![](/screenshots/ad362d0c-5f13-4ffc-952e-55e71d9907c4.png)
shipping.ewacode.work
Open in
urlscan Pro
2606:4700:3035::6815:283e
Malicious Activity!
Public Scan
Effective URL: https://shipping.ewacode.work/welcome
Submission: On January 01 via api from US — Scanned from US
Summary
TLS certificate: Issued by GTS CA 1P5 on November 17th 2023. Valid for: 3 months.
This is the only time shipping.ewacode.work was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 5 | 2606:4700:303... 2606:4700:3033::ac43:b20b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 2606:4700:303... 2606:4700:3035::6815:283e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2607:f8b0:400... 2607:f8b0:4006:822::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2606:4700:303... 2606:4700:3032::6815:101c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 140.82.113.6 140.82.113.6 | 36459 (GITHUB) (GITHUB) | |
2 | 2607:f8b0:400... 2607:f8b0:4006:81d::2003 | 15169 (GOOGLE) (GOOGLE) | |
23 | 8 |
ASN36459 (GITHUB, US)
PTR: lb-140-82-113-6-iad.github.com
api.github.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
ewacode.work
2 redirects
shipping.ewacode.work |
180 KB |
4 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29 |
3 KB |
3 |
ghbtns.com
ghbtns.com — Cisco Umbrella Rank: 104040 |
8 KB |
2 |
gstatic.com
fonts.gstatic.com |
70 KB |
2 |
github.com
api.github.com — Cisco Umbrella Rank: 4512 |
6 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 204 |
82 KB |
23 | 6 |
Domain | Requested by | |
---|---|---|
12 | shipping.ewacode.work |
2 redirects
shipping.ewacode.work
|
4 | fonts.googleapis.com |
shipping.ewacode.work
|
3 | ghbtns.com |
shipping.ewacode.work
|
2 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | api.github.com |
ghbtns.com
|
2 | cdnjs.cloudflare.com |
shipping.ewacode.work
cdnjs.cloudflare.com |
23 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ewacode.work GTS CA 1P5 |
2023-11-17 - 2024-02-15 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
ghbtns.com GTS CA 1P5 |
2023-12-28 - 2024-03-27 |
3 months | crt.sh |
*.github.com DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-02-16 - 2024-03-15 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
This page contains 4 frames:
Primary Page:
https://shipping.ewacode.work/welcome
Frame ID: 1B52542275E3AE7C084AB70FB5C251DC
Requests: 18 HTTP requests in this frame
Frame:
https://ghbtns.com/github-btn.html?user=yTakkar&type=follow&count=false&size=large
Frame ID: 906BCCDE95BD9260652C08C67C71D0DB
Requests: 2 HTTP requests in this frame
Frame:
https://ghbtns.com/github-btn.html?user=yTakkar&repo=Instagram-Clone&type=fork&count=true&size=large
Frame ID: 39B010580A79B9CDA9B4A850DF430B3E
Requests: 3 HTTP requests in this frame
Frame:
https://ghbtns.com/github-btn.html?user=yTakkar&repo=Instagram-Clone&type=star&count=true&size=large
Frame ID: 5EE73CD685673E03F0A000999DB9F1B5
Requests: 3 HTTP requests in this frame
Screenshot
![](/screenshots/ad362d0c-5f13-4ffc-952e-55e71d9907c4.png)
Page Title
InstagramPage URL History Show full URLs
- http://shipping.ewacode.work/welcome Page URL
-
http://shipping.ewacode.work/cdn-cgi/phish-bypass?atok=VUsud4K8PYlerSjV.rtAxJfXVmPpcBgzM4.gzd4MfNw-170411...
