laudifak.com Open in urlscan Pro
2606:4700:3030::ac43:c5b5 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://marley.ru.com/
Effective URL:
https://laudifak.com/ch/_/l0g1n0.php
Submission: On October 23 via manual (October 23rd 2024, 2:25:05 am UTC) from US — Scanned from US

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 12 HTTP transactions. The main IP is 2606:4700:3030::ac43:c5b5, located in United States and belongs to CLOUDFLARENET, US. The main domain is laudifak.com.
TLS certificate: Issued by WE1 on October 15th 2024. Valid for: 3 months.

This is the only time laudifak.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2 2	2606:4700:303... 2606:4700:3037::ac43:a99b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 12	2606:4700:303... 2606:4700:3030::ac43:c5b5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2620:1ec:bdf::38 2620:1ec:bdf::38	() ()
12	3

2 2606:4700:3037::ac43:a99b (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

marley.ru.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:3030::ac43:c5b5 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

laudifak.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:bdf::38 (None, )

ASN- ()

aadcdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	laudifak.com 3 redirects laudifak.com	35 KB
3	msauth.net aadcdn.msauth.net	4 KB
2	ru.com 2 redirects marley.ru.com	674 B
12	3

	Domain	Requested by
12	laudifak.com	3 redirects laudifak.com
3	aadcdn.msauth.net	laudifak.com
2	marley.ru.com	2 redirects
12	3

This site contains no links.

Subject Issuer	Validity	Valid
laudifak.com WE1	`2024-10-15` - `2025-01-13`	3 months	crt.sh
aadcdn.msauth.net DigiCert SHA2 Secure Server CA	`2024-07-30` - `2025-07-30`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://laudifak.com/ch/_/l0g1n0.php
Frame ID: C4957757B18219601D6C529923769584
Requests: 11 HTTP requests in this frame

Frame: https://laudifak.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f2bbd6738e15/main.js
Frame ID: 980FFA1E1BACBCDFB4E83D6E22891B6C
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Just a moment...

Page URL History Show full URLs

http://marley.ru.com/ HTTP 307
https://marley.ru.com/ HTTP 301
https://laudifak.com/ch/ HTTP 307
http://marley.ru.com/ HTTP 307
https://marley.ru.com/ HTTP 301
https://laudifak.com/ch/ Page URL
https://laudifak.com/ch/ HTTP 302
https://laudifak.com/ch/_/index.php HTTP 302
https://laudifak.com/ch/_/l0g1n0.php Page URL

Page Statistics

12
Requests

92 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

36 kB
Transfer

97 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://marley.ru.com/ HTTP 307
https://marley.ru.com/ HTTP 301
https://laudifak.com/ch/ HTTP 307
http://marley.ru.com/ HTTP 307
https://marley.ru.com/ HTTP 301
https://laudifak.com/ch/ Page URL
https://laudifak.com/ch/ HTTP 302
https://laudifak.com/ch/_/index.php HTTP 302
https://laudifak.com/ch/_/l0g1n0.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://marley.ru.com/ HTTP 307
https://marley.ru.com/ HTTP 301
https://laudifak.com/ch/ HTTP 307
http://marley.ru.com/ HTTP 307
https://marley.ru.com/ HTTP 301
https://laudifak.com/ch/

Request Chain 1

https://laudifak.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://laudifak.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f2bbd6738e15/main.js

12 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

/ Show response
laudifak.com/ch/
Redirect Chain

http://marley.ru.com/
https://marley.ru.com/
https://laudifak.com/ch/
http://marley.ru.com/
https://marley.ru.com/
https://laudifak.com/ch/

