literacywhip.com
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Effective URL: https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad
Submission: On July 30 via api from BE — Scanned from DE
Summary
TLS certificate: Issued by E1 on July 27th 2022. Valid for: 3 months.
This is the only time literacywhip.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2a00:1450:400... 2a00:1450:4001:806::2010 | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 65.109.4.138 65.109.4.138 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 185.147.127.212 185.147.127.212 | 49392 (ASBAXETN) (ASBAXETN) | |
1 1 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 5 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 3 |
ASN15169 (GOOGLE, US)
storage.googleapis.com |
ASN24940 (HETZNER-AS, DE)
PTR: static.138.4.109.65.clients.your-server.de
magicdeala.dns.army |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
literacywhip.com
1 redirects
literacywhip.com |
8 KB |
1 |
semimusics.com
1 redirects
semimusics.com |
754 B |
1 |
nappehair.com
nappehair.com |
388 B |
1 |
dns.army
1 redirects
magicdeala.dns.army |
362 B |
1 |
googleapis.com
storage.googleapis.com — Cisco Umbrella Rank: 446 |
870 B |
6 | 5 |
Domain | Requested by | |
---|---|---|
5 | literacywhip.com |
1 redirects
nappehair.com
literacywhip.com |
1 | semimusics.com | 1 redirects |
1 | nappehair.com |
storage.googleapis.com
|
1 | magicdeala.dns.army | 1 redirects |
1 | storage.googleapis.com | |
6 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
storage.googleapis.com GTS CA 1C3 |
2022-07-11 - 2022-10-03 |
3 months | crt.sh |
nappehair.com R3 |
2022-07-13 - 2022-10-11 |
3 months | crt.sh |
*.literacywhip.com E1 |
2022-07-27 - 2022-10-25 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad
Frame ID: 496E1B17CC78C71840A0FFBF49CED10B
Requests: 6 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://storage.googleapis.com/lolvoipsakslass/radarociaso.html Page URL
-
http://magicdeala.dns.army/r.php?t=c&d=339041&l=7485&c=3050
HTTP 302
https://nappehair.com/0/2/14769/b687b638cc6daf434a1e817ee35ce4ca/30/339041/32/7485/3050 Page URL
-
https://semimusics.com/?s1=350525&s2=768203006&s3=2565&s4=0&ow=&s10=739
HTTP 302
https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad Page URL
-
https://literacywhip.com/cdn-cgi/phish-bypass?atok=I4Bhf1uVT7r30spnFWs805lIYh_s.esBnkCIQOiu6d0-165913...
HTTP 301
https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://storage.googleapis.com/lolvoipsakslass/radarociaso.html Page URL
-
http://magicdeala.dns.army/r.php?t=c&d=339041&l=7485&c=3050
HTTP 302
https://nappehair.com/0/2/14769/b687b638cc6daf434a1e817ee35ce4ca/30/339041/32/7485/3050 Page URL
-
https://semimusics.com/?s1=350525&s2=768203006&s3=2565&s4=0&ow=&s10=739
HTTP 302
https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad Page URL
-
https://literacywhip.com/cdn-cgi/phish-bypass?atok=I4Bhf1uVT7r30spnFWs805lIYh_s.esBnkCIQOiu6d0-1659139612-0-%2F55ec4192ad0f3e90dd0dfaf83f8b24ad
HTTP 301
https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- http://magicdeala.dns.army/r.php?t=c&d=339041&l=7485&c=3050 HTTP 302
- https://nappehair.com/0/2/14769/b687b638cc6daf434a1e817ee35ce4ca/30/339041/32/7485/3050
- https://semimusics.com/?s1=350525&s2=768203006&s3=2565&s4=0&ow=&s10=739 HTTP 302
- https://literacywhip.com/55ec4192ad0f3e90dd0dfaf83f8b24ad
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
radarociaso.html
storage.googleapis.com/lolvoipsakslass/ |
286 B 870 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3050
nappehair.com/0/2/14769/b687b638cc6daf434a1e817ee35ce4ca/30/339041/32/7485/ Redirect Chain
|
134 B 388 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
55ec4192ad0f3e90dd0dfaf83f8b24ad
literacywhip.com/ Redirect Chain
|
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cf.errors.css
literacywhip.com/cdn-cgi/styles/ |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-exclamation.png
literacywhip.com/cdn-cgi/images/ |
452 B 670 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
55ec4192ad0f3e90dd0dfaf83f8b24ad
literacywhip.com/ Redirect Chain
|
16 B 674 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
nappehair.com/ | Name: uid2565 Value: 768203006-20220729200652-d806c8ba88436b73554557a6a6d4cbd7-0 |
|
semimusics.com/ | Name: PHPSESSID Value: b74ad5b3a07c92cdf575fd659c0b690d |
|
.literacywhip.com/ | Name: __cf_mw_byp Value: I4Bhf1uVT7r30spnFWs805lIYh_s.esBnkCIQOiu6d0-1659139612-0-/55ec4192ad0f3e90dd0dfaf83f8b24ad |
|
literacywhip.com/ | Name: PHPSESSID Value: e9553960b955a677e93285214094910a |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
literacywhip.com
magicdeala.dns.army
nappehair.com
semimusics.com
storage.googleapis.com
185.147.127.212
188.114.96.3
2a00:1450:4001:806::2010
2a06:98c1:3121::3
65.109.4.138
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
3168e90d92b4bf950780a32168d4535abe0edc93db304ddf309a4c9cfb9f99f4
89e4dfaaca84f09a76429cea8f0ff6b476b93d4988247399e381a7bfa114f20b
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016