vwv1.contaacessalive.com Open in urlscan Pro
172.67.150.254  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response vwv1.contaacessalive.com/	1 KB 1 KB	572ms 54ms	Document text/html	172.67.150.254 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vwv1.contaacessalive.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.150.254 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e7011183ebc724b941f5f5404b4ff349d70ebb120d092ef5898be35e1541922c Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 accept-language de-DE,de;q=0.9 Response headers access-control-allow-origin * alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 80258a164baf4d32-FRA content-encoding br content-type text/html; charset=utf-8 date Wed, 06 Sep 2023 09:03:32 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xz5K8qvKURYVStotdN64jtQhedK2bm%2FyISDYstkMYeig84yLI8SLUaUUKgOR52x9Bn%2BNK1HpVm7GnNHc6Fd0LlHZYvAIhEjlM6qwlac%2BcOd2NcIq66hCnG87yXW0QPp8pG7ThLKZeQ%2BnDwQ%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	chunk-vendors.7220d676.js Show response vwv1.contaacessalive.com/js/	205 KB 73 KB	328ms 327ms	Script application/javascript	172.67.150.254 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vwv1.contaacessalive.com/js/chunk-vendors.7220d676.js Requested by Host: vwv1.contaacessalive.com URL: https://vwv1.contaacessalive.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.150.254 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7ebeb4df8e4f1165de6d513656d89c4e530faa130b3647453db85248b28cdfaa Request headers accept-language de-DE,de;q=0.9 Referer https://vwv1.contaacessalive.com/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Wed, 06 Sep 2023 09:03:33 GMT content-encoding br cf-cache-status BYPASS last-modified Sun, 03 Sep 2023 17:30:53 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yh1%2FuNpusMxBWgCnJLHgRlyYWRZREQkB4i3b6Xdl5IIMmph7Xm0%2FhLGe%2BbCoB7rfd42BiCCBBOm%2BraLtoMIEZD4wkZVwJBujVAk%2FJC9oE1gLYM%2BRZDLOBruSJi5PjmVzKFDESbqYEXHgalw%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control no-cache content-disposition inline; filename=chunk-vendors.7220d676.js cf-ray 80258a16ac0b4d32-FRA alt-svc h3=":443"; ma=86400
GET H2	200	app.eef53e4a.js Show response vwv1.contaacessalive.com/js/	40 KB 15 KB	110ms 109ms	Script application/javascript	172.67.150.254 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vwv1.contaacessalive.com/js/app.eef53e4a.js Requested by Host: vwv1.contaacessalive.com URL: https://vwv1.contaacessalive.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.150.254 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 14ec2dec5f86968f4b11b444c62470ac3c2101b32dfb9544d5519114e39d63cb Request headers accept-language de-DE,de;q=0.9 Referer https://vwv1.contaacessalive.com/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Wed, 06 Sep 2023 09:03:33 GMT content-encoding br cf-cache-status BYPASS last-modified Sun, 03 Sep 2023 17:30:52 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BOBL9HANLpxWR%2BqlcoGHCa7r0iEI8alXc00xdk0%2Bs0Lf4y4xEMXFRwzBU8Nixk3WA8F8guZvkH113GkkizvtVzly1%2BbwrNDx2tZxS2TFk%2FFpi9WHGj6XRdUnfiJDkTiT24xN7rkoRKsKW1Q%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control no-cache content-disposition inline; filename=app.eef53e4a.js cf-ray 80258a16ac0e4d32-FRA alt-svc h3=":443"; ma=86400