16 KB
5 KB

3640ms
3640ms

Document
text/html

2606:4700:3030::ac43:c5b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://laudifak.com/ch/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:c5b5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 433fa53076ff7646e05e7f99efcdfdb18cf9a8d5dd7273bfc6d4b9e58ba992c5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8d6e45da88358c2f-EWR
content-encoding: zstd
content-type: text/html; charset=UTF-8
date: Wed, 23 Oct 2024 02:24:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B0AkGzToUn8rfeEe2atTAtrbjy9MFFLidXGGu7rFeBLiUl36TuyoE5cL59qnNVlrTI9Xnkac3eaJt6Ck7sXprDA5UHUxkJTQqQexeaCKMn0lf0%2B3zOFVvPmW1sX7d4lhr6r5Cy7BJi99sCk%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=258912&sent=16&recv=14&lost=0&retrans=0&sent_bytes=4290&recv_bytes=6137&delivery_rate=346&cwnd=12000&unsent_bytes=0&cid=6bd127b0fbb933db&ts=6122&x=1" cfExtPri cfHdrFlush;dur=0

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8d6e45c8c85d7ca2-EWR
content-type: text/html; charset=iso-8859-1
date: Wed, 23 Oct 2024 02:24:44 GMT
location: https://laudifak.com/ch/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rX40Lce%2FQQxpZpZ6Sw%2BhcSY91AB7DOY8OLIkofi3n7HAdV6B%2F8pR%2BHpiDdFGYnWbNqG7hw7SaSFHBPMKLcP6C7IRrgH%2FW%2BXJVQjj4DZOPTmagSzL2PfO4yYK3rFbjrWG17YUFzHFMdtK7u97"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=39414&sent=12&recv=9&lost=0&retrans=0&sent_bytes=4184&recv_bytes=4377&delivery_rate=14173&cwnd=12000&unsent_bytes=0&cid=8f6e626e3fadc711&ts=109&x=1" cfExtPri cfHdrFlush;dur=0

GET
H3

200

main.js Show response
laudifak.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f2bbd6738e15/ Frame 980F
Redirect Chain

https://laudifak.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://laudifak.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f2bbd6738e15/main.js?

8 KB
4 KB

46ms
45ms

Script
application/javascript

2606:4700:3030::ac43:c5b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://laudifak.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f2bbd6738e15/main.js?

Protocol

Server

2606:4700:3030::ac43:c5b5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f147ebc854a4ef4767b457f4710991d072951afe772c67613996064795a69b43

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zc8FT5epZIjexuFBra84xXUthMxEL6n6YquGEK3QVLPuj64f7beSa2eIXM7rNF%2Fn%2BAUfPYsg6FhRQqZXF3b3O3ZYemU5vhxKj1msS99leGC9Oiwl0i7JQLmDDsd0Qnh0d1ckPufWDXiUAH4%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8d6e45f28d8a8c2f-EWR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=178612&sent=26&recv=20&lost=0&retrans=0&sent_bytes=10414&recv_bytes=7480&delivery_rate=18720&cwnd=12000&unsent_bytes=0&cid=6bd127b0fbb933db&ts=6365&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 23 Oct 2024 02:24:51 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
priority: u=3,i=?0

Redirect headers

cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/f2bbd6738e15/main.js?
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D%2FIExLdLDyGJMh0Vb7IshzHuksTyQJKRb32%2FNl56AJNnKpKZT2fDF0YC7Fb0LEJjWIJo4lyqTUlJ645o83kgeuFOCwjZeJjSP6nP52klb4vVO%2FIgg1Qi%2B31OPJMTH%2FYxZTv7dF%2BcReoxOUE%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d6e45f24d1e8c2f-EWR
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 0
server-timing: cfL4;desc="?proto=QUIC&rtt=198985&sent=24&recv=19&lost=0&retrans=0&sent_bytes=9672&recv_bytes=7088&delivery_rate=9535&cwnd=12000&unsent_bytes=0&cid=6bd127b0fbb933db&ts=6319&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 23 Oct 2024 02:24:51 GMT
vary: Accept-Encoding
server: cloudflare
priority: u=3,i=?0

