moonshift.com Open in urlscan Pro
67.43.9.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.edd.portal.edd.gov.ca.happycustomerreviews.app/
Effective URL:
http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/
Submission: On February 09 via automatic, source certstream-suspicious (February 9th 2021, 1:00:27 am UTC)

Summary HTTP 19 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 19 HTTP transactions. The main IP is 67.43.9.3, located in Lansing, United States and belongs to LIQUIDWEB, US. The main domain is moonshift.com.

This is the only time moonshift.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.64.118.56 192.64.118.56	22612 (NAMECHEAP...) (NAMECHEAP-NET)
2 21	67.43.9.3 67.43.9.3	32244 (LIQUIDWEB) (LIQUIDWEB)
19	1

1 192.64.118.56 (Los Angeles, United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: business44-3.web-hosting.com

www.edd.portal.edd.gov.ca.happycustomerreviews.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 67.43.9.3 (Lansing, United States) 2 redirects

ASN32244 (LIQUIDWEB, US)

moonshift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	moonshift.com 2 redirects moonshift.com	528 KB
1	happycustomerreviews.app 1 redirects www.edd.portal.edd.gov.ca.happycustomerreviews.app	323 B
19	2

	Domain	Requested by
21	moonshift.com	2 redirects moonshift.com
1	www.edd.portal.edd.gov.ca.happycustomerreviews.app	1 redirects
19	2

This site contains links to these domains. Also see Links.

Domain
prepaid.bankofamerica.com
usa.visa.com
www.fdic.gov

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/
Frame ID: E9ED404D681D011FEA3612E230DEF8D0
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.edd.portal.edd.gov.ca.happycustomerreviews.app/ HTTP 301
http://moonshift.com/wp-includes/blocks/index.php HTTP 302
http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80 HTTP 301
http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

19
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

527 kB
Transfer

524 kB
Size

0
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://prepaid.bankofamerica.com/eddcard/home/index
Title:

Search URL Search Domain Scan URL

URL: https://prepaid.bankofamerica.com/eddcard/Program/Fee
Title: Fee Information

Search URL Search Domain Scan URL

URL: https://prepaid.bankofamerica.com/eddcard/Program/FAQ
Title: FAQ

Search URL Search Domain Scan URL

URL: https://prepaid.bankofamerica.com/eddcard/Program/SiteMap
Title: Site Map

Search URL Search Domain Scan URL

URL: https://prepaid.bankofamerica.com/eddcard/Program/Contact
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://prepaid.bankofamerica.com/eddcard/Program/Privacy
Title: Privacy / Security

Search URL Search Domain Scan URL

URL: https://prepaid.bankofamerica.com/eddcard/Program/Terms
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://prepaid.bankofamerica.com/content/PRC384/CP384-T03-019/_Docs/CA-EDD-Digital-TC.pdf
Title: Digital Terms & Conditions and Fees

Search URL Search Domain Scan URL

URL: https://prepaid.bankofamerica.com/eddcard/Program/ATMLocator
Title: ATM Locator

Search URL Search Domain Scan URL

URL: https://usa.visa.com/legal/global-privacy-notice.html
Title: Visa Global Privacy Notice.

Search URL Search Domain Scan URL

URL: https://www.fdic.gov/deposit/deposits/prepaid.html
Title: fdic.gov/deposit/deposits/prepaid.html

