![](/screenshots/dcdb7d68-2a4d-42b2-9fd7-04997ada9b71.png)
vww-lkralken.com
Open in
urlscan Pro
104.21.56.240
Malicious Activity!
Public Scan
Effective URL: https://vww-lkralken.com/?WT.ac=PLO75459&tl_cookie=Z2xQQVpWb01Bd3p4T25oNWRCSzI0MEQxT2RORjdZUTUzeVlXcGpkaW5yb3hIZk9lTTRDVU...
Submission Tags: @ecarlesi threat phishing krakenfx Search All
Submission: On April 11 via api from IT — Scanned from IT
Summary
TLS certificate: Issued by GTS CA 1P5 on April 10th 2024. Valid for: 3 months.
This is the only time vww-lkralken.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Kraken (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
26 | 104.21.56.240 104.21.56.240 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 151.101.130.137 151.101.130.137 | 54113 (FASTLY) (FASTLY) | |
36 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
26 |
vww-lkralken.com
vww-lkralken.com |
73 KB |
2 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 806 |
31 KB |
36 | 2 |
Domain | Requested by | |
---|---|---|
26 | vww-lkralken.com |
vww-lkralken.com
code.jquery.com |
2 | code.jquery.com |
vww-lkralken.com
|
36 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
vww-lkralken.com GTS CA 1P5 |
2024-04-10 - 2024-07-09 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://vww-lkralken.com/?WT.ac=PLO75459&tl_cookie=Z2xQQVpWb01Bd3p4T25oNWRCSzI0MEQxT2RORjdZUTUzeVlXcGpkaW5yb3hIZk9lTTRDVUtHS3g3WjZKeUVVcTFySURxN0N4Q0FhbnMyNE9qWTBYVHhxMWhBWGFhYnRpenViMQ%3D%3D
Frame ID: 0E345CC69BF473EC6A0483BB606B0464
Requests: 38 HTTP requests in this frame
Screenshot
![](/screenshots/dcdb7d68-2a4d-42b2-9fd7-04997ada9b71.png)
Page Title
Kraken | Buy, Sell and Margin Trade Bitcoin (BTC) and Ethereum (ETH)Page URL History Show full URLs
- https://vww-lkralken.com/ Page URL
- https://vww-lkralken.com/?WT.ac=PLO75459&tl_cookie=Z2xQQVpWb01Bd3p4T25oNWRCSzI0MEQxT2RORjdZUTUzeVlXcG... Page URL
Detected technologies
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://vww-lkralken.com/ Page URL
- https://vww-lkralken.com/?WT.ac=PLO75459&tl_cookie=Z2xQQVpWb01Bd3p4T25oNWRCSzI0MEQxT2RORjdZUTUzeVlXcGpkaW5yb3hIZk9lTTRDVUtHS3g3WjZKeUVVcTFySURxN0N4Q0FhbnMyNE9qWTBYVHhxMWhBWGFhYnRpenViMQ%3D%3D Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
36 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
/
vww-lkralken.com/ |
14 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
vww-lkralken.com/auth_files/ |
89 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery-1.11.3.min.js
vww-lkralken.com/assets/js/ |
94 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
vww-lkralken.com/assets/js/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.4.min.js
code.jquery.com/ |
88 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sign-in.498bf30c.svg
vww-lkralken.com/ |
25 KB 10 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bg-left.0d8061f6.svg
vww-lkralken.com/auth_files/ |
548 B 548 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
bg-right.cc0f5605.svg
vww-lkralken.com/auth_files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
IBMPlexSans-Medium.65f4b020.woff2
vww-lkralken.com/auth_files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
IBMPlexSans-Bold.7f197331.woff2
vww-lkralken.com/auth_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CeliasW05-Thin.8a81ff31.woff2
vww-lkralken.com/auth_files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
IBMPlexSans-Regular.85dafea3.woff2
vww-lkralken.com/auth_files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
vww-lkralken.com/ |
14 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
IBMPlexSans-Bold.3565f4fc.woff
vww-lkralken.com/auth_files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
IBMPlexSans-Regular.2b5dccff.woff
vww-lkralken.com/auth_files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
CeliasW05-Thin.672ba764.woff