GET H2	200	app.ad195b73.css vwv1.contaacessalive.com/css/	60 KB 7 KB	518ms 518ms	Stylesheet text/css	172.67.150.254 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://vwv1.contaacessalive.com/css/app.ad195b73.css Requested by Host: vwv1.contaacessalive.com URL: https://vwv1.contaacessalive.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.150.254 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f31278e638cd2fcb8bedc545a1595b6016ad0eb2d385d47c232b5b8acdf069f1 Request headers accept-language de-DE,de;q=0.9 Referer https://vwv1.contaacessalive.com/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Wed, 06 Sep 2023 09:03:33 GMT content-encoding br cf-cache-status BYPASS last-modified Sun, 03 Sep 2023 17:30:46 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J5TRr1yx5alh%2B1z92TfS8GxH4S5myP1lccA5fxtX2Oz0Ia6HMXvDadiIZmTfEr4zdhwKLJ85%2BqGe%2Bc3VRZjxLV9lNsBWbBtrei%2FLLg10XXLFp6prLkUK2v5cDJcRfvxhRGN%2FfbV%2BwMFjMtw%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * cache-control no-cache content-disposition inline; filename=app.ad195b73.css cf-ray 80258a16ac0d4d32-FRA alt-svc h3=":443"; ma=86400
GET H3	200	logo-livelo.2c7a4267.svg vwv1.contaacessalive.com/img/	5 KB 3 KB	49ms 49ms	Image image/svg+xml	2606:4700:3030::ac43:96fe CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://vwv1.contaacessalive.com/img/logo-livelo.2c7a4267.svg Requested by Host: vwv1.contaacessalive.com URL: https://vwv1.contaacessalive.com/css/app.ad195b73.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:96fe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a93839a2c1e9457a6a66474a128ae6221798e5fec089c172e8160b592584dd93 Request headers accept-language de-DE,de;q=0.9 Referer https://vwv1.contaacessalive.com/css/app.ad195b73.css User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Wed, 06 Sep 2023 09:03:33 GMT content-encoding br cf-cache-status BYPASS last-modified Sun, 03 Sep 2023 17:30:48 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FUCX4loQR1JgEelkZpM16MQxcC6fo1D%2Boz17N8RVCtmQ9wWtyBS8WJSHqqudYbWeHC9b5hrauFKIVSOMZaXwsBX1lUu6wZgLkhM1zlfzyi5%2FHs98TEoK4FtRtJyDc9%2BaVy3gtEOasL6W3b0tks0EsHaQSnYY65w%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml; charset=utf-8 access-control-allow-origin * cache-control no-cache content-disposition inline; filename=logo-livelo.2c7a4267.svg cf-ray 80258a1a3d399136-FRA alt-svc h3=":443"; ma=86400
GET H2	200	vEF72_JTCgwQ5ejvMV0Ox_Kg1UwJ0tKfX4zNpD8E4ASzH1r9gTuoyjkm.woff2 fonts.gstatic.com/s/signika/v25/	23 KB 24 KB	35ms 9ms	Font font/woff2	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/signika/v25/vEF72_JTCgwQ5ejvMV0Ox_Kg1UwJ0tKfX4zNpD8E4ASzH1r9gTuoyjkm.woff2 Requested by Host: vwv1.contaacessalive.com URL: https://vwv1.contaacessalive.com/css/app.ad195b73.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 72dc37dd92ac41a904175b927273429d71ca73c3294a8c30e7de96f364495c25 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://vwv1.contaacessalive.com/ Origin https://vwv1.contaacessalive.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 01 Sep 2023 07:27:02 GMT x-content-type-options nosniff age 437793 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 23756 x-xss-protection 0 last-modified Thu, 20 Jul 2023 20:47:07 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 31 Aug 2024 07:27:02 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Livelo (E-commerce)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture string| MSGEND string| MSGINI string| SERVER_URL object| webpackChunkbitmart boolean| __INTLIFY_PROD_DEVTOOLS__ boolean| __VUE_I18N_FULL_INSTALL__ boolean| __VUE_I18N_LEGACY_API__ boolean| __VUE__

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			vwv1.contaacessalive.com/	1970-01-20 15:17:49	Name: session Value: d235cb1c-6141-4b31-8b7e-512a056b8a6b

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.gstatic.com
vwv1.contaacessalive.com
172.67.150.254
2606:4700:3030::ac43:96fe
2a00:1450:4001:828::2003
14ec2dec5f86968f4b11b444c62470ac3c2101b32dfb9544d5519114e39d63cb
72dc37dd92ac41a904175b927273429d71ca73c3294a8c30e7de96f364495c25
7ebeb4df8e4f1165de6d513656d89c4e530faa130b3647453db85248b28cdfaa
a93839a2c1e9457a6a66474a128ae6221798e5fec089c172e8160b592584dd93
e7011183ebc724b941f5f5404b4ff349d70ebb120d092ef5898be35e1541922c
f31278e638cd2fcb8bedc545a1595b6016ad0eb2d385d47c232b5b8acdf069f1