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.edd.portal.edd.gov.ca.happycustomerreviews.app/ HTTP 301
http://moonshift.com/wp-includes/blocks/index.php HTTP 302
http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80 HTTP 301
http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ Redirect Chain https://www.edd.portal.edd.gov.ca.happycustomerreviews.app/ http://moonshift.com/wp-includes/blocks/index.php http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80 http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/	12 KB 12 KB	119ms 119ms	Document text/html	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / PHP/5.6.40 Resource Hash `ddff060109acf2b4a949d7aa4d0ee570e06da0d95752ab99e6fe571eefcc77d5` Request headers Host moonshift.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:07 GMT Server Apache X-Powered-By PHP/5.6.40 Keep-Alive timeout=2, max=498 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Date Tue, 09 Feb 2021 01:00:07 GMT Server Apache Location http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ Content-Length 281 Keep-Alive timeout=2, max=499 Connection Keep-Alive Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	css_002.css moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/	2 KB 2 KB	235ms 220ms	Stylesheet text/css	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/css_002.css Requested by Host: moonshift.com URL: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `9125b08d73099fe6cc8ec181f39edc63439b48442010ec2635791578f9e3b4ed` Request headers Referer http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:08 GMT Last-Modified Tue, 09 Feb 2021 01:00:07 GMT Server Apache Upgrade h2 Connection Upgrade, Keep-Alive Accept-Ranges bytes Content-Type text/css Keep-Alive timeout=2, max=500 Content-Length 1837
GET H/1.1	200 OK	css.css moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/	299 KB 300 KB	237ms 221ms	Stylesheet text/css	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/css.css Requested by Host: moonshift.com URL: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `6901c1ac9e6b8be482bacb7175c7a70765195a6d5940de04ae7361a07136e2b5` Request headers Referer http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:08 GMT Last-Modified Tue, 09 Feb 2021 01:00:07 GMT Server Apache Upgrade h2 Connection Upgrade, Keep-Alive Accept-Ranges bytes Content-Type text/css Keep-Alive timeout=2, max=500 Content-Length 306482
GET H/1.1	200 OK	preventEarlyClickCss.css moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/	45 B 307 B	234ms 219ms	Stylesheet text/css	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/preventEarlyClickCss.css Requested by Host: moonshift.com URL: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `42a0994f945e96989c7b09cd6d4c08fced929ce73f63396a83b3f071720c3c49` Request headers Referer http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:08 GMT Last-Modified Tue, 09 Feb 2021 01:00:07 GMT Server Apache Upgrade h2 Connection Upgrade, Keep-Alive Accept-Ranges bytes Content-Type text/css Keep-Alive timeout=2, max=500 Content-Length 45
GET H/1.1	200 OK	preventEarlyClick.txt Show response moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/	271 B 551 B	235ms 220ms	Script text/plain	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/preventEarlyClick.txt Requested by Host: moonshift.com URL: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `8332e9865442439990cc3f27b3e8a38c9b3bd5f548af382ae4fea0968181b4ff` Request headers Referer http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:08 GMT Last-Modified Tue, 09 Feb 2021 01:00:07 GMT Server Apache Upgrade h2 Connection Upgrade, Keep-Alive Accept-Ranges bytes Content-Type text/plain; charset=UTF-8 Keep-Alive timeout=2, max=500 Content-Length 271
GET H/1.1	200 OK	foundation.txt Show response moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/	96 KB 96 KB	218ms 119ms	Script text/plain	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/foundation.txt Requested by Host: moonshift.com URL: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `8cdb11e45e5feb9caf122ce4ef454511465310d3d81f09fe29b34e9948677a8c` Request headers Referer http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:08 GMT Last-Modified Tue, 09 Feb 2021 01:00:07 GMT Server Apache Content-Type text/plain; charset=UTF-8 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=497 Content-Length 98278
GET H/1.1	200 OK	modernizr.txt Show response moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/	11 KB 11 KB	350ms 116ms	Script text/plain	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/modernizr.txt Requested by Host: moonshift.com URL: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `9e83216908224ffbc39992a5e60f93ca21b8e2240ba28025ba679c4b70f7112d` Request headers Referer http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:08 GMT Last-Modified Tue, 09 Feb 2021 01:00:07 GMT Server Apache Content-Type text/plain; charset=UTF-8 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=499 Content-Length 11095
GET H/1.1	200 OK	Visa.txt Show response moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/	17 KB 17 KB	351ms 116ms	Script text/plain	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/Visa.txt Requested by Host: moonshift.com URL: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `48647dd88d430041f63e7f7674cd0576e0f2f84ed9310cdbf0cf8073e30d01e3` Request headers Referer http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:08 GMT Last-Modified Tue, 09 Feb 2021 01:00:07 GMT Server Apache Content-Type text/plain; charset=UTF-8 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=499 Content-Length 17585
GET H/1.1	200 OK	dps.txt Show response moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/	9 KB 9 KB	351ms 117ms	Script text/plain	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/dps.txt Requested by Host: moonshift.com URL: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `cf5b381a36797698b3b4a23090a14ebd63b4d2478f31be04d0bcbfd53d421b87` Request headers Referer http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:08 GMT Last-Modified Tue, 09 Feb 2021 01:00:07 GMT Server Apache Content-Type text/plain; charset=UTF-8 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=499 Content-Length 8839
GET H/1.1	200 OK	site.css moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/	65 KB 65 KB	233ms 219ms	Stylesheet text/css	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/site.css Requested by Host: moonshift.com URL: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `9ac51812f3c5052b6c14281e132a55b2c5603b4170e8440cca32ebbff26fe866` Request headers Referer http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:08 GMT Last-Modified Tue, 09 Feb 2021 01:00:07 GMT Server Apache Upgrade h2 Connection Upgrade, Keep-Alive Accept-Ranges bytes Content-Type text/css Keep-Alive timeout=2, max=500 Content-Length 66207
