floralhand.cfd
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Effective URL: https://floralhand.cfd/?s1=351432&s2=1142722716&s3=2275&s4=GIZA&ow=&s10=3595
Submission: On February 16 via api from BE — Scanned from DE
Summary
TLS certificate: Issued by E1 on February 13th 2024. Valid for: 3 months.
This is the only time floralhand.cfd was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Customer Survey Spam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2a00:1450:400... 2a00:1450:4001:81c::201b | 15169 (GOOGLE) (GOOGLE) | |
1 | 185.80.128.14 185.80.128.14 | 61053 (VPSNET-AS) (VPSNET-AS) | |
1 | 37.44.198.26 37.44.198.26 | 49392 (ASBAXETN) (ASBAXETN) | |
20 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
28 | 5 |
ASN15169 (GOOGLE, US)
storage.googleapis.com |
ASN61053 (VPSNET-AS, LT)
PTR: 185-80-128-14.BIZ.SPECTRUM.COM
185.80.128.14 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
floralhand.cfd
floralhand.cfd |
173 KB |
1 |
bundlestare.com
bundlestare.com |
436 B |
1 |
googleapis.com
storage.googleapis.com — Cisco Umbrella Rank: 398 |
713 B |
28 | 3 |
Domain | Requested by | |
---|---|---|
20 | floralhand.cfd |
bundlestare.com
floralhand.cfd |
1 | bundlestare.com |
185.80.128.14
|
1 | storage.googleapis.com | |
28 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
storage.googleapis.com GTS CA 1C3 |
2024-01-29 - 2024-04-22 |
3 months | crt.sh |
bundlestare.com R3 |
2024-01-25 - 2024-04-24 |
3 months | crt.sh |
floralhand.cfd E1 |
2024-02-13 - 2024-05-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://floralhand.cfd/?s1=351432&s2=1142722716&s3=2275&s4=GIZA&ow=&s10=3595
Frame ID: 2A08B1EF8C0250EB09FAECA0780DC894
Requests: 28 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://storage.googleapis.com/chekqsjd54s5/001jhdkjqsd.html Page URL
- http://185.80.128.14/t/4ArSzr46022VkrU417ijdyfyabyi205377ETYGNJETPEXCIPO6/7433d23 Page URL
- https://bundlestare.com/0/0/0/2f7c97bbe8b02c3cb02dc8c811fa77b4/23/417-46022/205377-6-7433 Page URL
- https://floralhand.cfd/?s1=351432&s2=1142722716&s3=2275&s4=GIZA&ow=&s10=3595 Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://storage.googleapis.com/chekqsjd54s5/001jhdkjqsd.html Page URL
- http://185.80.128.14/t/4ArSzr46022VkrU417ijdyfyabyi205377ETYGNJETPEXCIPO6/7433d23 Page URL
- https://bundlestare.com/0/0/0/2f7c97bbe8b02c3cb02dc8c811fa77b4/23/417-46022/205377-6-7433 Page URL
- https://floralhand.cfd/?s1=351432&s2=1142722716&s3=2275&s4=GIZA&ow=&s10=3595 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
001jhdkjqsd.html
storage.googleapis.com/chekqsjd54s5/ |
245 B 713 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
7433d23
185.80.128.14/t/4ArSzr46022VkrU417ijdyfyabyi205377ETYGNJETPEXCIPO6/ |
304 B 421 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
205377-6-7433
bundlestare.com/0/0/0/2f7c97bbe8b02c3cb02dc8c811fa77b4/23/417-46022/ |
139 B 436 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
floralhand.cfd/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4285adf7f480a157ef773f60ab0c8802
floralhand.cfd/ |
57 KB 19 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
floralhand.cfd/assets/js/vendor/bootstrap/css/ |
141 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
all.css
floralhand.cfd/assets/vendors/fontawesome/css/ |
72 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
common-hybrid.css
floralhand.cfd/assets/css/giza/dist/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
msg.v3.js
floralhand.cfd/inc/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
onlinesurvey-color.png
floralhand.cfd/uploads/archive/company/175/images/ |
41 KB 41 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
flag-de.png
floralhand.cfd/assets/images/flags/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
check.svg
floralhand.cfd/assets/images/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci19.jpg
floralhand.cfd/assets/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