GET
H3 404 favicon.ico
laudifak.com/ 315 B
1 KB 289ms
289ms Other
text/html 2606:4700:3030::ac43:c5b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://laudifak.com/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:c5b5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://laudifak.com/ch/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zQrVdku5Z4NOWs0zZ5s7Sl1Q9zHuMlg7w12wOnHrc4WMeZaOvzs2TxwX0rZKGpsH82%2F2djNnYaG%2FzdMsmSe%2FP5BDvlSdhOnEtJWGaGOJVLAUaYuUybCkBLLpzW8QaXADH4wrAgZ0F7a%2FER0%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d6e45f24d2f8c2f-EWR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=156044&sent=46&recv=37&lost=0&retrans=0&sent_bytes=16601&recv_bytes=24807&delivery_rate=56671&cwnd=12000&unsent_bytes=0&cid=6bd127b0fbb933db&ts=6574&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 23 Oct 2024 02:24:51 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

POST
H3 200 8d6e45da88358c2f Show response
laudifak.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 980F 0
1 KB 56ms
42ms XHR
text/plain 2606:4700:3030::ac43:c5b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://laudifak.com/cdn-cgi/challenge-platform/h/g/jsd/r/8d6e45da88358c2f
Requested by: Host: laudifak.com
URL: https://laudifak.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:c5b5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XBk34cdzXx%2FeyG4OIdza9qRGHp3pe4y%2F2onvItP4wXXkULHDwMtjls6A2wNv4K8JN%2FisfJofa8sjPF1JlLIGoavKtjeK4NbqF5vQ%2FduN6O5ymUNuCcRcOdMmz7TKXxUeb%2BCkFtwLYmo1duI%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d6e45f3aed68c2f-EWR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=156044&sent=45&recv=37&lost=0&retrans=0&sent_bytes=15420&recv_bytes=24807&delivery_rate=56671&cwnd=12000&unsent_bytes=0&cid=6bd127b0fbb933db&ts=6557&x=1", cfExtPri, cfHdrFlush;dur=0
content-length: 0
date: Wed, 23 Oct 2024 02:24:51 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare
priority: u=1,i

GET
DATA 200
OK truncated
/ 302 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 399ff8432f1a62f80eea852be585f1af72d2051d66d52c947ecdf43db442aba2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H3

200

Primary Request l0g1n0.php Show response
laudifak.com/ch/_/
Redirect Chain

https://laudifak.com/ch/
https://laudifak.com/ch/_/index.php
https://laudifak.com/ch/_/l0g1n0.php

29 KB
9 KB

267ms
267ms

Document
text/html

2606:4700:3030::ac43:c5b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://laudifak.com/ch/_/l0g1n0.php

Requested by

Host: laudifak.com
URL: https://laudifak.com/ch/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:c5b5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8dddf84eaba953d9da9e725d3ce17afa586d9a54f011917fc09e52cf968ff2c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://laudifak.com/ch/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8d6e461aaf2d8c2f-EWR
content-encoding: zstd
content-type: text/html; charset=UTF-8
date: Wed, 23 Oct 2024 02:24:58 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NkI2BXDh9%2FJ1IQs0c%2FcsL4TJVfIksbmmR%2FIQ9fWw9h0%2B7ihJftzCDr%2BF0aP%2BedUiq1VCYTICTAWqi0RDa0GEGDiC8JHz%2F5EYvopIQUapJDmm%2BdMUYdmGzPDMHNWme%2B6HlduIik8%2FVnqL3Ok%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=112903&sent=53&recv=42&lost=0&retrans=0&sent_bytes=19624&recv_bytes=27602&delivery_rate=661&cwnd=12000&unsent_bytes=0&cid=6bd127b0fbb933db&ts=12996&x=1" cfExtPri cfHdrFlush;dur=0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8d6e4612ce988c2f-EWR
content-type: text/html; charset=UTF-8
date: Wed, 23 Oct 2024 02:24:57 GMT
location: ./l0g1n0.php
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OX3YyDpR0%2Fqk0R2d51Qq9Hvhe0eRienkR8Fh81edwsaeBlK8FsCw5Lvw29XcucqII27zxlbnD9wBg%2BEoDbw9INJs002vhfuwJbxPrXn%2FTQrWDdRsv0TemBOkTGJWcIf4T8AZTrWoGrgaN7g%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=124399&sent=51&recv=41&lost=0&retrans=0&sent_bytes=18746&recv_bytes=26683&delivery_rate=1382&cwnd=12000&unsent_bytes=0&cid=6bd127b0fbb933db&ts=12736&x=1" cfExtPri cfHdrFlush;dur=0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 1.css
laudifak.com/ch/_/assets/ 17 KB
5 KB 592ms
591ms Stylesheet
text/css 2606:4700:3030::ac43:c5b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://laudifak.com/ch/_/assets/1.css

