candan.friecheyi.lat
Open in
urlscan Pro
188.114.97.3
Malicious Activity!
Public Scan
Effective URL: https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Submission: On October 04 via manual from FR — Scanned from FR
Summary
TLS certificate: Issued by WE1 on September 16th 2024. Valid for: 3 months.
This is the only time candan.friecheyi.lat was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 23.239.30.116 23.239.30.116 | 63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud) | |
1 | 193.25.219.34 193.25.219.34 | 8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL) | |
1 2 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 22 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:303... 2606:4700:3036::6815:1b98 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
24 | 4 |
ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 23-239-30-116.ip.linodeusercontent.com
ltgmyz.shalomautohits.com |
ASN13335 (CLOUDFLARENET, US)
playedlevel.click | |
trk-elevostra.com |
ASN13335 (CLOUDFLARENET, US)
candan.friecheyi.lat | |
event.trk-elevostra.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
friecheyi.lat
1 redirects
candan.friecheyi.lat |
154 KB |
4 |
trk-elevostra.com
trk-elevostra.com — Cisco Umbrella Rank: 437114 event.trk-elevostra.com — Cisco Umbrella Rank: 451075 |
3 KB |
1 |
fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1222 |
426 KB |
1 |
playedlevel.click
1 redirects
playedlevel.click |
693 B |
1 |
antrolander.com
antrolander.com |
421 B |
1 |
shalomautohits.com
1 redirects
ltgmyz.shalomautohits.com |
371 B |
24 | 6 |
Domain | Requested by | |
---|---|---|
19 | candan.friecheyi.lat |
1 redirects
antrolander.com
candan.friecheyi.lat |
3 | event.trk-elevostra.com |
trk-elevostra.com
|
1 | trk-elevostra.com |
candan.friecheyi.lat
|
1 | use.fontawesome.com |
candan.friecheyi.lat
|
1 | playedlevel.click | 1 redirects |
1 | antrolander.com | |
1 | ltgmyz.shalomautohits.com | 1 redirects |
24 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
antrolander.com R10 |
2024-08-14 - 2024-11-12 |
3 months | crt.sh |
friecheyi.lat WE1 |
2024-09-16 - 2024-12-15 |
3 months | crt.sh |
use.fontawesome.com WE1 |
2024-09-09 - 2024-12-09 |
3 months | crt.sh |
trk-elevostra.com WE1 |
2024-08-11 - 2024-11-09 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Frame ID: 7A6D08824AB1968E1B81610ECAB4FB6E
Requests: 21 HTTP requests in this frame
Frame:
https://candan.friecheyi.lat/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js
Frame ID: 7629CBC15386DD56F7F1E7C33272525C
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
[1] Récompense en attente - AXA - Nous voulons votre avis!Page URL History Show full URLs
-
http://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3...
HTTP 307
https://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3... HTTP 307
http://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3... HTTP 302
https://antrolander.com/0/0/0/a46a0f38b38ea86438917fd4085b0b2e/2/1218_66655/15315_1_2506727_md Page URL
-
https://playedlevel.click/?id=297&s1=350238&s2=1236734464&s3=7649&s4=4598&p=fr5yasweps3a
HTTP 302
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1 Page URL
Detected technologies
animate.css (Web Frameworks) ExpandDetected patterns
- <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3NzlUd29aeTBOLzRwTVJCdS9pSWtHcnlPUUxlZ096WEFmb1VIU1doZzM3WldyMUUxWHJBRFhJMk05TE1xNTMxVzBPbVM5a0xPQVRPVzJEVlUya3RVblFYUmU0Q1NBPT0_
HTTP 307
https://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3NzlUd29aeTBOLzRwTVJCdS9pSWtHcnlPUUxlZ096WEFmb1VIU1doZzM3WldyMUUxWHJBRFhJMk05TE1xNTMxVzBPbVM5a0xPQVRPVzJEVlUya3RVblFYUmU0Q1NBPT0_ HTTP 307