vicon.png
floralhand.cfd/assets/images/ |
972 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci26.jpg
floralhand.cfd/assets/images/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci2.jpg
floralhand.cfd/assets/images/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci35.jpg
floralhand.cfd/assets/images/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci15.jpg
floralhand.cfd/assets/images/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci34.jpg
floralhand.cfd/assets/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci23.jpg
floralhand.cfd/assets/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci6.jpg
floralhand.cfd/assets/images/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
x.png
floralhand.cfd/assets/images/common/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
email-decode.min.js
floralhand.cfd/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery-3.4.1.min.js
floralhand.cfd/assets/js/vendor/ |
86 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
floralhand.cfd/assets/js/vendor/bootstrap/js/ |
48 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
functions.js
floralhand.cfd/assets/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
intl_functions.js
floralhand.cfd/assets/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
common-hybrid.js
floralhand.cfd/assets/js/giza/dist/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- floralhand.cfd
- URL
- https://floralhand.cfd/assets/css/giza/dist/common-hybrid.css?v=e1bbb575a71113ae8ce6b69b37327638
- Domain
- floralhand.cfd
- URL
- https://floralhand.cfd/inc/msg.v3.js?65ced0f020249
- Domain
- floralhand.cfd
- URL
- https://floralhand.cfd/assets/js/functions.js?v=e1bbb575a71113ae8ce6b69b37327638
- Domain
- floralhand.cfd
- URL
- https://floralhand.cfd/assets/js/intl_functions.js?v=e1bbb575a71113ae8ce6b69b37327638
- Domain
- floralhand.cfd
- URL
- https://floralhand.cfd/assets/js/giza/dist/common-hybrid.js?v=e1bbb575a71113ae8ce6b69b37327638
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Customer Survey Spam (Consumer)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| _0x4eba function| _0x3ccf2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bundlestare.com/ | Name: uid2275 Value: 1142722716-20240215220519-f746fb40609983a1036c2c49f8a42474-3646 |
|
floralhand.cfd/ | Name: PHPSESSID Value: a6f6429bda6324fb9a833c5e2c8917d2 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bundlestare.com
floralhand.cfd
storage.googleapis.com
floralhand.cfd
185.80.128.14
2a00:1450:4001:81c::201b
2a06:98c1:3121::3
37.44.198.26
1176f85a0b084f161dbe5192394ad58ce5efd6ccc529079e222f240db83bd4f4
11c1ca79b0c58eb32236c8cdfd0cb4465efb5d03744efdc53fa4418beccb626d
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2afec4b8ec5bcf8184f88649b4fae9e442750d3feadeddd6a7592c0f4b61af80
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
462beb0c8ecb2abb15685c31875f268d166313581df110401c2483fab24a46df
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
5665269840fa23faac662dba33673aab6d0f06fcf1edca2fea09f669ce6baaad
6659b4426a9dba95133c0e3b27b5d952d6cc1e574b88640a7e7bcec354d902c1
698d2bf9879c2232e5335285067a9162970b710d54697c05af4ce01d0ef7558e
73ddac2764ed89f2b4ae92679ce6aff110113f800fe188828d24383426ac3687
9f2dcc8d291e930f294c0b96fda36589f0b412848578c396b981e62ac9d4aca9
a65d3108b5413cdd23886814c2d0ae45a891faf9a8ce59417c69495919d9cdb6
b7d826bf62262fb8d66325774d1cefd98501ab9e70d614f2c140e5762edcea08
bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120
c86fc6524af3fab1567a1206ea20eca001d2b8eaa06b1fef573a7319f45c467c
e1d0e1ecf55bd3fed22fec6e1c49b61dee714d548dd31b42d6b693596f3bdf75
e76803c59c910dabc01ef803f9064c86bc4128de152874796a1f3947c4b25662
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
ec006ed8744a3d28521058de2dcf88a3b2b6675af4c094410bdc7026db636d23
f8ea74221ac765638936628340aaf91d78b40a82277de5a6c615b4c35a6f3b8b