Requested by

Host: laudifak.com
URL: https://laudifak.com/ch/_/l0g1n0.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:c5b5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6329e2ed82cf9a5c6e18c09faf317504b2ef670c0c282e99a7504fcec8ac16a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://laudifak.com/ch/_/l0g1n0.php

Response headers

server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X1CXLSyEDrUMAF%2F%2BN%2Frpo2v6Aqm1ZLcPRVpI0y8TB4APNadSppYilS5qymPo2h4fomh3TGrV3JJwmdRznV3AClLHWSUdi1eKIzo5TrjYxG1rncEL86uORK6K6ONl3GdGB58owDeEcr%2BCmdw%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8d6e461c59268c2f-EWR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=56884&sent=72&recv=54&lost=0&retrans=0&sent_bytes=34779&recv_bytes=30543&delivery_rate=136478&cwnd=12000&unsent_bytes=0&cid=6bd127b0fbb933db&ts=13589&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 23 Oct 2024 02:24:58 GMT
x-xss-protection: 1; mode=block
content-type: text/css
last-modified: Fri, 30 Sep 2022 02:47:22 GMT
vary: Accept-Encoding
priority: u=0,i=?0

GET
H3 200 em.css
laudifak.com/ch/_/assets/ 119 B
954 B 312ms
311ms Stylesheet
text/css 2606:4700:3030::ac43:c5b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://laudifak.com/ch/_/assets/em.css

Requested by

Host: laudifak.com
URL: https://laudifak.com/ch/_/l0g1n0.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:c5b5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6b4ca2eb750b35611101cc0d638a60e31e781e35f9f8ef803f465eefe4d7151

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://laudifak.com/ch/_/l0g1n0.php

Response headers

server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oiXeNlVAbA78G7ETxBLFI9me9BkGb%2B4K6UrEsdvnD3XdwuDgt9X5AJi6XVeyXXkZ5BI0%2B7%2FFaz4kGNhlKBpNF8iOM%2BtjAMN9zawPsX5IHSBeVARf4C79a%2FcuHo5Ba0YYFsdCRORudJ92Zew%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8d6e461c59288c2f-EWR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=66091&sent=67&recv=51&lost=0&retrans=0&sent_bytes=29435&recv_bytes=30412&delivery_rate=25596&cwnd=12000&unsent_bytes=0&cid=6bd127b0fbb933db&ts=13326&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 23 Oct 2024 02:24:58 GMT
x-xss-protection: 1; mode=block
content-type: text/css
last-modified: Fri, 30 Sep 2022 03:13:38 GMT
vary: Accept-Encoding
priority: u=0,i=?0

GET
H3 200 marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
laudifak.com/ch/_/assets/ 4 KB
4 KB 487ms
485ms Image
image/gif 2606:4700:3030::ac43:c5b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://laudifak.com/ch/_/assets/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif

Requested by

Host: laudifak.com
URL: https://laudifak.com/ch/_/l0g1n0.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:c5b5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://laudifak.com/ch/_/l0g1n0.php

