
11 | ledgrcmstrat.azurewebsites.net |
ledgrcmstrat.azurewebsites.net
|
2 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | cdn.jsdelivr.net |
ledgrcmstrat.azurewebsites.net
|
2 | cdnjs.cloudflare.com |
ledgrcmstrat.azurewebsites.net
|
1 | cdn-js.xyz |
ledgrcmstrat.azurewebsites.net
|
1 | fonts.googleapis.com |
ledgrcmstrat.azurewebsites.net
|
1 | code.jquery.com |
ledgrcmstrat.azurewebsites.net
|
20 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.azurewebsites.net Microsoft Azure RSA TLS Issuing CA 08 |
2024-03-13 - 2025-03-08 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-03-04 - 2024-05-27 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
cdn-js.xyz GTS CA 1P5 |
2024-02-26 - 2024-05-26 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2024-03-04 - 2024-05-27 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://ledgrcmstrat.azurewebsites.net/
Frame ID: 16A0600D05420F7EAD2244A8371C806B
Requests: 19 HTTP requests in this frame
Frame:
https://ledgrcmstrat.azurewebsites.net/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible5615.js?ts=1712534400
Frame ID: F3FFC6758475698CAE97401A6C9D2579
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Ledger LiveDetected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
SweetAlert2 (JavaScript Libraries) Expand
Detected patterns
- /npm/sweetalert2@([\d.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 11- http://cdn.jsdelivr.net/npm/sweetalert2@11 HTTP 307
- https://cdn.jsdelivr.net/npm/sweetalert2@11
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
ledgrcmstrat.azurewebsites.net/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.7.0.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
13 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
UMX9jlahOh2Y.css
ledgrcmstrat.azurewebsites.net/assets/css/ |
28 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/css/ |
99 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/ |
100 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
code
cdn-js.xyz/ |
32 B 600 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
XwosZn6rPfVN.js
ledgrcmstrat.azurewebsites.net/assets/js/ |
510 KB 510 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
ledgrcmstrat.azurewebsites.net/assets/css/ |
9 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
emojione.min.js
cdn.jsdelivr.net/emojione/2.2.7/lib/js/ |
295 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mfkNbEskGSwj.svg
ledgrcmstrat.azurewebsites.net/assets/image/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script3.js
ledgrcmstrat.azurewebsites.net/assets/js/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sweetalert2@11
cdn.jsdelivr.net/npm/ Redirect Chain
|
74 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aFTR7PB1QTsUX8KYvumzEYOtbQ.woff2
fonts.gstatic.com/s/dmmono/v14/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/ |
46 KB 46 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
video.mp4
ledgrcmstrat.azurewebsites.net/assets/media/ |
78 KB 0 |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
invisible5615.js
ledgrcmstrat.azurewebsites.net/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame F3FF |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
video.mp4
ledgrcmstrat.azurewebsites.net/assets/media/ |
37 KB 37 KB |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
video.mp4
ledgrcmstrat.azurewebsites.net/assets/media/ |
3 MB 0 |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
ledgrcmstrat.azurewebsites.net/ |
555 B 349 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Ledger (Crypto Exchange)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 function| $ function| jQuery object| bip39 function| handle_check object| emojione function| Sweetalert2 function| SweetAlert function| Swal function| sweetAlert function| swal function| preventBack function| getDomainFromUrl string| referring_domain object| referring_domain_inputs0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn-js.xyz
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
ledgrcmstrat.azurewebsites.net
104.16.88.20
104.17.25.14
188.114.96.3
20.119.16.58
2a00:1450:4001:809::2003
2a00:1450:4001:82f::200a
2a04:4e42:200::649
088d1bf639f9a9e3f2ca38cf1ea4c88002c79d6f3e4706868aa3d9f27208109f
1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf
338e171ecd2e7b7b1d89c2bed70f9a33477b1345be879b35a211925b67476dcf
3b5d7370611deb0e12405966f22fd493954007e12134d9b29d52f39f04ba4c9e
441ebb445d025f1255f17fbe150a46fd5f983ee862e916ce8077689aadafbb68
4d4a8f0789d163f94594d4586afea237103ae7f6512aa83954ed82d827495793
51f3dc3feea6cddc0a63d46a13273e630fce2daf5ecc087603057db856482f0c
6a6a805585f78ad5b101cdb78e2d27ffffef31c7fd32c116cb698d49b4e88c83
6dfef22a45d7f37bc1a1d05430e857505c4644b5b696a68bb2ee5f1bd61bf447
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
8d1833dcad9957ba00e64580be832bfc6ed0197d694938555e98166da6efc38a
c39d4cb55bfcc647dff0043e19abba4af117c63428b0928afd101bb17d64b0fe
c5e8e8eb22e2eaf1ad02370c22c63c04774ab0b83b4329d5945333750814bb2f
d8637afc3e6a2a5512a1d6914980ba597263c1d015c8c6940ed04f59447f9d0e
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
e36ea94fc93913942229c438258e927f8700b55fa816cc38106ccf14992ef9c2
f5c06455e539dcd889f7f05d709b5adc76c444099fe57f431365af2fc57e803b