kratofield.xyz Open in urlscan Pro
2606:4700:3037::6812:3d3b  Malicious Activity! Public Scan

URL: http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
Submission: On August 07 via automatic, source openphish

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 12 HTTP transactions. The main IP is 2606:4700:3037::6812:3d3b, located in United States and belongs to CLOUDFLARENET, US. The main domain is kratofield.xyz.
This is the only time kratofield.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Alibaba (Online)

Domain & IP information

IP Address AS Autonomous System
10 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
12 3
Apex Domain
Subdomains
Transfer
10 kratofield.xyz
kratofield.xyz
214 KB
1 jquery.com
code.jquery.com
33 KB
1 cloudflare.com
cdnjs.cloudflare.com
7 KB
12 3
Domain Requested by
10 kratofield.xyz kratofield.xyz
code.jquery.com
1 code.jquery.com kratofield.xyz
1 cdnjs.cloudflare.com kratofield.xyz
12 3
Subject Issuer Validity Valid
cloudflare.com
Cloudflare Inc ECC CA-3
2020-07-04 -
2021-07-04
a year crt.sh
jquery.org
COMODO RSA Domain Validation Secure Server CA
2018-10-17 -
2020-10-16
2 years crt.sh

This page contains 1 frames:

Primary Page: http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
Frame ID: D11CCC9F545DEE260F843A1C196AA193
Requests: 12 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

12
Requests

17 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

253 kB
Transfer

344 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set sojiaxxlibaxba.php
kratofield.xyz/cgalk/
15 KB
5 KB
Document
General
Full URL
http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
Protocol
HTTP/1.1
Server
2606:4700:3037::6812:3d3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7fea485981323111b0c315325f62373ef31c5f6e5a719d6573cf969b9662eced

Request headers

Host
kratofield.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 01:15:46 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=dd0298f83381d91a69116fbd3afd4c4021596762946; expires=Sun, 06-Sep-20 01:15:46 GMT; path=/; domain=.kratofield.xyz; HttpOnly; SameSite=Lax PHPSESSID=c92e7d041223d97c2d31ecfa8b54c3db; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
CF-Cache-Status
DYNAMIC
cf-request-id
04681614c60000bf28a726d200000001
Server
cloudflare
CF-RAY
5bed26013db9bf28-FRA
Content-Encoding
gzip
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/
30 KB
7 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: kratofield.xyz
URL: http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:84e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 01:15:46 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
2431040
status
200
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
04681614f60000c27cc0a20200000001
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:19:12 GMT
server
cloudflare
etag
W/"5afd4910-7918"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
text/css
access-control-allow-origin
*
expires
Wed, 28 Jul 2021 01:15:46 GMT
cache-control
public, max-age=30672000
cf-ray
5bed26018b78c27c-FRA
served-in-seconds
0.001
jquery-latest.min.js
code.jquery.com/
94 KB
33 KB
Script
General
Full URL
https://code.jquery.com/jquery-latest.min.js
Requested by
Host: kratofield.xyz
URL: http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer
http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 07 Aug 2020 01:15:46 GMT
content-encoding
gzip
last-modified
Fri, 24 Oct 2014 00:16:08 GMT
server
nginx
status
200
etag
"54499a48-1762a"
vary
Accept-Encoding
x-hw
1596762946.dop220.fr8.t,1596762946.cds221.fr8.hc,1596762946.cds280.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=86400, public
accept-ranges
bytes
content-length
33202
h2.png
kratofield.xyz/cgalk/images/
922 B
1 KB
Image
General
Full URL
http://kratofield.xyz/cgalk/images/h2.png
Requested by
Host: kratofield.xyz
URL: http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
Protocol
HTTP/1.1
Server
2606:4700:3037::6812:3d3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54c119b4c344d9282f9e872da1bf144f306923eacf760179dace606870a77d8f

Request headers

Referer
http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 01:15:46 GMT
CF-Cache-Status
HIT
Last-Modified
Tue, 21 Jul 2020 06:28:48 GMT
Server
cloudflare
Age
2476
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
5bed2601addebf28-FRA
Content-Length
922
cf-request-id
04681615070000bf28a726e200000001
s_fb.JPG
kratofield.xyz/cgalk/images/
8 KB
9 KB
Image
General
Full URL
http://kratofield.xyz/cgalk/images/s_fb.JPG
Requested by
Host: kratofield.xyz
URL: http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
Protocol
HTTP/1.1
Server
2606:4700:3037::6812:3d3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2159c0d38dc91ac239e6c05824516816d61a1c19108171275702ee8ca5b610b2

Request headers

Referer
http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 01:15:46 GMT
CF-Cache-Status
HIT
Last-Modified
Fri, 23 Aug 2019 12:06:16 GMT
Server
cloudflare
Age
2476
Vary
Accept-Encoding
Content-Type
image/jpeg
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
5bed2601bde4bf28-FRA
Content-Length
8377
cf-request-id
04681615150000bf28a726f200000001
s_goog.JPG
kratofield.xyz/cgalk/images/
8 KB
8 KB
Image
General
Full URL
http://kratofield.xyz/cgalk/images/s_goog.JPG
Requested by
Host: kratofield.xyz
URL: http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
Protocol
HTTP/1.1
Server
2606:4700:3037::6812:3d3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b751ce774c22560266aba18930f87aaa8418641779f7ac91de9575a165c57c7d

