www.wealthmaster.us
Open in
urlscan Pro
95.179.163.113
Malicious Activity!
Public Scan
Effective URL: https://www.wealthmaster.us/mx-prensas-ayub/?user=82.102.18.251&camp=829&device=Desktop&brand=Immediate%20Edge&ts=3&lpkey=16...
Submission Tags: falconsandbox
Submission: On January 20 via api from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on November 5th 2020. Valid for: 3 months.
This is the only time www.wealthmaster.us was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Investment Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 47.254.134.165 47.254.134.165 | 45102 (CNNIC-ALI...) (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co.) | |
14 | 95.179.163.113 95.179.163.113 | 20473 (AS-CHOOPA) (AS-CHOOPA) | |
14 | 1 |
ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN)
securedoffer.live |
ASN20473 (AS-CHOOPA, US)
PTR: 95.179.163.113.vultr.com
www.wealthmaster.us |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
wealthmaster.us
www.wealthmaster.us |
1 MB |
1 |
securedoffer.live
1 redirects
securedoffer.live |
465 B |
14 | 2 |
Domain | Requested by | |
---|---|---|
14 | www.wealthmaster.us |
www.wealthmaster.us
|
1 | securedoffer.live | 1 redirects |
14 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.securedredirect.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.wealthmaster.us Let's Encrypt Authority X3 |
2020-11-05 - 2021-02-03 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.wealthmaster.us/mx-prensas-ayub/?user=82.102.18.251&camp=829&device=Desktop&brand=Immediate%20Edge&ts=3&lpkey=166b11db1861482e88&uclick=9rc8heh9&uclickhash=9rc8heh9-9rc8heh9-3v3y-0-xoho-hehqfe-he16vr-50e81c
Frame ID: FA57A45E5CB6F706A6BA6F86338D1DE7
Requests: 14 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://securedoffer.live/click.php?acc=accname&adid=76003877490157&campaign=MX&device=c&key=a9jbcrm13...
HTTP 302
https://www.wealthmaster.us/mx-prensas-ayub/?user=82.102.18.251&camp=829&device=Desktop&brand=Immediate%... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Bootstrap (Web Frameworks) Expand
Detected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://securedoffer.live/click.php?acc=accname&adid=76003877490157&campaign=MX&device=c&key=a9jbcrm13ru449bygzar&kwd=Canad%C3%A1&matchtype=p&msclkid=8e03a09033f71f982327ff71062773bc&term=icefields%2Bparkway%2Balberta%2Bcanada
HTTP 302
https://www.wealthmaster.us/mx-prensas-ayub/?user=82.102.18.251&camp=829&device=Desktop&brand=Immediate%20Edge&ts=3&lpkey=166b11db1861482e88&uclick=9rc8heh9&uclickhash=9rc8heh9-9rc8heh9-3v3y-0-xoho-hehqfe-he16vr-50e81c Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.wealthmaster.us/mx-prensas-ayub/ Redirect Chain
|
11 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1ed7dc888b969ade8c2daf5636185025_1.js.download
www.wealthmaster.us/mx-prensas-ayub/ |
49 KB 49 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.css
www.wealthmaster.us/mx-prensas-ayub/ |
148 KB 148 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.css
www.wealthmaster.us/mx-prensas-ayub/ |
17 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
www.wealthmaster.us/mx-prensas-ayub/ |
8 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js.download
www.wealthmaster.us/mx-prensas-ayub/ |
274 KB 274 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sendpulse-prompt.min.css
www.wealthmaster.us/mx-prensas-ayub/ |
49 KB 50 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header-top.jpg
www.wealthmaster.us/mx-prensas-ayub/ |
40 KB 40 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header-nav.jpg
www.wealthmaster.us/mx-prensas-ayub/ |
43 KB 43 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
as-seen-on-image-ES-2.jpg
www.wealthmaster.us/mx-prensas-ayub/ |
45 KB 45 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
juanr1.jpg
www.wealthmaster.us/mx-prensas-ayub/ |
157 KB 157 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ayub-proof.jpg
www.wealthmaster.us/mx-prensas-ayub/ |
82 KB 82 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
juanr3.jpg
www.wealthmaster.us/mx-prensas-ayub/ |
31 KB 31 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
muskbranson.jpg
www.wealthmaster.us/mx-prensas-ayub/ |
160 KB 160 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Investment Scam (Online)26 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| oSpPOptions function| oSendpulsePush object| oSpP function| UAParser object| JqueryWs function| $ function| jQuery string| nfirst string| nlast string| img1 string| img2 string| img3 string| occ string| offer object| dayNames object| monthNames object| now0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
securedoffer.live
www.wealthmaster.us
47.254.134.165
95.179.163.113
27136be39109fe6e068dae618e286dfd3f6c7dae2b18417b79815bcf1e290d57
369a13f3c619589aff9c54fdf48d00f88ba94e1dac853b4248818513cb59e795
442917bfeb8eeac18c3034d2ae1c3ef162d6e78fe882ae24d2586a9ae039edda
50b0010a63d5ede70e4e7c8e005892248e19117182e7634f89c956bbc23ac69b
6212c7cf3213efcab08d653a4538b6f8d6485ca3fdb76df45a2eaeae4f85afdf
62d3d8f058b2d2e1d81499b045bca6970f29e9e745c1879410bfe5a892d9f7f9
9280b4cda8f8003d52aeb30a35b0ff81412424b4b06bc8320a5de84ee170f6c1
ac5be729e769900056f513d63fb8b47ae04f593269a13f7880da48416e8c4da5
b7be9e12bbba1b904b68af4b643ac8bde1b3a7b0d552362cd2ab5bc6ab75b473
c8a1916b926cd4b7d835be3541eae14be4fdf839357e701bd1e104378975e59e
d2a7964e688d996d99b4a6c62b3fda969793f26b47c73c8bb19cd5e87a62c65f
df31e1e4cf505f35c4d314d7d8611d33f046c439516e21538ba28db7acdf547f
e512e617f165e2106b73148cc13e2c1cd864c7e93533d25a84f7110c7a5c3c45
fef38b2c0dfe904786c7a371b5e20e4b66f253466fcba3b7c29a1b19707c43be