lcloudlost.info
Open in
urlscan Pro
104.131.75.47
Malicious Activity!
Public Scan
Effective URL: https://lcloudlost.info/F1ndV50/?SbySkuN25unKIvwZdD04nNS51J7YESMnOmuwqRwgluh3xPp78NArIHEt3FutGpUm5T8HzHvGs87ww5BtF5uBsVP...
Submission: On April 10 via manual from CO — Scanned from DE
Summary
TLS certificate: Issued by R3 on April 5th 2024. Valid for: 3 months.
This is the only time lcloudlost.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Apple (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 11 | 104.131.75.47 104.131.75.47 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
2 | 2606:4700::68... 2606:4700::6810:5514 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
3 | 2606:4700:303... 2606:4700:3031::ac43:8d19 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:810::200a | 15169 (GOOGLE) (GOOGLE) | |
16 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
lcloudlost.info
2 redirects
lcloudlost.info |
1 MB |
3 |
blogueroinformatico.net
blogueroinformatico.net |
40 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 454 |
48 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 746 |
31 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 1217 |
88 KB |
16 | 5 |
Domain | Requested by | |
---|---|---|
11 | lcloudlost.info |
2 redirects
lcloudlost.info
|
3 | blogueroinformatico.net |
lcloudlost.info
|
2 | cdn.jsdelivr.net |
lcloudlost.info
|
1 | ajax.googleapis.com |
lcloudlost.info
|
1 | code.jquery.com |
lcloudlost.info
|
16 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
apple.com |
www.apple.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
lcloudlost.info R3 |
2024-04-05 - 2024-07-04 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-02 - 2024-05-01 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
blogueroinformatico.net GTS CA 1P5 |
2024-04-03 - 2024-07-02 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-03-04 - 2024-05-27 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://lcloudlost.info/F1ndV50/?SbySkuN25unKIvwZdD04nNS51J7YESMnOmuwqRwgluh3xPp78NArIHEt3FutGpUm5T8HzHvGs87ww5BtF5uBsVPMHs35WLQtV5nHS8HfrHtEy46G556QRNTWql2XEggfI4kQcrNJYvwwLjZGuOzPJD0Hny2DnyySIMGfYjXshj
Frame ID: 485CAA90349A3A74A41D32C5E5936EA3
Requests: 10 HTTP requests in this frame
Frame:
https://lcloudlost.info/F1ndV50/signin.php
Frame ID: 0EF733DF8A06BF27216993AEEF0D514F
Requests: 6 HTTP requests in this frame
Screenshot
Page Title
iCloudPage URL History Show full URLs
-
https://lcloudlost.info/TtMOG/
HTTP 302
https://lcloudlost.info/?i=TtMOG HTTP 302
https://lcloudlost.info/F1ndV50/?SbySkuN25unKIvwZdD04nNS51J7YESMnOmuwqRwgluh3xPp78NArIHEt3FutGpUm5T8... Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: apple.com/la/icloud/.
Search URL Search Domain Scan URL
Title: Estado del sistema
Search URL Search Domain Scan URL
Title: Política de privacidad
Search URL Search Domain Scan URL
Title: Términos y condiciones
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://lcloudlost.info/TtMOG/
HTTP 302
https://lcloudlost.info/?i=TtMOG HTTP 302
https://lcloudlost.info/F1ndV50/?SbySkuN25unKIvwZdD04nNS51J7YESMnOmuwqRwgluh3xPp78NArIHEt3FutGpUm5T8HzHvGs87ww5BtF5uBsVPMHs35WLQtV5nHS8HfrHtEy46G556QRNTWql2XEggfI4kQcrNJYvwwLjZGuOzPJD0Hny2DnyySIMGfYjXshj Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
lcloudlost.info/F1ndV50/ Redirect Chain
|
22 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/ |
152 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/ |
77 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
e6ffc52737977fe1700d423a10874d0b.png
lcloudlost.info/F1ndV50/css/ |
693 KB 693 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cb89b6112cb1d8e18fac821612c25717.png
lcloudlost.info/F1ndV50/css/ |
485 KB 485 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.1.min.js
code.jquery.com/ |
88 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
signin.php
lcloudlost.info/F1ndV50/ Frame 0EF7 |
15 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cl0ud.mp4
blogueroinformatico.net/ |
34 KB 0 |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fonts.css
lcloudlost.info/F1ndV50/css/ Frame 0EF7 |
15 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
lcloudlost.info/F1ndV50/css/ Frame 0EF7 |
413 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ Frame 0EF7 |
86 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
duolci.svg
lcloudlost.info/F1ndV50/css/ Frame 0EF7 |
8 KB 8 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spinner_48.gif
lcloudlost.info/F1ndV50/css/ Frame 0EF7 |
7 KB 7 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cl0ud.mp4
blogueroinformatico.net/ |
39 KB 40 KB |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cl0ud.mp4
blogueroinformatico.net/ |
583 KB 0 |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.png
lcloudlost.info/F1ndV50/css/ |
22 KB 22 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Apple (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 number| uidEvent object| bootstrap function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
lcloudlost.info/ | Name: PHPSESSID Value: d5vvefe8m8jo80ocnav8bpen9q |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
blogueroinformatico.net
cdn.jsdelivr.net
code.jquery.com
lcloudlost.info
104.131.75.47
2606:4700:3031::ac43:8d19
2606:4700::6810:5514
2a00:1450:4001:810::200a
2a04:4e42:200::649
086dd7b6d7fb45af3ae12d74cc1e4aa428b4c2ee50139ecc4b4b9332f49d7da6
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
117ba62d60debd6ffbce0f7b2ed1e398b0244c328f9aa750e62d95d178bfce3d
18529f9e13168093bb39a1bfa0867064ae88cbbd432bb93fafa9e8ecf62331c0
276618038f0474681826eed2cd12fae281387deaba057cee6dea869ecb8d292f
28962d8c7a7cfd6c741f77603155adcfc71da4274633532df8a7c3b9033918c4
2ee7ca9b189df54d7ccdd064d75d0143a8229bae9bdb69f37105e59f433c0a8b
4a9fb0fd16eac0ad2760cacc32c64e738ed59f8573577173e9ab6144e5767494
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b
7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
b317f2c8bde39168e0a5ff018a40239b08f4e7a6678851f3a24d20f6b2f3845a
becbfdccd72c8da262a64976a547be0e6505c615b9e024d1df9a16a251ff8099
c327fca443e0f5b180f56179bed43d1ec7bc52774bbb52a77958d7b933623a71