http://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3NzlUd29aeTBOLzRwTVJCdS9pSWtHcnlPUUxlZ096WEFmb1VIU1doZzM3WldyMUUxWHJBRFhJMk05TE1xNTMxVzBPbVM5a0xPQVRPVzJEVlUya3RVblFYUmU0Q1NBPT0_ HTTP 302
https://antrolander.com/0/0/0/a46a0f38b38ea86438917fd4085b0b2e/2/1218_66655/15315_1_2506727_md Page URL
-
https://playedlevel.click/?id=297&s1=350238&s2=1236734464&s3=7649&s4=4598&p=fr5yasweps3a
HTTP 302
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3NzlUd29aeTBOLzRwTVJCdS9pSWtHcnlPUUxlZ096WEFmb1VIU1doZzM3WldyMUUxWHJBRFhJMk05TE1xNTMxVzBPbVM5a0xPQVRPVzJEVlUya3RVblFYUmU0Q1NBPT0_ HTTP 307
- https://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3NzlUd29aeTBOLzRwTVJCdS9pSWtHcnlPUUxlZ096WEFmb1VIU1doZzM3WldyMUUxWHJBRFhJMk05TE1xNTMxVzBPbVM5a0xPQVRPVzJEVlUya3RVblFYUmU0Q1NBPT0_ HTTP 307
- http://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3NzlUd29aeTBOLzRwTVJCdS9pSWtHcnlPUUxlZ096WEFmb1VIU1doZzM3WldyMUUxWHJBRFhJMk05TE1xNTMxVzBPbVM5a0xPQVRPVzJEVlUya3RVblFYUmU0Q1NBPT0_ HTTP 302
- https://antrolander.com/0/0/0/a46a0f38b38ea86438917fd4085b0b2e/2/1218_66655/15315_1_2506727_md
- https://candan.friecheyi.lat/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://candan.friecheyi.lat/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
15315_1_2506727_md
antrolander.com/0/0/0/a46a0f38b38ea86438917fd4085b0b2e/2/1218_66655/ Redirect Chain
|
151 B 421 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
oayvb
candan.friecheyi.lat/zifs/lcuk/josn/ Redirect Chain
|
31 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
speculation
candan.friecheyi.lat/cdn-cgi/ |
128 B 557 B |
Other
application/speculationrules+json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.min.css
candan.friecheyi.lat/master/us217/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
animate.min.css
candan.friecheyi.lat/master/us217/ |
70 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
_modal.css
candan.friecheyi.lat/master/terms/css/ |
856 B 766 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.js
use.fontawesome.com/releases/v5.15.4/js/ |
1 MB 426 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
frdatehead.js
candan.friecheyi.lat/master/us217/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
msg.js
candan.friecheyi.lat/inc/ |
943 B 895 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
frscript.js
candan.friecheyi.lat/master/us217/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
_modal.js
candan.friecheyi.lat/master/terms/js/ |
1 KB 899 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
v9e118mez8
trk-elevostra.com/scripts/push/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bg.jpg
candan.friecheyi.lat/master/us217/ |
20 KB 20 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
candan.friecheyi.lat/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/ Frame 7629 Redirect Chain
|
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
54bb1eb68af08a823c66eddb38a37760.png
candan.friecheyi.lat/master/us217/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cbc99b1cf6f260aed84224cda0fba8c7.png
candan.friecheyi.lat/master/fr34/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
product.png
candan.friecheyi.lat/master/us217/ |
68 KB 69 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f_guarantee.png
candan.friecheyi.lat/master/us217/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f_secure_1.png
candan.friecheyi.lat/master/us217/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
8cd362f62e13b89d
candan.friecheyi.lat/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 7629 |
