yeswecan.kreatives.is Open in urlscan Pro
2606:4700:20::681a:aec Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://colorful-palette.com/old/
Effective URL:
https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178
Submission: On February 19 via api (February 19th 2024, 9:01:59 pm UTC) from IE — Scanned from JP

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 2606:4700:20::681a:aec, located in United States and belongs to CLOUDFLARENET, US. The main domain is yeswecan.kreatives.is.
TLS certificate: Issued by GTS CA 1P5 on February 7th 2024. Valid for: 3 months.

This is the only time yeswecan.kreatives.is was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	202.226.37.141 202.226.37.141	() ()
3 11	2606:4700:20:... 2606:4700:20::681a:aec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	3

1 202.226.37.141 (Japan)

ASN- ()
PTR: sv121.xserver.jp

colorful-palette.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700:20::681a:aec (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

yeswecan.kreatives.is	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	kreatives.is 3 redirects yeswecan.kreatives.is	203 KB
1	colorful-palette.com colorful-palette.com	317 B
9	2

	Domain	Requested by
11	yeswecan.kreatives.is	3 redirects yeswecan.kreatives.is
1	colorful-palette.com
9	2

This site contains no links.

Subject Issuer	Validity	Valid
kreatives.is GTS CA 1P5	`2024-02-07` - `2024-05-07`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178
Frame ID: 77E036069504BB0D1524D577174CAF52
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

| Welcome |

Page URL History Show full URLs

http://colorful-palette.com/old/ Page URL
https://yeswecan.kreatives.is/zarano HTTP 301
https://yeswecan.kreatives.is/zarano/ HTTP 302
https://yeswecan.kreatives.is/zarano/F004f19441/index.php?valid=true&id=10234195 HTTP 302
https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

