kratofield.xyz
Open in
urlscan Pro
2606:4700:3037::6812:3d3b
Malicious Activity!
Public Scan
Submission: On August 07 via automatic, source openphish
Summary
This is the only time kratofield.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Alibaba (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 2606:4700:303... 2606:4700:3037::6812:3d3b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6810:84e5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:1a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
12 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
kratofield.xyz
kratofield.xyz |
214 KB |
1 |
jquery.com
code.jquery.com |
33 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
7 KB |
12 | 3 |
Domain | Requested by | |
---|---|---|
10 | kratofield.xyz |
kratofield.xyz
code.jquery.com |
1 | code.jquery.com |
kratofield.xyz
|
1 | cdnjs.cloudflare.com |
kratofield.xyz
|
12 | 3 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cloudflare.com Cloudflare Inc ECC CA-3 |
2020-07-04 - 2021-07-04 |
a year | crt.sh |
jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://kratofield.xyz/cgalk/sojiaxxlibaxba.php
Frame ID: D11CCC9F545DEE260F843A1C196AA193
Requests: 12 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /^cloudflare$/i
Page Statistics
42 Outgoing links
These are links going to different origins than the main page.
Title: International
Search URL Search Domain Scan URL
Title: Español
Search URL Search Domain Scan URL
Title: Português
Search URL Search Domain Scan URL
Title: Deutsch
Search URL Search Domain Scan URL
Title: Français
Search URL Search Domain Scan URL
Title: Italiano
Search URL Search Domain Scan URL
Title: हिंदी
Search URL Search Domain Scan URL
Title: Pусский
Search URL Search Domain Scan URL
Title: 한국어
Search URL Search Domain Scan URL
Title: 日本語
Search URL Search Domain Scan URL
Title: اللغة العربية
Search URL Search Domain Scan URL
Title: ภาษาไทย
Search URL Search Domain Scan URL
Title: Nederlands
Search URL Search Domain Scan URL
Title: tiếng Việt
Search URL Search Domain Scan URL
Title: Indonesian
Search URL Search Domain Scan URL
Title: עברית
Search URL Search Domain Scan URL
Title: Alibaba Group
Search URL Search Domain Scan URL
Title: Taobao Marketplace
Search URL Search Domain Scan URL
Title: Tmall.com
Search URL Search Domain Scan URL
Title: Juhuasuan
Search URL Search Domain Scan URL
Title: AliExpress
Search URL Search Domain Scan URL
Title: 1688.com
Search URL Search Domain Scan URL
Title: Alimama
Search URL Search Domain Scan URL
Title: Fliggy
Search URL Search Domain Scan URL
Title: Taobao Global
Search URL Search Domain Scan URL
Title: Alibaba Cloud
Search URL Search Domain Scan URL
Title: AliOS
Search URL Search Domain Scan URL
Title: AliTelecom
Search URL Search Domain Scan URL
Title: HiChina
Search URL Search Domain Scan URL
Title: Autonavi
Search URL Search Domain Scan URL
Title: UCWeb
Search URL Search Domain Scan URL
Title: Umeng
Search URL Search Domain Scan URL
Title: Xiami
Search URL Search Domain Scan URL
Title: DingTalk
Search URL Search Domain Scan URL
Title: Alipay
Search URL Search Domain Scan URL
Title: Lazada
Search URL Search Domain Scan URL
Title: Product Listing Policy
Search URL Search Domain Scan URL
Title: Intellectual Property Protection
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: ©
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
sojiaxxlibaxba.php
kratofield.xyz/cgalk/ |
15 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-latest.min.js
code.jquery.com/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
h2.png
kratofield.xyz/cgalk/images/ |
922 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s_fb.JPG
kratofield.xyz/cgalk/images/ |
8 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s_goog.JPG
kratofield.xyz/cgalk/images/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s_linkedin.JPG
kratofield.xyz/cgalk/images/ |
8 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s_twitter.JPG
kratofield.xyz/cgalk/images/ |
8 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hh.webp
kratofield.xyz/cgalk/images/ |
40 KB 40 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
banner.webp
kratofield.xyz/cgalk/images/ |
115 KB 115 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hhh.png
kratofield.xyz/cgalk/images/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sf-ui-text-light-5864714f67240.woff
kratofield.xyz/cgalk/webfonts/sfuitext/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Alibaba (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
kratofield.xyz/ | Name: PHPSESSID Value: c92e7d041223d97c2d31ecfa8b54c3db |
|
.kratofield.xyz/ | Name: __cfduid Value: dd0298f83381d91a69116fbd3afd4c4021596762946 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
code.jquery.com
kratofield.xyz
2001:4de0:ac19::1:b:1a
2606:4700:3037::6812:3d3b
2606:4700::6810:84e5
2159c0d38dc91ac239e6c05824516816d61a1c19108171275702ee8ca5b610b2
2421cca69708a81b1a2243d80d06ff09b5be7c0261e380631e09176621087c8d
3ec25d12dd95dd3b46f93e42887c3e34367a797d396e316edd7ac6bf1588eae5
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
54c119b4c344d9282f9e872da1bf144f306923eacf760179dace606870a77d8f
771c14f4ed00b4c7915876619d992abb4256c577715d74e796b562feba1218ac
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7efda8bdca73527869ae8dd72fd43b821d5b132623a8a35df028e6e2a7060200
7fea485981323111b0c315325f62373ef31c5f6e5a719d6573cf969b9662eced
975b35cd2d1623ac56b9d89154cb15dfa0ced081d18ae0999c13058f9c24788b
b751ce774c22560266aba18930f87aaa8418641779f7ac91de9575a165c57c7d