vww-lkralken.com/auth_files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
IBMPlexSans-Medium.f9a6d1bc.woff
vww-lkralken.com/auth_files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
vww-lkralken.com/auth_files/ |
89 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery-1.11.3.min.js
vww-lkralken.com/assets/js/ |
94 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
vww-lkralken.com/assets/js/ |
5 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.4.min.js
code.jquery.com/ |
88 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sign-in.498bf30c.svg
vww-lkralken.com/ |
25 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bg-left.0d8061f6.svg
vww-lkralken.com/auth_files/ |
548 B 548 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bg-right.cc0f5605.svg
vww-lkralken.com/auth_files/ |
548 B 548 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
IBMPlexSans-Medium.65f4b020.woff2
vww-lkralken.com/auth_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
IBMPlexSans-Bold.7f197331.woff2
vww-lkralken.com/auth_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
CeliasW05-Thin.8a81ff31.woff2
vww-lkralken.com/auth_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
IBMPlexSans-Regular.85dafea3.woff2
vww-lkralken.com/auth_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
CeliasW05-Thin.672ba764.woff
vww-lkralken.com/auth_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
IBMPlexSans-Medium.f9a6d1bc.woff
vww-lkralken.com/auth_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
IBMPlexSans-Bold.3565f4fc.woff
vww-lkralken.com/auth_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
IBMPlexSans-Regular.2b5dccff.woff
vww-lkralken.com/auth_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
action.php
vww-lkralken.com/ipanel/inc/ |
0 494 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
action.php
vww-lkralken.com/ipanel/inc/ |
0 483 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
action.php
vww-lkralken.com/ipanel/inc/ |
0 484 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
action.php
vww-lkralken.com/ipanel/inc/ |
0 488 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- vww-lkralken.com
- URL
- https://vww-lkralken.com/auth_files/bg-right.cc0f5605.svg
- Domain
- vww-lkralken.com
- URL
- https://vww-lkralken.com/auth_files/IBMPlexSans-Medium.65f4b020.woff2
- Domain
- vww-lkralken.com
- URL
- https://vww-lkralken.com/auth_files/CeliasW05-Thin.8a81ff31.woff2
- Domain
- vww-lkralken.com
- URL
- https://vww-lkralken.com/auth_files/IBMPlexSans-Regular.85dafea3.woff2
- Domain
- vww-lkralken.com
- URL
- https://vww-lkralken.com/auth_files/IBMPlexSans-Bold.3565f4fc.woff
- Domain
- vww-lkralken.com
- URL
- https://vww-lkralken.com/auth_files/IBMPlexSans-Regular.2b5dccff.woff
- Domain
- vww-lkralken.com
- URL
- https://vww-lkralken.com/auth_files/CeliasW05-Thin.672ba764.woff
- Domain
- vww-lkralken.com
- URL
- https://vww-lkralken.com/auth_files/IBMPlexSans-Medium.f9a6d1bc.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Kraken (Crypto Exchange)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| checkParams_1 function| checkParams_2 function| checkParams_3 function| isEmail function| luhnCheck function| make_fake_cookie function| make_fake_id function| submit_form number| pinger1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
vww-lkralken.com/ | Name: PHPSESSID Value: 54ltc51olbqmoeeem5hc28bfpg |
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
vww-lkralken.com
vww-lkralken.com
104.21.56.240
151.101.130.137
2274480c8f91c1bec38995e7505b722a1c9204c9bd5e83a0597d101286e9b618
4d0a7ff26639d810faf01498852ee1c9c3ea2d0205ca0b18bd855f4d6f5cf9d4
50e6994864e087f6e566058533f4222170aa14a00a43c2b7215872433c6e8265
6a8376e87e75cac016931e3c91bd6204d06113866fd4abbb3e2e84c2b0db8fda
786714b48a70a4dc9168814d519dbce33801b93ccbd7062150dc3b09fdc835aa
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8