Response headers

cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=17BKMauegdZvalOUv8%2Bj%2FBfZKVz%2FAdPCKU5fq5YP630Xfrz7Fj9OjMrHMm18yinNVw3CwGExM2TBYNYSEqD4l27S16TSOfz44zxvLPGNHLxThLhujf1fNxrhX02gVfsKpQ5STtv7mjmMD1E%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=64375&sent=68&recv=52&lost=0&retrans=0&sent_bytes=30412&recv_bytes=30456&delivery_rate=18659&cwnd=12000&unsent_bytes=0&cid=6bd127b0fbb933db&ts=13495&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 23 Oct 2024 02:24:58 GMT
content-type: image/gif
last-modified: Mon, 15 Aug 2022 00:53:22 GMT
vary: Accept-Encoding
priority: u=2,i
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d6e461c592b8c2f-EWR
accept-ranges: bytes
content-length: 3620
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msauth.net/shared/1.0/content/images/ 4 KB
2 KB 289ms
53ms Image
image/svg+xml 2620:1ec:bdf::38

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Requested by: Host: laudifak.com
URL: https://laudifak.com/ch/_/l0g1n0.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::38 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://laudifak.com/

Response headers

access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8D79B8373CB2849
x-ms-lease-status: unlocked
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
date: Wed, 23 Oct 2024 02:24:58 GMT
content-type: image/svg+xml
last-modified: Fri, 17 Jan 2020 19:28:38 GMT
cache-control: public, max-age=31536000
x-ms-request-id: 6cea5c68-c01e-005b-6c21-23fa6d000000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1435
x-azure-ref: 20241023T022458Z-ier18d7bcffv8h5mfdpf38ccr0000000036g000000001hft
x-ms-blob-type: BlockBlob

GET
H2 200 signin-options_4e48046ce74f4b89d45037c90576bfac.svg
aadcdn.msauth.net/shared/1.0/content/images/ 2 KB
1 KB 172ms
53ms Image
image/svg+xml 2620:1ec:bdf::38

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
Requested by: Host: laudifak.com
URL: https://laudifak.com/ch/_/l0g1n0.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::38 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://laudifak.com/

Response headers

access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8D8852A7FA6B761
x-ms-lease-status: unlocked
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
date: Wed, 23 Oct 2024 02:24:58 GMT
content-type: image/svg+xml
last-modified: Tue, 10 Nov 2020 03:41:24 GMT
cache-control: public, max-age=31536000
x-ms-request-id: 75e01d35-001e-002e-6b45-23e6fe000000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 621
x-azure-ref: 20241023T022458Z-ier18d7bcffv8h5mfdpf38ccr0000000036g000000001hfu
x-ms-blob-type: BlockBlob

GET
H2 200 2_bc3d32a696895f78c19df6c717586a5d.svg
aadcdn.msauth.net/shared/1.0/content/images/backgrounds/ 2 KB
1 KB 32ms
32ms Image
image/svg+xml 2620:1ec:bdf::38

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Requested by: Host: laudifak.com
URL: https://laudifak.com/ch/_/l0g1n0.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::38 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://laudifak.com/

Response headers

access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8D7B0071D86E386
x-ms-lease-status: unlocked
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
date: Wed, 23 Oct 2024 02:24:58 GMT
content-type: image/svg+xml
last-modified: Wed, 12 Feb 2020 22:01:30 GMT
cache-control: public, max-age=31536000
x-ms-request-id: 3e41546c-d01e-0025-4051-236a2a000000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 673
x-azure-ref: 20241023T022458Z-ier18d7bcffv8h5mfdpf38ccr0000000036g000000001hhp
x-ms-blob-type: BlockBlob

GET
H3 200 mic.ico
laudifak.com/ch/_/assets/ 17 KB
1 KB 327ms
327ms Other
image/x-icon 2606:4700:3030::ac43:c5b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://laudifak.com/ch/_/assets/mic.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:c5b5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://laudifak.com/ch/_/l0g1n0.php