9
Requests

89 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

219 kB
Transfer

418 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://colorful-palette.com/old/ Page URL
https://yeswecan.kreatives.is/zarano HTTP 301
https://yeswecan.kreatives.is/zarano/ HTTP 302
https://yeswecan.kreatives.is/zarano/F004f19441/index.php?valid=true&id=10234195 HTTP 302
https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response colorful-palette.com/old/	83 B 317 B	255ms 11ms	Document text/html	202.226.37.141
General Check archive.org Show headers Download Go to Full URL http://colorful-palette.com/old/ Protocol HTTP/1.1 Server 202.226.37.141 , Japan, ASN (), Reverse DNS sv121.xserver.jp Software nginx / Resource Hash `6c1b72c1a1c67d4597a0f572271bd760d284aa12354be96edb834d5abaf6f81a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers Accept-Ranges bytes Connection keep-alive Content-Length 83 Content-Type text/html Date Mon, 19 Feb 2024 21:01:53 GMT ETag "53-611bd9d5ae5e4" Last-Modified Mon, 19 Feb 2024 15:19:06 GMT Server nginx
GET H3	200	Primary Request 00951124a.php Show response yeswecan.kreatives.is/zarano/F004f19441/ Redirect Chain https://yeswecan.kreatives.is/zarano https://yeswecan.kreatives.is/zarano/ https://yeswecan.kreatives.is/zarano/F004f19441/index.php?valid=true&id=10234195 https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178	3 KB 2 KB	266ms 266ms	Document text/html	2606:4700:20::681a:aec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:20::681a:aec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e7dc5516b432a18bce6b030c6b8730eb2abfe66a6311c8a8a9b6306ccc6af591` Request headers Referer http://colorful-palette.com/old/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 858172b0edebf5a7-NRT content-encoding br content-type text/html; charset-UTF-8;charset=UTF-8 date Mon, 19 Feb 2024 21:01:57 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qygCzLzcVKPem09ld0FpctKMIM5KBA4ZiQW1%2FObiFLtCnwwK64wMuvp9JcK5lHE7wpVi4l1IeLwl4kRc6aBlQ1c%2Fw5aiA2lkkruMCy5AfxqIBHxuO6gc7qipG%2FvWqW1BEwAj%2BG5AQwTw%2BmMZI%2Bi%2FnsuDTQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 858172aa2999f5a7-NRT content-type text/html; charset-UTF-8;charset=UTF-8 date Mon, 19 Feb 2024 21:01:57 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location ./00951124a.php?web=succes&local=_&id=25681178 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rPR4vfQvDc09%2F%2BiZEqMfVE%2FI6%2FmSKlzcHxlvKVRro0IJGSEgAQnuSoBeuTT%2FmHzPe9ezkr2ouIkDVKuduiPl7uU3%2FjI4BaUTybgnth5Nuh9tJ73wjI2r04iq9OOV7RpvjiL%2Bw2w5TlicqUhZ3D7nY4XF%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H3	200	style.css yeswecan.kreatives.is/zarano/F004f19441/layout/css/	209 KB 71 KB	13ms 12ms	Stylesheet text/css	2606:4700:20::681a:aec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://yeswecan.kreatives.is/zarano/F004f19441/layout/css/style.css Requested by Host: yeswecan.kreatives.is URL: https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:20::681a:aec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `993198ae94d90e3ea850f7d6b70443b64cf5f817098c778821edf924c297eea3` Request headers accept-language jp-JP,jp;q=0.9 Referer https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Mon, 19 Feb 2024 21:01:57 GMT content-encoding br cf-cache-status HIT last-modified Wed, 01 Jan 2020 00:06:22 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 15234 etag W/"34299-5e0be27e-fc8e6;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6wQEeKZ5adg6l%2F83uvqIZUbqJYzJQru%2FV8%2B9EwtLUQS9CqgRAWMwOTDF4KAnJGKtEAIRzzOiqkpDx7rHNaA7PNzGlUEYHOZEzDmrGt%2Fcrcdih8rSuCM2Z3hhASv6D6KjHukecQVJmMtwx%2FDoxvHpZUonbA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 858172b29f66f5a7-NRT alt-svc h3=":443"; ma=86400 expires Mon, 26 Feb 2024 15:17:34 GMT
GET H3	200	style.js Show response yeswecan.kreatives.is/zarano/F004f19441/layout/js/	96 KB 36 KB	17ms 17ms	Script application/x-javascript	2606:4700:20::681a:aec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://yeswecan.kreatives.is/zarano/F004f19441/layout/js/style.js Requested by Host: yeswecan.kreatives.is URL: https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:20::681a:aec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b56dd0f5e443608e46b42696f86fe376190c1688f2586cf5345b0b43f2973a5c` Request headers accept-language jp-JP,jp;q=0.9 Referer https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Mon, 19 Feb 2024 21:01:57 GMT content-encoding br cf-cache-status HIT last-modified Mon, 12 Nov 2018 07:23:54 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 15234 etag W/"17f6f-5be92a8a-fc8fe;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fJ91%2ByXRWi6nstsq9Wf8ai0zkV4naWidXgclzSEXxOzgYHdhMI810JQYfUYlxf5%2BRWeqLCyOs57rxM16CaEpNkmEaM4VksU4NvMG2hUeAQyywkG6fbgBni8roaG15Fwa4P%2B0f%2FZzkzommbbMSJPitu3gWw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=604800 cf-ray 858172b29f68f5a7-NRT alt-svc h3=":443"; ma=86400 expires Mon, 26 Feb 2024 15:17:34 GMT
GET H3	200	lg.svg yeswecan.kreatives.is/zarano/F004f19441/layout/img/	2 KB 1 KB	9ms 9ms	Image image/svg+xml	2606:4700:20::681a:aec CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://yeswecan.kreatives.is/zarano/F004f19441/layout/img/lg.svg Requested by Host: yeswecan.kreatives.is URL: https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:20::681a:aec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `aeed178a287002e32c4a7767dc24b3c732a812cdd42017835055e42db4d2eae1` Request headers accept-language jp-JP,jp;q=0.9 Referer https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Mon, 19 Feb 2024 21:01:57 GMT content-encoding br cf-cache-status HIT last-modified Thu, 15 Aug 2019 12:02:52 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 15234 etag W/"7f8-5d5549ec-fc8ed;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jpv6i8LNTrsnJR%2BOWnSiEcOa0OM5ngsdCCGfrHEfAJqlyL2NHvUCHXftWafhvbgUhcmWl3bFb87P%2B%2FB7HLDnw10eozi4KMvva4IK7y8EgNRT3CfvbbBKwM7baDsH%2FLAXT8GguKXyTFnQBctPoAwpxW8rxw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 cf-ray 858172b29f6bf5a7-NRT alt-svc h3=":443"; ma=86400 expires Mon, 26 Feb 2024 15:17:34 GMT
