urlscan.io logo urlscan.io
SecurityTrails logo

literacywhip.com Open in urlscan Pro
2a06:98c1:3121::3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://storage.googleapis.com/lolvoipsakslass/radarociaso.html#r.php?t=c&d=339041&l=7485&c=3050
Effective URL: https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad
Submission: On July 30 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 4 countries across 5 domains to perform 6 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is literacywhip.com.
TLS certificate: Issued by E1 on July 27th 2022. Valid for: 3 months.
This is the only time literacywhip.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
1 2a00:1450:400... 15169 (GOOGLE)
1 1 65.109.4.138 24940 (HETZNER-AS)
1 185.147.127.212 49392 (ASBAXETN)
1 1 188.114.96.3 13335 (CLOUDFLAR...)
1 5 2a06:98c1:312... 13335 (CLOUDFLAR...)
6 3
1    2a00:1450:4001:806::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
storage.googleapis.com
1    65.109.4.138 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.138.4.109.65.clients.your-server.de
magicdeala.dns.army
1    185.147.127.212 (Warsaw, Poland)

ASN49392 (ASBAXETN, RU)
nappehair.com
1    188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
semimusics.com
5    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
literacywhip.com
Apex Domain
Subdomains		 Transfer
5 literacywhip.com
literacywhip.com
8 KB
1 semimusics.com
semimusics.com
754 B
1 nappehair.com
nappehair.com
388 B
1 dns.army
magicdeala.dns.army
362 B
1 googleapis.com
storage.googleapis.com — Cisco Umbrella Rank: 446
870 B
6 5
Domain Requested by
5 literacywhip.com 1 redirects nappehair.com
literacywhip.com
1 semimusics.com 1 redirects
1 nappehair.com storage.googleapis.com
1 magicdeala.dns.army 1 redirects
1 storage.googleapis.com
6 5

This site contains no links.

Subject Issuer Validity Valid
storage.googleapis.com
GTS CA 1C3		 2022-07-11 -
2022-10-03		 3 months crt.sh
nappehair.com
R3		 2022-07-13 -
2022-10-11		 3 months crt.sh
*.literacywhip.com
E1		 2022-07-27 -
2022-10-25		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad
Frame ID: 496E1B17CC78C71840A0FFBF49CED10B
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://storage.googleapis.com/lolvoipsakslass/radarociaso.html Page URL
  2. http://magicdeala.dns.army/r.php?t=c&d=339041&l=7485&c=3050 HTTP 302
    https://nappehair.com/0/2/14769/b687b638cc6daf434a1e817ee35ce4ca/30/339041/32/7485/3050 Page URL
  3. https://semimusics.com/?s1=350525&s2=768203006&s3=2565&s4=0&ow=&s10=739 HTTP 302
    https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad Page URL
  4. https://literacywhip.com/cdn-cgi/phish-bypass?atok=I4Bhf1uVT7r30spnFWs805lIYh_s.esBnkCIQOiu6d0-165913... HTTP 301
    https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad Page URL

