updatefree-goldpass96.cf
Open in
urlscan Pro
65.52.121.135
Malicious Activity!
Public Scan
Submission: On September 24 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by R3 on September 24th 2021. Valid for: 3 months.
This is the only time updatefree-goldpass96.cf was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Gaming (Entertainment)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 65.52.121.135 65.52.121.135 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 | 142.250.185.170 142.250.185.170 | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.16.18.94 104.16.18.94 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 104.21.234.231 104.21.234.231 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
18 | 145.239.131.51 145.239.131.51 | 16276 (OVH) (OVH) | |
1 | 69.16.175.10 69.16.175.10 | 33438 (HIGHWINDS2) (HIGHWINDS2) | |
2 | 142.250.185.202 142.250.185.202 | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.250.184.195 142.250.184.195 | 15169 (GOOGLE) (GOOGLE) | |
29 | 8 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
updatefree-goldpass96.cf |
ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f10.1e100.net
ajax.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
ibb.co
i.ibb.co |
2 MB |
4 |
googleapis.com
fonts.googleapis.com ajax.googleapis.com |
114 KB |
3 |
githack.com
rawcdn.githack.com |
5 KB |
1 |
gstatic.com
fonts.gstatic.com |
17 KB |
1 |
jquery.com
code.jquery.com |
32 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
6 KB |
1 |
updatefree-goldpass96.cf
updatefree-goldpass96.cf |
2 KB |
29 | 7 |
Domain | Requested by | |
---|---|---|
18 | i.ibb.co |
updatefree-goldpass96.cf
rawcdn.githack.com |
3 | rawcdn.githack.com |
updatefree-goldpass96.cf
|
2 | ajax.googleapis.com |
updatefree-goldpass96.cf
|
2 | fonts.googleapis.com |
updatefree-goldpass96.cf
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | code.jquery.com |
updatefree-goldpass96.cf
|
1 | cdnjs.cloudflare.com |
updatefree-goldpass96.cf
|
1 | updatefree-goldpass96.cf | |
29 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
updatefree-goldpass96.cf R3 |
2021-09-24 - 2021-12-23 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-08-30 - 2021-11-22 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-21 - 2022-09-20 |
a year | crt.sh |
ibb.co R3 |
2021-08-06 - 2021-11-04 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-08-30 - 2021-11-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://updatefree-goldpass96.cf/
Frame ID: A9ACFFD79021D1168068EA8114DFF2DE
Requests: 29 HTTP requests in this frame
Screenshot
Page Title
Free Magic Item COCDetected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
- /([\d.]+)/jquery(?:\.min)?\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
updatefree-goldpass96.cf/ |
9 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
1 KB 499 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
30 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cocstyleawal.css
rawcdn.githack.com/AlexHostX/all.asset/b4afc299d049078286499d94ee0a33c54e4222cb/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jancuk.png
i.ibb.co/jH2mMXK/ |
104 KB 105 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Power-Potion.png
i.ibb.co/61Nc7z9/ |
61 KB 61 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
11.jpg
i.ibb.co/f9s4njP/ |
29 KB 30 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Bauarbeitertrank.png
i.ibb.co/XSqNL6D/ |
60 KB 60 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Rune-of-Dark-Elixir.png
i.ibb.co/54jD44B/ |
44 KB 44 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Rune-des-Golds.png
i.ibb.co/J2t60cs/ |
48 KB 48 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Rune-des-Elixiers.png
i.ibb.co/zfXLg4J/ |
45 KB 45 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Book-of-Heroes.png
i.ibb.co/7Nv7JDc/ |
51 KB 52 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Book-of-Everything.png
i.ibb.co/xD92Fvg/ |