GET H3	200	pak.png yeswecan.kreatives.is/zarano/F004f19441/layout/img/	878 B 1 KB	11ms 11ms	Image image/png	2606:4700:20::681a:aec CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://yeswecan.kreatives.is/zarano/F004f19441/layout/img/pak.png Requested by Host: yeswecan.kreatives.is URL: https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:20::681a:aec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4057023fcfa4360934b1a1409a74a40ffbc2bb7dacd2bcc6f69d66a9673f09e8` Request headers accept-language jp-JP,jp;q=0.9 Referer https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Mon, 19 Feb 2024 21:01:57 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 15234 alt-svc h3=":443"; ma=86400 content-length 878 last-modified Thu, 15 Aug 2019 13:02:56 GMT server cloudflare etag "36e-5d555800-fc8f7;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9sI1to86ayBdsR6%2F4JCW74IttChBkACrWrR6ZJ9dxGT7cZfSg2Zazx0K4zrG334WYYlXL2j%2Ftn3Kyyo27q5dV24klCpDpJZuFU8lhOroRviNhR4mRD8kDZPHUgj3EpaKplra%2FhHS5ZwIPmM%2F6ks2wKilrA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 accept-ranges bytes cf-ray 858172b29f6cf5a7-NRT expires Mon, 26 Feb 2024 15:17:34 GMT
GET H3	200	ta3.svg yeswecan.kreatives.is/zarano/F004f19441/layout/img/	2 KB 2 KB	13ms 12ms	Image image/svg+xml	2606:4700:20::681a:aec CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://yeswecan.kreatives.is/zarano/F004f19441/layout/img/ta3.svg Requested by Host: yeswecan.kreatives.is URL: https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:20::681a:aec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `42794908246997d603888b2c2098941e0c3f9b7b0f719134365789189c7edac0` Request headers accept-language jp-JP,jp;q=0.9 Referer https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Mon, 19 Feb 2024 21:01:57 GMT content-encoding br cf-cache-status HIT last-modified Fri, 16 Aug 2019 09:27:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 15233 etag W/"77d-5d567700-fc8fb;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BDAVroIW2OirlwpsgCTtydxcHz62h%2B1uIziabcjFyHqcvd7OLSKHFJlQIbQp5iFFEmS0u0wLicLgG4LXbSY2GJ8Hqu%2BQ1WKSRDbu3GJKJtftgXgLp5PHHHj5h0OKjtRDQLZ95LiNjUUGxtxcY7VDqIwVVA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 cf-ray 858172b2af7ff5a7-NRT alt-svc h3=":443"; ma=86400 expires Mon, 26 Feb 2024 15:17:34 GMT
GET H3	200	pub.jpg yeswecan.kreatives.is/zarano/F004f19441/layout/img/	80 KB 81 KB	9ms 9ms	Image image/jpeg	2606:4700:20::681a:aec CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://yeswecan.kreatives.is/zarano/F004f19441/layout/img/pub.jpg Requested by Host: yeswecan.kreatives.is URL: https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:20::681a:aec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fd6d79b881550d2aced201e506cbd7dfacafc19c16db81a655ad06f2835819c5` Request headers accept-language jp-JP,jp;q=0.9 Referer https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Mon, 19 Feb 2024 21:01:57 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 15233 alt-svc h3=":443"; ma=86400 content-length 82133 cf-bgj h2pri last-modified Thu, 15 Aug 2019 12:59:12 GMT server cloudflare etag "140d5-5d555720-fc8f8;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HjBnkULyrQYFJ%2FAxgjSeAKAG3pKQMMYzz%2B208ImPc3RY%2BzSmR4DD8lSvR1Hbw9Q9ObIVdhNOj9e9Xtj1cBBLzYE2jufQ4eLYXUEA2YAefHiASBk0nQ0Nyl%2F1pc2Qr2WbGg0F751u6wbuJdcXTml1q%2FfhSA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control public, max-age=604800 accept-ranges bytes cf-ray 858172b2bf81f5a7-NRT expires Mon, 26 Feb 2024 15:17:34 GMT
GET H3	200	pubr.gif yeswecan.kreatives.is/zarano/F004f19441/layout/img/	8 KB 9 KB	10ms 10ms	Image image/gif	2606:4700:20::681a:aec CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://yeswecan.kreatives.is/zarano/F004f19441/layout/img/pubr.gif Requested by Host: yeswecan.kreatives.is URL: https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:20::681a:aec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `38d38e7a9e31f364cf1238ed6efcad478b3d71b56a8070c7aeda136e7a09dfa6` Request headers accept-language jp-JP,jp;q=0.9 Referer https://yeswecan.kreatives.is/zarano/F004f19441/00951124a.php?web=succes&local=_&id=25681178 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Mon, 19 Feb 2024 21:01:57 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 15233 alt-svc h3=":443"; ma=86400 content-length 8344 last-modified Thu, 15 Aug 2019 16:49:28 GMT server cloudflare etag "2098-5d558d18-fc8fa;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EeHL%2ByPW6A7heYWzh4tATFYFtIj6cNYcno%2BVRb1GG02tGzwkKt9iXkHwpl3afeMOyEo7hyGXASeP10mkw8%2FcTP5X2htpIiTKecCbxbFTohV2wioKLNpUdvaEsKTyUkykv0nsQnSgLMhNlNeNTVnxpb4Dew%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control public, max-age=604800 accept-ranges bytes cf-ray 858172b2cf89f5a7-NRT expires Mon, 26 Feb 2024 15:17:34 GMT
GET DATA	200 OK	truncated /	17 KB 17 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5dd216ad75ced5dd6acfb48d1ae11ba66fb373c26da7fc5efbdad9fd1c14f6e3` Request headers Referer Origin https://yeswecan.kreatives.is accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Type application/font-woff2;charset=utf-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| preventBack object| Modernizr function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			yeswecan.kreatives.is/	1969-12-31 23:59:59	Name: PHPSESSID Value: 1pat80vpbn0d2pvcb2900d3fsj