0 904 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H3 |
v9e118mez8
event.trk-elevostra.com/register/event_log/ Frame |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
v9e118mez8
event.trk-elevostra.com/register/event_log/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
candan.friecheyi.lat/ |
0 489 B |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
v9e118mez8
event.trk-elevostra.com/register/event_log/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)45 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| datehax function| datenhax function| datenhay function| startTimer function| change object| MYCALL string| s1 string| s2 string| esource string| pshpub string| pshdomain object| answers number| lastQnum function| toNext object| states object| dones object| loadImg object| loadBgCol function| drawloader number| qn number| dsq object| modal object| modalContent object| termsText object| btn object| span function| urlBase64ToUint8Array function| pullUrlParams function| push_subscribe function| push_subscribe_promise function| setIfNull function| logPushEvent function| push_unsubscribe function| push_init function| setSessionId function| setUtm function| getSessionId function| getUrlVars function| getDomainName function| getStore function| setAttributes object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
antrolander.com/ | Name: uid7649 Value: 1236734464-20241004031626-4d574f90dff4c3d7c2cab2a007d9cb3f-4636 |
|
playedlevel.click/ | Name: PHPSESSID Value: 2ae83c8eee7a9330fa5918a3cd28caf5 |
|
candan.friecheyi.lat/ | Name: PHPSESSID Value: 47c4e48f86f51b1e0afca75f312ff0c0 |
|
.friecheyi.lat/ | Name: cf_clearance Value: 4QtG.9qwO4.P2cleslrVm9n5eisybJULRqB9pT4O7Dw-1728026188-1.2.1.1-wNCogOUhcv5TkKeWt33Q.4abIirb5vfonWIr6WKhx2r1lETfQXYKPvQVFwyB1lEt_RobcLSQiB2gYDdDGZQw_uRhae34sIA4rGsAcvtRCd9wV.2try7zeAhtHsRDo7EJ0BYv3k2JhA5cB8fuCAWZZKDa6eQmB_dslKRMGBouVK4HSj5OpWGe1lRYtoi.uSDqKoGArHIBEs1k6njnsLKFxS5wrWCuxBP9dtj.FuY2INCQBwHk49.ZXPDMsp9TakJlSbAi_xBqn535SOFfzayDu8ExnKmxeOJARvW8.qhP3PfgCvkw9nD.2AnANDGCv09giKL30G_j.Hqbg4bPwKS0edKLVg_mKcfcYKl_qUk0613vbUj7LLOxu2jwhCXKc5xv |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
antrolander.com
candan.friecheyi.lat
event.trk-elevostra.com
ltgmyz.shalomautohits.com
playedlevel.click
trk-elevostra.com
use.fontawesome.com
188.114.96.3
188.114.97.3
193.25.219.34
23.239.30.116
2606:4700:3036::6815:1b98
0023a8f8391b10006ee27598323de8d0e3d019755e8f7a16e88464b1aef00b39
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
12b139d7b9469623c8affe4fda4775d736def70b676916a6fbf6b51ae00d80af
19f7dd15af70121da291e6df75452886b47a5d0e074f2ed422be30e8ec5d9671
3233440ed3f4fda193b3e4e7ddee3fd65c6da9cb8b6e2ccba3854a3d6951a7ef
46d905535d1c01dce9ae142489d9b063640d239444eadf5e86ed2911764238c2
4895d0a0340799544cb23d4c6cb6289de3abaca6a41b1d28df80c7dd84c36a04
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
6aa03d0b206343c5c678b1cfb10f776563b345c7fc9e21fdfe7de35ac21df173
6caf13740d5c60ca2000ea3d29617163e6c72636984aaa0fa0721c24f758d6a8
7e4de6c3b6ae05268f9978693d92bbe4446b12a5ff6742cac043c1add3f8d76c
812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf
880bbc2874c289a5ae1c676116ac56a9bb7cb885467131fe8d2edcb90550f9ac
b3113ea4c069eb2490e183654582950843447528e0a9d0c5299ee5d40ffb32f3
bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b
c13143d30386f99ed1f568d31d682054bec5dd0b74be1d5d98ec27eb81cd670c
c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f28a85a0489527b0fdab6e9a3afa29d69436b0bfc39c8e92813e75043e131aaa
f92638fb57584976610b745de705d7c28cbeaebb5d80532c83e005d45633066a