Request headers

Referer
http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 01:15:46 GMT
CF-Cache-Status
HIT
Last-Modified
Fri, 23 Aug 2019 12:06:52 GMT
Server
cloudflare
Age
2476
Vary
Accept-Encoding
Content-Type
image/jpeg
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
5bed2601cb7d97fc-FRA
Content-Length
8193
cf-request-id
046816151c000097fcd2363200000001
s_linkedin.JPG
kratofield.xyz/cgalk/images/
8 KB
9 KB
Image
General
Full URL
http://kratofield.xyz/cgalk/images/s_linkedin.JPG
Requested by
Host: kratofield.xyz
URL: http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
Protocol
HTTP/1.1
Server
2606:4700:3037::6812:3d3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
771c14f4ed00b4c7915876619d992abb4256c577715d74e796b562feba1218ac

Request headers

Referer
http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 01:15:46 GMT
CF-Cache-Status
HIT
Last-Modified
Fri, 23 Aug 2019 12:07:26 GMT
Server
cloudflare
Age
2476
Vary
Accept-Encoding
Content-Type
image/jpeg
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
5bed2601ddefbf28-FRA
Content-Length
8434
cf-request-id
04681615250000bf28a7271200000001
s_twitter.JPG
kratofield.xyz/cgalk/images/
8 KB
9 KB
Image
General
Full URL
http://kratofield.xyz/cgalk/images/s_twitter.JPG
Requested by
Host: kratofield.xyz
URL: http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
Protocol
HTTP/1.1
Server
2606:4700:3037::6812:3d3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2421cca69708a81b1a2243d80d06ff09b5be7c0261e380631e09176621087c8d

Request headers

Referer
http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 01:15:46 GMT
CF-Cache-Status
HIT
Last-Modified
Fri, 23 Aug 2019 12:07:56 GMT
Server
cloudflare
Age
2476
Vary
Accept-Encoding
Content-Type
image/jpeg
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
5bed2601db3464bb-FRA
Content-Length
8463
cf-request-id
046816152b000064bbb8036200000001
hh.webp
kratofield.xyz/cgalk/images/
40 KB
40 KB
Image
General
Full URL
http://kratofield.xyz/cgalk/images/hh.webp
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-latest.min.js
Protocol
HTTP/1.1
Server
2606:4700:3037::6812:3d3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ec25d12dd95dd3b46f93e42887c3e34367a797d396e316edd7ac6bf1588eae5

Request headers

Referer
http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 01:15:46 GMT
CF-Cache-Status
HIT
Last-Modified
Tue, 21 Jul 2020 06:27:28 GMT
Server
cloudflare
Age
2476
Vary
Accept-Encoding
Content-Type
image/webp
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
5bed2601eb8997fc-FRA
Content-Length
40942
cf-request-id
046816152e000097fcd2364200000001
banner.webp
kratofield.xyz/cgalk/images/
115 KB
115 KB
Image
General
Full URL
http://kratofield.xyz/cgalk/images/banner.webp
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-latest.min.js
Protocol
HTTP/1.1
Server
2606:4700:3037::6812:3d3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7efda8bdca73527869ae8dd72fd43b821d5b132623a8a35df028e6e2a7060200

Request headers

Referer
http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 01:15:46 GMT
CF-Cache-Status
HIT
Last-Modified
Tue, 21 Jul 2020 09:44:38 GMT
Server
cloudflare
Age
2476
Vary
Accept-Encoding
Content-Type
image/webp
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
5bed2601e962bed8-FRA
Content-Length
117836
cf-request-id
046816152e0000bed8a49bf200000001
hhh.png
kratofield.xyz/cgalk/images/
17 KB
17 KB
Image
General
Full URL
http://kratofield.xyz/cgalk/images/hhh.png
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-latest.min.js
Protocol
HTTP/1.1
Server
2606:4700:3037::6812:3d3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
975b35cd2d1623ac56b9d89154cb15dfa0ced081d18ae0999c13058f9c24788b

Request headers

Referer
http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 07 Aug 2020 01:15:46 GMT
CF-Cache-Status
HIT
Last-Modified
Tue, 21 Jul 2020 09:36:14 GMT
Server
cloudflare
Age
2476
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
5bed2601e87a96f8-FRA
Content-Length
17432
cf-request-id
046816152e000096f843113200000001
sf-ui-text-light-5864714f67240.woff
kratofield.xyz/cgalk/webfonts/sfuitext/
0
0
Font
General
Full URL
http://kratofield.xyz/cgalk/webfonts/sfuitext/sf-ui-text-light-5864714f67240.woff
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-latest.min.js
Protocol
HTTP/1.1
Server
2606:4700:3037::6812:3d3b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
Origin
http://kratofield.xyz

Response headers

Date
Fri, 07 Aug 2020 01:15:46 GMT
Content-Encoding
gzip
CF-Cache-Status
EXPIRED
Server
cloudflare
Vary
Accept-Encoding
Content-Type
text/html; charset=iso-8859-1
Cache-Control
max-age=14400
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
5bed2602088596f8-FRA
cf-request-id
0468161541000096f843114200000001

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Alibaba (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

2 Cookies

Domain/Path Name / Value
kratofield.xyz/ Name: PHPSESSID
Value: c92e7d041223d97c2d31ecfa8b54c3db
.kratofield.xyz/ Name: __cfduid
Value: dd0298f83381d91a69116fbd3afd4c4021596762946