GET H/1.1	200 OK	logo.png moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/	8 KB 8 KB	117ms 117ms	Image image/png	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/logo.png Requested by Host: moonshift.com URL: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `ad62eb85667532488d032273c196c7ea1c10e0897223c4b66cd38b8c5e5215a4` Request headers Referer http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:08 GMT Last-Modified Tue, 09 Feb 2021 01:00:07 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=498 Content-Length 7719
GET H/1.1	200 OK	EmailLogo.png moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/	4 KB 4 KB	117ms 117ms	Image image/png	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/EmailLogo.png Requested by Host: moonshift.com URL: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `db86fe978fad3c304c1c8b6ab1f65f409c16137076caec52fdfba3a18fbeebdb` Request headers Referer http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:08 GMT Last-Modified Tue, 09 Feb 2021 01:00:07 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=497 Content-Length 3908
GET H/1.1	200 OK	print.css moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/	2 KB 2 KB	118ms 118ms	Stylesheet text/css	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/print.css Requested by Host: moonshift.com URL: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash `e384da2b74e0a93bfb683dca1c793fff75d2d71fdaaa3303f607bf1ffac32590` Request headers Referer http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:08 GMT Last-Modified Tue, 09 Feb 2021 01:00:07 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=499 Content-Length 1596
GET H/1.1	404 Not Found	OpenSans-Regular-webfont.woff moonshift.com/Content/_Fonts/	0 0	284ms 284ms	Font text/html	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://moonshift.com/Content/_Fonts/OpenSans-Regular-webfont.woff Requested by Host: moonshift.com URL: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/css.css Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / PHP/5.6.40 Resource Hash Request headers Origin http://moonshift.com Referer http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/css.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:08 GMT Server Apache X-Powered-By PHP/5.6.40 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <http://moonshift.com/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=2, max=496 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	Connections.woff moonshift.com/content/PRC384/_Fonts/	0 0	318ms 317ms	Font text/html	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://moonshift.com/content/PRC384/_Fonts/Connections.woff Requested by Host: moonshift.com URL: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/site.css Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / PHP/5.6.40 Resource Hash Request headers Origin http://moonshift.com Referer http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/site.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:08 GMT Server Apache X-Powered-By PHP/5.6.40 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <http://moonshift.com/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=2, max=498 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	OpenSans-Bold-webfont.woff moonshift.com/Content/_Fonts/	0 0	286ms 286ms	Font text/html	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://moonshift.com/Content/_Fonts/OpenSans-Bold-webfont.woff Requested by Host: moonshift.com URL: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/css.css Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / PHP/5.6.40 Resource Hash Request headers Origin http://moonshift.com Referer http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/css.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:08 GMT Server Apache X-Powered-By PHP/5.6.40 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <http://moonshift.com/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=2, max=499 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	OpenSans-Regular-webfont.ttf moonshift.com/Content/_Fonts/	0 0	226ms 226ms	Font text/html	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://moonshift.com/Content/_Fonts/OpenSans-Regular-webfont.ttf Requested by Host: moonshift.com URL: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/css.css Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / PHP/5.6.40 Resource Hash Request headers Origin http://moonshift.com Referer http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/css.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:09 GMT Server Apache X-Powered-By PHP/5.6.40 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <http://moonshift.com/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=2, max=498 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	OpenSans-Bold-webfont.ttf moonshift.com/Content/_Fonts/	0 0	255ms 254ms	Font text/html	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://moonshift.com/Content/_Fonts/OpenSans-Bold-webfont.ttf Requested by Host: moonshift.com URL: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/css.css Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / PHP/5.6.40 Resource Hash Request headers Origin http://moonshift.com Referer http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/css.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:09 GMT Server Apache X-Powered-By PHP/5.6.40 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <http://moonshift.com/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=2, max=496 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	Connections.ttf moonshift.com/content/PRC384/_Fonts/	0 0	240ms 239ms	Font text/html	67.43.9.3 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://moonshift.com/content/PRC384/_Fonts/Connections.ttf Requested by Host: moonshift.com URL: http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/site.css Protocol HTTP/1.1 Server 67.43.9.3 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / PHP/5.6.40 Resource Hash Request headers Origin http://moonshift.com Referer http://moonshift.com/wp-includes/blocks/ef81703bff3586ce6c5dfc834422ea80/index_files/site.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 09 Feb 2021 01:00:09 GMT Server Apache X-Powered-By PHP/5.6.40 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <http://moonshift.com/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=2, max=498 Expires Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