52 KB 52 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Book-of-Fighting.png
i.ibb.co/KGSCLPk/ |
51 KB 51 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kandep.jpg
i.ibb.co/1bCXHbK/ |
40 KB 41 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Book-of-Building.png
i.ibb.co/LPTDJ7g/ |
53 KB 53 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hdefault.jpg
i.ibb.co/6Zw7vH3/ |
41 KB 41 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Hammer-of-Heroes.png
i.ibb.co/583nRgZ/ |
22 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Hammer-of-Spells.png
i.ibb.co/5RJhb4t/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Hammer-of-Building.png
i.ibb.co/Wx8VXsm/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Hammer-of-Fighting.png
i.ibb.co/6gQ3ZQj/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.10.2.min.js
code.jquery.com/ |
91 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ |
82 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.1.3/ |
82 KB 83 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
input-exception.js
rawcdn.githack.com/AlexHostX/protect/aaa1462a19b8d8b6cbd68101a5ac89f4955b49de/ |
9 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
watermark.css
rawcdn.githack.com/AlexHostX/protect/a64076479559076b6e31356a0fb6188d291204ce/ |
105 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7de34544078f087a5830529f5840d446.png
i.ibb.co/SX1t0Zk/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
N0bU2SZBIuF2PU_0DXR1.woff2
fonts.gstatic.com/s/bungee/v6/ |
17 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Gaming (Entertainment)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| startTimer function| $ function| jQuery function| openapp function| openlogAlex object| _0x768a1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.githack.com/ | Name: __cf_bm Value: 576f100a7a356748d98fc02fa12f40d84bb90080-1632475395-0-AZBezUDK7P9kpVWEwR6eE62wUJNlID6xzqO/MFUB2z6h+t30t6I6fMiLH2HFHOa1zwVruiCPLOGJZEB/orAwNn4= |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
i.ibb.co
rawcdn.githack.com
updatefree-goldpass96.cf
104.16.18.94
104.21.234.231
142.250.184.195
142.250.185.170
142.250.185.202
145.239.131.51
65.52.121.135
69.16.175.10
03845ae6fc5097c5f107ffc206c3fe329a962d045b23151188b6dab3ef4fbcc5
0a1c42b73776cb2779231611a86a99ec964a028c8a867644e59aeeeac36c951d
0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
184a0637f98385c7d079471dd6f30a78c8b884c0ccd58e9228f90f8f09c86588
26356502390d4d1335a758cc86fbfd153c802db68a4fd7aca76e0b792ceeb2b9
493bfa752053fc32ae2c54da10eab8a15be434a39fe3babfd05ae9b1893ac613
61b218e6afb299850d57a9e48754d42c42a25e6bc32e83148c7977bd336a55b5
739f7171f9ed54bba17acdf36eec56fd0157f1e3f9af4b7142f6803fc59ec032
762f4a20bf6bedf2eaad0612b705ffb0f2f8a89fd804db3af5d74bf9b81db9c7
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3
8b504f9aa69830f2566d20dbfcfd1bcb370c6711239ae523517bfd15ac627273
96df2f4735650bfe911e983781783284646ff7cc8109e0dfeb6de8056f1a7654
a52f3fe5bbfd5c25027ebdf72c6dc5d8d386e1d11dfb76d8179913f8ce94d05e
adcb646051faaa43d169f87eaf7cdf22949393a86a245a656478e7325a96c0bd
b00176dbbd9e4c77629b36fae58d076c8c3b55754e7c2dd3a6e4986e7ec9c37b
ba87e555c22504946dc83a4a9607270b8503089098357b1bfc11e8e682ccd367
c16db12ff0ad066481a8444f7fcda567670d6d27ed81cedd4f16753449321838
c875073b893560583a8c13398109ceb11867a04f513b0ded220d46eda0e4ef8f
cca1931e3ce153ca846461925dd9b704ef70d93fd32ff53cdce7a686f502b9e3
d248409f6d82bb164266582b1c1dd2d59aa376983828c4eda08babab8a391353
da775e993432e2b2365bed7ceceeaec670f69a0a1b19921099ddec80a5ae9ac8
e07ae0ed44bf2f9db136bbf49c1d7efacf3e3de7aeb968e4175f6f62ed18b471
e07d434e9e72570e5093991fa88e95bb9414098792faa882191be8bf4bc8a3fa
f368878b120d0892775d704fc278b94f9c188abae04f0f5ce6df8801c853459e
fa6fd6c790bc4c817e89453b4973507db0a422c30c129355f216b0f92a768b05
faa79636dd743710c2c4bdb193337e8c24d6ec277341355f29d1dae553f7581b
ff9ac16eca9949722d8266504e20208f0f7827cf422fda7b675070b8511d3977