HTTP 301
http://shipping.ewacode.work/welcome HTTP 301
https://shipping.ewacode.work/welcome Page URL
Detected technologies
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
![](/vendor/wappa/icons/Google Font API.png)
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://shipping.ewacode.work/welcome Page URL
-
http://shipping.ewacode.work/cdn-cgi/phish-bypass?atok=VUsud4K8PYlerSjV.rtAxJfXVmPpcBgzM4.gzd4MfNw-1704113810-0-%2Fwelcome
HTTP 301
http://shipping.ewacode.work/welcome HTTP 301
https://shipping.ewacode.work/welcome Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
welcome
shipping.ewacode.work/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cf.errors.css
shipping.ewacode.work/cdn-cgi/styles/ |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-exclamation.png
shipping.ewacode.work/cdn-cgi/images/ |
452 B 889 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
welcome
shipping.ewacode.work/ Redirect Chain
|
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
16 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 643 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
390 B 377 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
30 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon
fonts.googleapis.com/ |
569 B 775 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
master.css
shipping.ewacode.work/public/css/ |
142 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
glyph-instagram.jpg
shipping.ewacode.work/images/needs/ |
1 KB 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dbx_29.png
shipping.ewacode.work/images/needs/ |
94 KB 95 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.1.1.min.js
shipping.ewacode.work/public/js/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modules.js
shipping.ewacode.work/public/js/ |
70 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_fn.js
shipping.ewacode.work/public/js/ |
8 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
github-btn.html
ghbtns.com/ Frame 906B |
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
github-btn.html
ghbtns.com/ Frame 39B0 |
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
github-btn.html
ghbtns.com/ Frame 5EE7 |
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Instagram-Clone
api.github.com/repos/yTakkar/ Frame 39B0 |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ |
75 KB 76 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 39B0 |
594 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Instagram-Clone
api.github.com/repos/yTakkar/ Frame 5EE7 |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 906B |
594 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 5EE7 |
594 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ |
47 KB 48 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rP2Hp2yn6lkG50LoCZOIHQ.woff2
fonts.gstatic.com/s/satisfy/v21/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| documentPictureInPicture function| $ function| jQuery string| DIR function| LinkIndicator function| replacer function| notMM function| checkGET function| nameShortener function| blur_page function| copyTextToClipboard function| getFF function| s function| notificationFeeds function| hashtagFeeds function| followersFeeds function| notificationsModel function| range function| login2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.shipping.ewacode.work/ | Name: __cf_mw_byp Value: VUsud4K8PYlerSjV.rtAxJfXVmPpcBgzM4.gzd4MfNw-1704113810-0-/welcome |
|
shipping.ewacode.work/ | Name: PHPSESSID Value: cada3d5598cec5c9d5d016e47dba55a6 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.github.com
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
ghbtns.com
shipping.ewacode.work
140.82.113.6
2606:4700:3032::6815:101c
2606:4700:3033::ac43:b20b
2606:4700:3035::6815:283e
2606:4700::6811:180e
2607:f8b0:4006:81d::2003
2607:f8b0:4006:822::200a
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
289d25d68f730e581e0a16b8bee8f63a061717973f8ac8c29ccf2ba8fed15adf
3379de026bb738a0409accff2da59963d0cd75801ebf7a33cd1f5ccd70f6b091
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd
5a77b538d3bd92cadf1ba3ef418eb3796468f2669ccc99bf5f4400e66010bbd0
6aa51b17e2dbda1c96a14dba44841b7f99ce6b9fe01dadaf12439e56aafbb93d
729d143021117867cf4fdf31b3f321ad8455bdf338a4883299fcf7bb93db58bc
74410ad57ecfdf8c7d5de1459b50aedcca8296e65a45d1be01fd9835117e743a
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7d543bf1231cc57ae34696dffd445a8386a89a30b706d57b95d03e9c397bc5c7
84b7174e9a9105ab1e27c293cb7e50967737d7818b7b5b50a59ab4cc041e5405
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8c7d871cd8d18d36b2a21076144273f1a0390ebfc6bfff9c09a4d5a5b6cb9c07
a02009d2f95d79b62b95c6de12d6614bdb36bffa6d4e756db81ec1c51c5acc34
b6505a3dd35b7e95a5227412778b90e8c6faed44b5ccabd7ac2dfc67f479a06f
c91344457d16f174f07ac7254517a5cbef5ce598e4b7da9dc857f1ac57ddd3ad
d12cca00a99b01c0733bcf54b10d6e58973732bb7d46ac38df36464e8fa4cc2a
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
ea62216563585ae3e3be70cc867beeae7a2c3657515be64c74595a9a75374fc4
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f80cde2c26511d7269baf579727b1f327442c2634891c1376660ab3531ce5466