sakai-airdrop.pages.dev
Open in
urlscan Pro
172.66.47.66
Malicious Activity!
Public Scan
Submission: On October 21 via manual from IT — Scanned from IT
Summary
TLS certificate: Issued by WE1 on October 13th 2024. Valid for: 3 months.
This is the only time sakai-airdrop.pages.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 18 | 172.66.47.66 172.66.47.66 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:20:... 2606:4700:20::681a:b86 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.18.27.46 104.18.27.46 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700:20:... 2606:4700:20::ac43:4620 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
21 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
pages.dev
1 redirects
sakai-airdrop.pages.dev |
1 MB |
3 |
sakaivault.io
sakaivault.io app.sakaivault.io |
24 KB |
1 |
walletconnect.com
verify.walletconnect.com — Cisco Umbrella Rank: 64643 |
|
21 | 3 |
Domain | Requested by | |
---|---|---|
18 | sakai-airdrop.pages.dev |
1 redirects
sakai-airdrop.pages.dev
|
2 | app.sakaivault.io |
sakai-airdrop.pages.dev
|
1 | verify.walletconnect.com |
sakai-airdrop.pages.dev
|
1 | sakaivault.io |
sakai-airdrop.pages.dev
|
21 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
docs.sakaivault.io |
twitter.com |
t.me |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sakai-airdrop.pages.dev WE1 |
2024-10-13 - 2025-01-11 |
3 months | crt.sh |
sakaivault.io WE1 |
2024-10-17 - 2025-01-15 |
3 months | crt.sh |
walletconnect.com WE1 |
2024-09-04 - 2024-12-03 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://sakai-airdrop.pages.dev/
Frame ID: 704C98D84C8C061A94A349CDCDDD387F
Requests: 25 HTTP requests in this frame
Frame:
https://verify.walletconnect.com/427444f5475676ff593048145610a910
Frame ID: 8A50CF39986DCD7B9EBB3AB4DC067532
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Summary | Sakai Vault AppPage URL History Show full URLs
- https://sakai-airdrop.pages.dev/ Page URL
-
https://sakai-airdrop.pages.dev/cdn-cgi/phish-bypass?atok=pRo2gLjG_.as0ZJuKHS31_pRrYk9asiAC54QLV_Ln1M-172947...
HTTP 301
https://sakai-airdrop.pages.dev/ Page URL
Detected technologies
Google Font API (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Documentation
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://sakai-airdrop.pages.dev/ Page URL
-
https://sakai-airdrop.pages.dev/cdn-cgi/phish-bypass?atok=pRo2gLjG_.as0ZJuKHS31_pRrYk9asiAC54QLV_Ln1M-1729479978-0.0.1.1-%2F
HTTP 301
https://sakai-airdrop.pages.dev/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
/
sakai-airdrop.pages.dev/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cf.errors.css
sakai-airdrop.pages.dev/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-exclamation.png
sakai-airdrop.pages.dev/cdn-cgi/images/ |
452 B 635 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
sakai-airdrop.pages.dev/ |
4 KB 2 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
sakai-airdrop.pages.dev/ Redirect Chain
|
1 MB 147 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
tresa.j
sakai-airdrop.pages.dev/ |
1 MB 147 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
310b9e59ce58398e.css
sakai-airdrop.pages.dev/_next/static/css/ |
491 KB 361 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
totalcss.css
sakai-airdrop.pages.dev/ |
235 KB 150 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sakaivault-dark.svg
sakai-airdrop.pages.dev/ |
12 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
512.png
sakaivault.io/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sakai.png
sakai-airdrop.pages.dev/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
usdt.png
sakai-airdrop.pages.dev/ |
923 B 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bnb.png
sakai-airdrop.pages.dev/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sensei.png
sakai-airdrop.pages.dev/ |
25 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
427444f5475676ff593048145610a910
verify.walletconnect.com/ Frame 8A50 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
646 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
422 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
250 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg-2.svg
app.sakaivault.io/assets/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
84 KB 84 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sensei.png
app.sakaivault.io/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
59 KB 59 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
512.png
sakai-airdrop.pages.dev/ |
10 KB 11 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
sakai-airdrop.pages.dev/ |
1 MB 147 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon-32x32.png
sakai-airdrop.pages.dev/ |
1 MB 147 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon-16x16.png
sakai-airdrop.pages.dev/ |
1 MB 147 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 12 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.sakai-airdrop.pages.dev/ | Name: __cf_mw_byp Value: pRo2gLjG_.as0ZJuKHS31_pRrYk9asiAC54QLV_Ln1M-1729479978-0.0.1.1-/ |
|
.walletconnect.com/ | Name: __cf_bm Value: xtGLWwHWuBTfuzk5K81KkQ9uw_ZRrG7drIoonJEd3sA-1729479983-1.0.1.1-ofJ9BDVOK0jmkG7XEfpAbomphwYD6ED1WW9.ARtiAHTcKU_fyLOBhIzxZXXIBsgQkl4cTo1d002HMrHTO76XAg |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app.sakaivault.io
sakai-airdrop.pages.dev
sakaivault.io
verify.walletconnect.com
104.18.27.46
172.66.47.66
2606:4700:20::681a:b86
2606:4700:20::ac43:4620
06fb426011fc228c9f6ba286ef796a96649444b24f9cfdb3aac96d1332918ed7
177bd24c0ef3945084c6e0102b521f1d51b3f5433dcde220b4c4c9337cb6570c
233aebd3be65c3aa0a7f619bce7843934fbd66ef7b80a7c03692f8a0d22ea5f6
3205101d78e90c0362e6918e3e01fb21855a16454a8e28d511ba614fb634bb46
3b41933d1a79e436e6f539030f5a6d8ecfa42482240b93ccf7294977c92dadf8
3bd151eb77e3cc456935eb7decbc0984759fb4d00598088fef0e3632968140ff
63c78440d3c1bec858b1f09c0d3a7581604e46b68a0fa5cfc783d11113877018
6aad0b94f6bd9c5e5d12c2bc0e3bade8a80b42b9cfd622e0c9d051533d2d3547
791bd5983468e79a0b333ed6d5ce51cc4b7281bcc3b72b330252be686d1f21f4
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
ab5f375dea6a6f741b9b142fd9e44362a91d3ea0945c91a4c83794ce5f601f47
b17f78f22402ad1e39e4f3aaecfa4ad2d0c77468ac55195d1bc30a56a94cedfa
bea6693e48a9468341c671247b893be85f4a8c471c7bf695b435005860a2550f
df10e30ef76318dc4e3a8c2fed51b68d2ea02b04dda439ca906ce94c01b79013
e34fe45c58b60fcd32f90a8525830ea886cfbb8a2178700a3aa58f2ac11efc30
e8b7dc15525de712cb597b4c4daa6b11dce462e6dd10913e41720f59b2608117
e94f4ec3d5f854f7281c9c36eeff5313fe0b739a16c7f2b6336eea87f1c013d3
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f2680a8adb6d9bb720fbe809ce8a863edb73c33822ed9b2d90babc70c83c64e0
f4e64a41682d56e53dfc3ae84e5cc65731b16f1929337ee52e54eae9cb2442f2