csgo.wf
Open in
urlscan Pro
154.12.37.211
Public Scan
URL:
https://csgo.wf/
Submission Tags: phishingrod
Submission: On December 15 via api from DE — Scanned from DE
Submission Tags: phishingrod
Submission: On December 15 via api from DE — Scanned from DE
Summary
This website contacted 3 IPs
in 2 countries
across 3 domains to perform 15 HTTP transactions.
The main IP is 154.12.37.211, located in
United States and
belongs to NETLAB, CA.
The main domain is csgo.wf.
TLS certificate: Issued by R3 on June 30th 2022. Valid for: 3 months.
This is the only time csgo.wf was scanned on urlscan.io!
TLS certificate: Issued by R3 on June 30th 2022. Valid for: 3 months.
This is the only time csgo.wf was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 154.12.37.211 154.12.37.211 | 35251 (NETLAB) (NETLAB) | |
| 13 | 103.219.30.184 103.219.30.184 | 56041 (CMNET-ZHE...) (CMNET-ZHEJIANG-AP China Mobile communications corporation) | |
| 1 | 240e:95c:3002... 240e:95c:3002:1:3::3ed | 58563 (CHINATELE...) (CHINATELECOM-HUBEI-IDC CHINANET Hubei province network) | |
| 15 | 3 |
13
103.219.30.184
(China)
ASN56041 (CMNET-ZHEJIANG-AP China Mobile communications corporation, CN)
ASN56041 (CMNET-ZHEJIANG-AP China Mobile communications corporation, CN)
| kodplay.com |
1
240e:95c:3002:1:3::3ed
(China)
ASN58563 (CHINATELECOM-HUBEI-IDC CHINANET Hubei province network, CN)
ASN58563 (CHINATELECOM-HUBEI-IDC CHINANET Hubei province network, CN)
| v1.cnzz.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 13 |
kodplay.com
kodplay.com |
352 KB |
| 1 |
cnzz.com
v1.cnzz.com — Cisco Umbrella Rank: 83268 |
434 B |
| 1 |
csgo.wf
csgo.wf |
4 KB |
| 15 | 3 |
| Domain | Requested by | |
|---|---|---|
| 13 | kodplay.com |
csgo.wf
|
| 1 | v1.cnzz.com |
csgo.wf
|
| 1 | csgo.wf | |
| 15 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| jq.qq.com |
| pay.qishuka.cc |
| beian.miit.gov.cn |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| uuyzf.com R3 |
2022-06-30 - 2022-09-28 |
3 months | crt.sh |
| www.kodplay.com R3 |
2022-11-12 - 2023-02-10 |
3 months | crt.sh |
| *.cnzz.com GlobalSign Organization Validation CA - SHA256 - G2 |
2022-01-11 - 2023-02-12 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://csgo.wf/
Frame ID: 55F071B3880C435D255A52A0E4083BE4
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
爱云付_即时到账|兼容易支付接口|个人二维码收款监控系统Detected technologies
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
CNZZ
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- //[^./]+\.cnzz\.com/(?:z_stat.php|core)\?
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
URL: https://jq.qq.com/?_wv=1027&k=OskJFLU2
Title: 联系我们
Title: 联系我们
Search URL Search Domain Scan URL
URL: http://pay.qishuka.cc/
Title: T+1易支付
Title: T+1易支付
Search URL Search Domain Scan URL
URL: http://beian.miit.gov.cn/
Title: 浙ICP备2021013898号-3
Title: 浙ICP备2021013898号-3
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
csgo.wf/ |
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.css
kodplay.com/uuyzf/static/css/ |
119 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.css
kodplay.com/uuyzf/static/css/ |
56 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.png
kodplay.com/uuyzf/static/picture/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bg2.png
kodplay.com/uuyzf/static/picture/ |
286 KB 287 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ssl.svg
kodplay.com/uuyzf/static/picture/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
wechatpay.svg
kodplay.com/uuyzf/static/picture/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
server.svg
kodplay.com/uuyzf/static/picture/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
risk.svg
kodplay.com/uuyzf/static/picture/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
easy.svg
kodplay.com/uuyzf/static/picture/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
easyapi-logo.svg
kodplay.com/uuyzf/static/picture/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
shop2.svg
kodplay.com/uuyzf/static/picture/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
money.svg
kodplay.com/uuyzf/static/picture/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
doudou.svg
kodplay.com/uuyzf/static/picture/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
z_stat.php
v1.cnzz.com/ |
0 434 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| csgo.wf/ | Name: PHPSESSID Value: 0ab23f837f43ff78e1112ea48122af2b |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
csgo.wf
kodplay.com
v1.cnzz.com
103.219.30.184
154.12.37.211
240e:95c:3002:1:3::3ed
1071c7a52ecec65838c7d17b5e94d1409711e1be34a47f421eb2c0cd86cbf681
1281eb1e3845f0c45d51e094c14c36cf04b60339bc028debf080c04dc477c4a4
45f90c09db4e9059cde75336b8a8d6af6c3bb92b0cab21f6df1a9be6fc73ecd2
48017b6ef1fe2f1f9627d797bb3e9e3ea61e30c949f574dda0001f313f82cef2
50840c61407cb032bb78b03738c9c301450669f4a6543a7428b27b4d519dc7eb
76679f5a1c8fcc9bb580a43fcea4d408140e89785c62a716562417ce6844fe3f
7bd9c7c84b93d715c2e542ddaee8ac8f0e8c95b544a4ed0840bddb05e244a9eb
9b6e66542dc67c64cb49e87e18686732b2baa1e63d6f34202c872533d20e26f0
bd059c25524b128eeb2da1849f7aaa63c5ef8623089fcd83edabddf3780dcdd8
bf446eb977e7e3766d07aa0260e512b5ad2982a1789195f89fe3335106932c50
c4ba2b84ade43d3be2708e87fe6a346cd33231fcca5a69cb04bde7693df2cbe6
dd0e8f3a9faea7499d0e41dadcc71b1e806b7fe2cd0f57ad5f349d9fe2a2732f
dd469fb0bbbfe8bb91cccc0f47d10834e1c3c8ba1dfd556278fe69a9a5461cab
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e757a772c8b5da9790ffe41c98ca6d9cf9e926f2c2b10cde5df329f1e400bdda