Response headers

server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nBG3DbvxLUEARbxagZAJRBUjEh8eowYvo6LzFb4kGkZU7wvOzJ5lnoInDAS1IfYPe4JCRalfhNALIRw0XESPh23dATDfA2IfQIkXGGUmhsIxZDhSePGqBI5h3roft4AjJIHfaWX0N2sRHDk%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8d6e46204d598c2f-EWR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=52828&sent=78&recv=58&lost=0&retrans=0&sent_bytes=39826&recv_bytes=31543&delivery_rate=114127&cwnd=12000&unsent_bytes=0&cid=6bd127b0fbb933db&ts=13975&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 23 Oct 2024 02:24:59 GMT
x-xss-protection: 1; mode=block
content-type: image/x-icon
last-modified: Thu, 18 Aug 2022 11:17:22 GMT
vary: Accept-Encoding
priority: u=1,i

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.laudifak.com/	1970-01-21 09:13:06	Name: __ddg1_ Value: WwpTnSti22Ntdel8fgRR
laudifak.com/	1970-01-21 00:27:31	Name: pass Value: 2600%3A803%3Aa88%3A3112%3A%3A112
.laudifak.com/	1970-01-21 09:13:06	Name: cf_clearance Value: f84JDSDCD5xK8O2ZtDBVgu1C9D9mQEKxzxQO7N7E.mA-1729650291-1.2.1.1-6Q_WTFiw5qi2azXoNMMckRJcNaR8qDDkAlozf_N4Ktpn9J2EZA6mCOIg5gbTWGxkw.HxkJVmhDmMQmywvfju4WGIUEMzMBhbueTaZucUQVpI7._mSnpN_mCC4EWw.zqTSZILhM6DmBLQJIgozW.zKpFUEUrPfOWeqDkVT__Q0oSQyTL9XrYx3qukdYlRIioc_DxnBSpQ2duWHQzKaauZSmsEmPmMnBNQ8b.Wc8uLCL9icKpJ_hqXSsArylFV5g5RTmrOdgf9GtyMYnVOrlocdgNd7JlvXdARs6eMngqE3G5B2rTM715uKoDrOn3PGodzmshJ.jE40y4_tYNICEqwUHgjNo2eBSeg_ZxnsRezHPX3WiETxid47BLhKPK8YYI4
.laudifak.com/	1970-01-21 00:27:31	Name: __ddg8_ Value: WhSt5GT96MD3ljxg
.laudifak.com/	1970-01-21 00:27:31	Name: __ddg9_ Value: 162.158.159.23
.laudifak.com/	1970-01-21 00:27:31	Name: __ddg10_ Value: 1729650291

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://laudifak.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauth.net
laudifak.com
marley.ru.com
2606:4700:3030::ac43:c5b5
2606:4700:3037::ac43:a99b
2620:1ec:bdf::38
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
399ff8432f1a62f80eea852be585f1af72d2051d66d52c947ecdf43db442aba2
433fa53076ff7646e05e7f99efcdfdb18cf9a8d5dd7273bfc6d4b9e58ba992c5
6329e2ed82cf9a5c6e18c09faf317504b2ef670c0c282e99a7504fcec8ac16a5
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d
8dddf84eaba953d9da9e725d3ce17afa586d9a54f011917fc09e52cf968ff2c0
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d6b4ca2eb750b35611101cc0d638a60e31e781e35f9f8ef803f465eefe4d7151
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f147ebc854a4ef4767b457f4710991d072951afe772c67613996064795a69b43

laudifak.com Open in urlscan Pro 2606:4700:3030::ac43:c5b5 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

12 Requests

92 %HTTPS

100 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

36 kBTransfer

97 kBSize

6 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

6 Cookies

1 Console Messages

Indicators

laudifak.com Open in urlscan Pro
2606:4700:3030::ac43:c5b5 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

92 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

36 kB
Transfer

97 kB
Size

6
Cookies

12 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!