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

colorful-palette.com
yeswecan.kreatives.is
202.226.37.141
2606:4700:20::681a:aec
38d38e7a9e31f364cf1238ed6efcad478b3d71b56a8070c7aeda136e7a09dfa6
4057023fcfa4360934b1a1409a74a40ffbc2bb7dacd2bcc6f69d66a9673f09e8
42794908246997d603888b2c2098941e0c3f9b7b0f719134365789189c7edac0
5dd216ad75ced5dd6acfb48d1ae11ba66fb373c26da7fc5efbdad9fd1c14f6e3
6c1b72c1a1c67d4597a0f572271bd760d284aa12354be96edb834d5abaf6f81a
993198ae94d90e3ea850f7d6b70443b64cf5f817098c778821edf924c297eea3
aeed178a287002e32c4a7767dc24b3c732a812cdd42017835055e42db4d2eae1
b56dd0f5e443608e46b42696f86fe376190c1688f2586cf5345b0b43f2973a5c
e7dc5516b432a18bce6b030c6b8730eb2abfe66a6311c8a8a9b6306ccc6af591
fd6d79b881550d2aced201e506cbd7dfacafc19c16db81a655ad06f2835819c5

yeswecan.kreatives.is Open in urlscan Pro 2606:4700:20::681a:aec Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

89 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

219 kBTransfer

418 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

yeswecan.kreatives.is Open in urlscan Pro
2606:4700:20::681a:aec Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

89 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

219 kB
Transfer

418 kB
Size

1
Cookies

9 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!