Page Statistics

6
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

3
IPs

4
Countries

9 kB
Transfer

29 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://storage.googleapis.com/lolvoipsakslass/radarociaso.html Page URL
  2. http://magicdeala.dns.army/r.php?t=c&d=339041&l=7485&c=3050 HTTP 302
    https://nappehair.com/0/2/14769/b687b638cc6daf434a1e817ee35ce4ca/30/339041/32/7485/3050 Page URL
  3. https://semimusics.com/?s1=350525&s2=768203006&s3=2565&s4=0&ow=&s10=739 HTTP 302
    https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad Page URL
  4. https://literacywhip.com/cdn-cgi/phish-bypass?atok=I4Bhf1uVT7r30spnFWs805lIYh_s.esBnkCIQOiu6d0-1659139612-0-%2F55ec4192ad0f3e90dd0dfaf83f8b24ad HTTP 301
    https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://magicdeala.dns.army/r.php?t=c&d=339041&l=7485&c=3050 HTTP 302
  • https://nappehair.com/0/2/14769/b687b638cc6daf434a1e817ee35ce4ca/30/339041/32/7485/3050
Request Chain 2
  • https://semimusics.com/?s1=350525&s2=768203006&s3=2565&s4=0&ow=&s10=739 HTTP 302
  • https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
radarociaso.html
storage.googleapis.com/lolvoipsakslass/ 		286 B
870 B 		Document
General
Check archive.org
Download Go to
Full URL
https://storage.googleapis.com/lolvoipsakslass/radarociaso.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1258
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-length
286
content-type
text/html
date
Fri, 29 Jul 2022 23:45:52 GMT
etag
"d90f65f49ded723877394e7d5939abf6"
expires
Sat, 30 Jul 2022 00:45:52 GMT
last-modified
Sat, 11 Jun 2022 03:19:57 GMT
server
UploadServer
x-goog-generation
1654917597694941
x-goog-hash
crc32c=MkYxfA== md5=2Q9l9J3tcjh3OU59WTmr9g==
x-goog-metageneration
1
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
286
x-guploader-uploadid
ADPycdvEkY8Dcdx8uP0o6b14IUsghMR1es6pZkczZJWcbmvsjj5qQ0_kmgSwKfj4sPkwfkLYW0fIm5z-MioG74DR7KUKevovDbuE
3050
nappehair.com/0/2/14769/b687b638cc6daf434a1e817ee35ce4ca/30/339041/32/7485/
Redirect Chain
  • http://magicdeala.dns.army/r.php?t=c&d=339041&l=7485&c=3050
  • https://nappehair.com/0/2/14769/b687b638cc6daf434a1e817ee35ce4ca/30/339041/32/7485/3050
134 B
388 B 		Document
General
Check archive.org
Download Go to
Full URL
https://nappehair.com/0/2/14769/b687b638cc6daf434a1e817ee35ce4ca/30/339041/32/7485/3050
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/lolvoipsakslass/radarociaso.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.147.127.212 Warsaw, Poland, ASN49392 (ASBAXETN, RU),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Referer
https://storage.googleapis.com/lolvoipsakslass/radarociaso.html#r.php?t=c&d=339041&l=7485&c=3050
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
134
content-type
text/html; charset=UTF-8
date
Sat, 30 Jul 2022 00:06:52 GMT
server
Apache

