sunnyspotholidays.icu
Open in
urlscan Pro
2606:4700:30::681f:43e2
Malicious Activity!
Public Scan
Effective URL: https://sunnyspotholidays.icu/review/
Submission: On January 11 via manual from US
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on January 10th 2019. Valid for: a year.
This is the only time sunnyspotholidays.icu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 78.142.63.38 78.142.63.38 | 31083 (TELEPOINT) (TELEPOINT) | |
1 5 | 2606:4700:30:... 2606:4700:30::681f:43e2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
5 | 2 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
sunnyspotholidays.icu |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
sunnyspotholidays.icu
1 redirects
sunnyspotholidays.icu |
1009 KB |
1 |
umwo.org
view.umwo.org |
214 B |
5 | 2 |
Domain | Requested by | |
---|---|---|
5 | sunnyspotholidays.icu |
1 redirects
sunnyspotholidays.icu
|
1 | view.umwo.org | |
5 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
view.umwo.org Let's Encrypt Authority X3 |
2019-01-11 - 2019-04-11 |
3 months | crt.sh |
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-01-10 - 2020-01-10 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sunnyspotholidays.icu/review/
Frame ID: C5172328A031685AA2F235E2F6308AB3
Requests: 5 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://view.umwo.org/red.htm Page URL
-
https://sunnyspotholidays.icu/review
HTTP 301
https://sunnyspotholidays.icu/review/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://view.umwo.org/red.htm Page URL
-
https://sunnyspotholidays.icu/review
HTTP 301
https://sunnyspotholidays.icu/review/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
red.htm
view.umwo.org/ |
83 B 214 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
sunnyspotholidays.icu/review/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t1.png
sunnyspotholidays.icu/review/images/ |
1005 KB 1006 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t2.png
sunnyspotholidays.icu/review/images/ |
503 B 587 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xt.png
sunnyspotholidays.icu/review/images/ |
495 B 683 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.sunnyspotholidays.icu/ | Name: __cfduid Value: dfee1b740b646cd860a4b06ce13ce5c8f1547234793 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
sunnyspotholidays.icu
view.umwo.org
2606:4700:30::681f:43e2
78.142.63.38
26a129285f918e8bbd2b8dd08c40af8abb07527f8c6f4ea4df0aa8af2cdcb762
8624614099776f09ad94e296d1e8394eb5ef74b762b57b8df3e991e8523d326a
91d9c0e4a91822f1b5d8544096e8ce8505a98e63ecab1e5a2c0459926aefde50
97a4488434a10d406081498268d1c4452209922cf1c5802134ad9d3693c41112