90 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

moonshift.com
www.edd.portal.edd.gov.ca.happycustomerreviews.app
192.64.118.56
67.43.9.3
42a0994f945e96989c7b09cd6d4c08fced929ce73f63396a83b3f071720c3c49
48647dd88d430041f63e7f7674cd0576e0f2f84ed9310cdbf0cf8073e30d01e3
6901c1ac9e6b8be482bacb7175c7a70765195a6d5940de04ae7361a07136e2b5
8332e9865442439990cc3f27b3e8a38c9b3bd5f548af382ae4fea0968181b4ff
8cdb11e45e5feb9caf122ce4ef454511465310d3d81f09fe29b34e9948677a8c
9125b08d73099fe6cc8ec181f39edc63439b48442010ec2635791578f9e3b4ed
9ac51812f3c5052b6c14281e132a55b2c5603b4170e8440cca32ebbff26fe866
9e83216908224ffbc39992a5e60f93ca21b8e2240ba28025ba679c4b70f7112d
ad62eb85667532488d032273c196c7ea1c10e0897223c4b66cd38b8c5e5215a4
cf5b381a36797698b3b4a23090a14ebd63b4d2478f31be04d0bcbfd53d421b87
db86fe978fad3c304c1c8b6ab1f65f409c16137076caec52fdfba3a18fbeebdb
ddff060109acf2b4a949d7aa4d0ee570e06da0d95752ab99e6fe571eefcc77d5
e384da2b74e0a93bfb683dca1c793fff75d2d71fdaaa3303f607bf1ffac32590

moonshift.com Open in urlscan Pro 67.43.9.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

1 Countries

527 kBTransfer

524 kBSize

0 Cookies

11 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

90 JavaScript Global Variables

0 Cookies

Indicators

moonshift.com Open in urlscan Pro
67.43.9.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

527 kB
Transfer

524 kB
Size

0
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!