Redirect headers

Connection
Keep-Alive
Content-Length
25
Content-Type
text/html; charset=UTF-8
Date
Sat, 30 Jul 2022 00:06:50 GMT
Keep-Alive
timeout=5, max=100
Location
https://nappehair.com/0/2/14769/b687b638cc6daf434a1e817ee35ce4ca/30/339041/32/7485/3050
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By
PHP/5.4.16
55ec4192ad0f3e90dd0dfaf83f8b24ad
literacywhip.com/
Redirect Chain
  • https://semimusics.com/?s1=350525&s2=768203006&s3=2565&s4=0&ow=&s10=739
  • https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad
5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad
Requested by
Host: nappehair.com
URL: https://nappehair.com/0/2/14769/b687b638cc6daf434a1e817ee35ce4ca/30/339041/32/7485/3050
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3168e90d92b4bf950780a32168d4535abe0edc93db304ddf309a4c9cfb9f99f4
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://nappehair.com/0/2/14769/b687b638cc6daf434a1e817ee35ce4ca/30/339041/32/7485/3050
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-ray
7329d9d46ead92ae-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 30 Jul 2022 00:06:52 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VlKhqa5xuaA%2BTda2BT%2Bxw8y9b3wnYUruj3WB83IQ0kPu6IyYO%2BNq2X6UBn58K9hjPqnXT%2FVZvMC6vvQDHtOp5L89z6yQhrs0JHMijK7Rfawk%2BRRpUt6ABAp%2FLSpORMZpMOoFrc5ELy39esJysdJN"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache, no-store, must-revalidate, max-age=0
cf-cache-status
DYNAMIC
cf-ray
7329d9d10adcbb38-FRA
content-type
text/html; charset=UTF-8
date
Sat, 30 Jul 2022 00:06:52 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E%2BSz8IWVt6YdL7l1%2BiqXz4yi9iBtvKF6jjfWglDQKv25iL6FJ5PgilqcqYrxtMmINRmRON4hj3uFI%2FEtNAG4xdo2vEvWe07%2Bfns8IGAAha26F5PMqV4V2195MHW8Zmcdag%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
User-Agent,User-Agent
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
cf.errors.css
literacywhip.com/cdn-cgi/styles/ 		24 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://literacywhip.com/cdn-cgi/styles/cf.errors.css
Requested by
Host: literacywhip.com
URL: https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sat, 30 Jul 2022 00:06:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 27 Jul 2022 10:58:52 GMT
server
cloudflare
etag
W/"62e11a6c-5e44"
x-frame-options
DENY
content-type
text/css
cache-control
max-age=7200, public
cf-ray
7329d9d47eba92ae-FRA
vary
Accept-Encoding
expires
Sat, 30 Jul 2022 02:06:52 GMT
icon-exclamation.png
literacywhip.com/cdn-cgi/images/ 		452 B
670 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://literacywhip.com/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: literacywhip.com
URL: https://literacywhip.com/cdn-cgi/styles/cf.errors.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://literacywhip.com/cdn-cgi/styles/cf.errors.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sat, 30 Jul 2022 00:06:52 GMT
x-content-type-options
nosniff
last-modified
Wed, 27 Jul 2022 10:58:52 GMT
server
cloudflare
etag
"62e11a6c-1c4"
x-frame-options
DENY
content-type
image/png
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
7329d9d49ab6bbd4-FRA
vary
Accept-Encoding
content-length
452
expires
Sat, 30 Jul 2022 02:06:52 GMT
Primary Request 55ec4192ad0f3e90dd0dfaf83f8b24ad
literacywhip.com/
Redirect Chain
  • https://literacywhip.com/cdn-cgi/phish-bypass?atok=I4Bhf1uVT7r30spnFWs805lIYh_s.esBnkCIQOiu6d0-1659139612-0-%2F55ec4192ad0f3e90dd0dfaf83f8b24ad
  • https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad
16 B
674 B 		Document
General
Check archive.org
Download Go to
Full URL
https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89e4dfaaca84f09a76429cea8f0ff6b476b93d4988247399e381a7bfa114f20b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7329d9f25fc2bbd4-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 30 Jul 2022 00:06:57 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SfKnjRA8vhm%2Bmyn6f5xNlAICj1newng0Qan6bh8GPyCWjJ8i3646vWClfvQvjtwLVZBuwoBM%2FvlBGpXqwiPW82frb4DZYAv5uqMFrg2p6KySeTjtzsghjwNmxq0ZItdQlppgPyyWhUi6qF54e6VT"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

cache-control
private, no-cache
cf-ray
7329d9f24fbbbbd4-FRA
content-length
167
content-type
text/html
date
Sat, 30 Jul 2022 00:06:57 GMT
location
https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad
server
cloudflare
x-content-type-options
nosniff
x-frame-options
DENY

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

4 Cookies

Domain/Path Name / Value
nappehair.com/ Name: uid2565
Value: 768203006-20220729200652-d806c8ba88436b73554557a6a6d4cbd7-0
semimusics.com/ Name: PHPSESSID
Value: b74ad5b3a07c92cdf575fd659c0b690d
.literacywhip.com/ Name: __cf_mw_byp
Value: I4Bhf1uVT7r30spnFWs805lIYh_s.esBnkCIQOiu6d0-1659139612-0-/55ec4192ad0f3e90dd0dfaf83f8b24ad
literacywhip.com/ Name: PHPSESSID
Value: e9553960b955a677e93285214094910a

1 Console Messages

Source Level URL
Text
network error URL: https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad
Message:
Failed to load resource: the server responded with a status of 404 ()