www.aquaimperial.in
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Public Scan
Submission: On August 03 via manual from AU — Scanned from NL
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 6th 2022. Valid for: a year.
This is the only time www.aquaimperial.in was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 2600:9000:205... 2600:9000:2057:a00:10:7abf:f800:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2606:50c0:800... 2606:50c0:8000::153 | 54113 (FASTLY) (FASTLY) | |
13 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
aquaimperial.in
www.aquaimperial.in |
71 KB |
2 |
sitepoint.com
1 redirects
www.sitepoint.com — Cisco Umbrella Rank: 221982 i2.sitepoint.com |
6 KB |
13 | 2 |
Domain | Requested by | |
---|---|---|
12 | www.aquaimperial.in |
www.aquaimperial.in
|
1 | i2.sitepoint.com |
www.aquaimperial.in
|
1 | www.sitepoint.com | 1 redirects |
13 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-06 - 2023-06-05 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://www.aquaimperial.in/jb/kiwi/login.php
Frame ID: E4CBAB9D46E419C2C43D2E42D1E81440
Requests: 10 HTTP requests in this frame
Frame:
https://www.aquaimperial.in/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1659484800
Frame ID: 5A2D2C3D9E13881C3F92FC0E7CAE0A1A
Requests: 3 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js HTTP 301
- https://i2.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.php
www.aquaimperial.in/jb/kiwi/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MaskedPassword.js
i2.sitepoint.com/examples/password/MaskedPassword/ Redirect Chain
|
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w1.png
www.aquaimperial.in/jb/kiwi/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
w2.png
www.aquaimperial.in/jb/kiwi/images/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
w3.png
www.aquaimperial.in/jb/kiwi/images/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
w4.png
www.aquaimperial.in/jb/kiwi/images/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
w5.png
www.aquaimperial.in/jb/kiwi/images/ |
556 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
w6.png
www.aquaimperial.in/jb/kiwi/images/ |
485 B 1022 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
w7.png
www.aquaimperial.in/jb/kiwi/images/ |
357 B 895 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
wlg.png
www.aquaimperial.in/jb/kiwi/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
invisible.js
www.aquaimperial.in/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame 5A2D |
42 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pica.js
www.aquaimperial.in/cdn-cgi/challenge-platform/h/b/scripts/ Frame 5A2D |
19 KB 7 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
734b35bc6e6abbec
www.aquaimperial.in/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 5A2D |
2 B 723 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| MaskedPassword function| unhideBody1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.aquaimperial.in/ | Name: __cf_bm Value: hpXN_Cy2RrtmzmHDKX9eXzGrewqHzVdWD7iQFYvD9I8-1659489408-0-AeSB9PfzrTS4y6v/iJT1h0DEOSyEUMJFNuvqJYc1/vbe8ti0E4Pmkip2L5WA3UNotgGwelI51mUwgCfsMYgrSqBLv2Gm8PTizmfB0M7mhvXLM8LJxu8aBkUggjes72zsvg== |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
i2.sitepoint.com
www.aquaimperial.in
www.sitepoint.com
2600:9000:2057:a00:10:7abf:f800:93a1
2606:50c0:8000::153
2a06:98c1:3120::3
08c6db9f391d14b7c1424f9f9ddc8c92db25f2410c6182c73b6b712d56818710
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2a561e91a1cabd0fac5d8d1ceaae6dd88c511e2f33eb69415ec9b66169e37a9f
2b891501100ecfea520da3c4679ab97fc442afd3399e87585c76c5e4a4ae1f32
2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825
336e63c708741f26d7a89fbe063d8b4f5382917e0931bce8b4285fa2aeb1bbb5
494d597f402d00da5845993b835008d5e79fc28adacc34f32af6d4fe5cab9230
92097b63da53e9049b3e4ec5ab39f5a020ed056adeb0ee07dd1e3b080b9c387e
a3999a9d60ca8ea8bfbb7f975971c243e3c0426ec9c5c4be0ce72d04a390374d
c79baf4b455762f1e0b9c973ba2e382b01dd6f0ef76ef5d63ad1448211c4856c
d08fe6c302df5d5f7733de5fba8f8295dc68da21ce37871e27eaead7cac8c71d
d5cc028a3a0b7a9cb7ddea9a57a2c6a310f6f7edd378d5fd89f333c50efacbc6
da755db1ffd196aef8b31bb32a660802914fecb83430f157e635d3e84c901d9e