letsroll.in.net
Open in
urlscan Pro
2606:4700:30::681f:5370
Malicious Activity!
Public Scan
URL:
https://letsroll.in.net/exe/kjhefwki646/index.php
Submission: On March 21 via manual from IN
Submission: On March 21 via manual from IN
Summary
This website contacted 4 IPs
in 2 countries
across 4 domains to perform 14 HTTP transactions.
The main IP is 2606:4700:30::681f:5370, located in
United States and
belongs to CLOUDFLARENET - Cloudflare, Inc., US.
The main domain is letsroll.in.net.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on March 20th 2019. Valid for: a year.
This is the only time letsroll.in.net was scanned on urlscan.io!
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on March 20th 2019. Valid for: a year.
This is the only time letsroll.in.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 10 | 2606:4700:30:... 2606:4700:30::681f:5370 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 1 | 205.185.208.52 205.185.208.52 | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
| 2 | 209.197.3.15 209.197.3.15 | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:809::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 14 | 4 |
10
2606:4700:30::681f:5370
(United States)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| letsroll.in.net |
1
205.185.208.52
(Phoenix, United States)
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net
| code.jquery.com |
2
209.197.3.15
(Phoenix, United States)
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net
| maxcdn.bootstrapcdn.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 10 |
in.net
letsroll.in.net |
815 KB |
| 2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
29 KB |
| 1 |
googleapis.com
ajax.googleapis.com |
30 KB |
| 1 |
jquery.com
code.jquery.com |
33 KB |
| 14 | 4 |
| Domain | Requested by | |
|---|---|---|
| 10 | letsroll.in.net |
letsroll.in.net
code.jquery.com |
| 2 | maxcdn.bootstrapcdn.com |
letsroll.in.net
|
| 1 | ajax.googleapis.com |
letsroll.in.net
|
| 1 | code.jquery.com |
letsroll.in.net
|
| 14 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-03-20 - 2020-03-20 |
a year | crt.sh |
| jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
| *.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA |
2018-10-03 - 2019-10-12 |
a year | crt.sh |
| *.googleapis.com Google Internet Authority G3 |
2019-03-01 - 2019-05-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://letsroll.in.net/exe/kjhefwki646/index.php
Frame ID: 03013235F6B36F74404003995F0CDE0C
Requests: 14 HTTP requests in this frame
Screenshot
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- url /\.php(?:$|\?)/i
CloudFlare
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /cloudflare/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Twitter Bootstrap () Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
- script /(?:twitter\.github\.com\/bootstrap|bootstrap(?:\.js|\.min\.js))/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
index.php
letsroll.in.net/exe/kjhefwki646/ |
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
4geevme.css
letsroll.in.net/exe/kjhefwki646/heroi/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.min.js
code.jquery.com/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquert7.js
letsroll.in.net/exe/kjhefwki646/heroi/ |
85 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.4.0/css/ |
119 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.4.0/js/ |
37 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
side2.png
letsroll.in.net/exe/kjhefwki646/heroi/ |
52 KB 52 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
run.png
letsroll.in.net/exe/kjhefwki646/heroi/ |
53 KB 53 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
side1.png
letsroll.in.net/exe/kjhefwki646/heroi/ |
49 KB 49 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
side3.png
letsroll.in.net/exe/kjhefwki646/heroi/ |
66 KB 66 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
side4.png
letsroll.in.net/exe/kjhefwki646/heroi/ |
49 KB 50 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
leadhoom.png
letsroll.in.net/exe/kjhefwki646/heroi/ |
456 KB 457 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ffoot.png
letsroll.in.net/exe/kjhefwki646/heroi/ |
54 KB 54 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery function| formatAMPM1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .letsroll.in.net/ | Name: __cfduid Value: d18e8f8330af5aa660c37a4fce46844881553185628 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
code.jquery.com
letsroll.in.net
maxcdn.bootstrapcdn.com
205.185.208.52
209.197.3.15
2606:4700:30::681f:5370
2a00:1450:4001:809::200a
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1f429f4e2829515fb4ff9b67d875c2d023f08610e15a049ac0976715dd02182a
24a4ff6048e166bd3a4e461f0bc48c698360f8f5ea95acabd9b135ec2f367184
3452e8481ce350df02bdf797761ba9c6e93888dedf67f5a8bd960e588bcce521
418019d168be0b2926def4bccd3f573c79489a736cb12b8277ec6ef423819582
4b940065e2a67c37e3bd02b23c651f4744a3c219aba2d4fb99a631113494d376
67d2ec314a40d07613af79267a4c38f70697f3cb22c550d6b78685329c7f706f
867eefec2956923792b8d7a5e1cb94016f00b61e630c59e8c5f1070f7ef2d623
909ae563eb34f7e4285a3a643ab5d7c21c5e6a80f3f455b949ac45f08d0389b4
93514033927e12bd1e96e35f21f7944c8daddf8d92ff0ca47e1711c71b370875
a778c538a0a8da0c3aa55e4897ef31c9a9ef9ae8aa7c1c849ed67bccf7a7476b
ad51c27c3b0d76d7caf93d536de86e746118011e6ab71c5dc7871fbec54754de
b8953f2ea0efd62e46e65782785223b47e185e90b076fd5f35659be1498061af
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d