holidaygift.xyz Open in urlscan Pro
2606:4700:3036::ac43:8404 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://holidaygift.xyz/?fbclid=IwAR2IiYepe71tpLszT_6Ptfo5KDGxDhdY-6nxi_iyXpiQYRY1i-a6nfYdeaI_aem_AZpRf8NOzhWEiRW2wGp1_q...
Submission Tags: @phish_report
Submission: On March 16 via api (March 16th 2024, 1:51:40 am UTC) from FI — Scanned from FI

Summary HTTP 7 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 7 HTTP transactions. The main IP is 2606:4700:3036::ac43:8404, located in United States and belongs to CLOUDFLARENET, US. The main domain is holidaygift.xyz.
TLS certificate: Issued by GTS CA 1P5 on February 28th 2024. Valid for: 3 months.

This is the only time holidaygift.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
6	2606:4700:303... 2606:4700:3036::ac43:8404		13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2

6 2606:4700:3036::ac43:8404 (United States)

ASN13335 (CLOUDFLARENET, US)

holidaygift.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	holidaygift.xyz holidaygift.xyz	967 KB
0	Failed function sub() { [native code] }. Failed
7	2

	Domain	Requested by
6	holidaygift.xyz	holidaygift.xyz
0	pay Failed
7	2

This site contains no links.

Subject Issuer	Validity	Valid
holidaygift.xyz GTS CA 1P5	`2024-02-28` - `2024-05-28`	3 months	crt.sh

This page contains 1 frames:

Frame: phonepe://pay?ver=01&mode=02&pa=fcbizg1ehbz@freecharge&pn=PhonePeMerchant&439639658587&tr=439639667595;end&am=1997.00&cu=INR&tn=PPBL434e43c3421c87b12c86dcf610&mc=0000&purpose=00tn=b149ca57ac16d39594b46b9d2a8a&mode=02&purpose=00
Frame ID: 7FA74912880AE3099D17DEFF1BD61285
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Congratulations

Page Statistics

7
Requests

86 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

967 kB
Transfer

1009 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response holidaygift.xyz/	45 KB 29 KB	283ms 136ms	Document text/html	2606:4700:3036::ac43:8404 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://holidaygift.xyz/?fbclid=IwAR2IiYepe71tpLszT_6Ptfo5KDGxDhdY-6nxi_iyXpiQYRY1i-a6nfYdeaI_aem_AZpRf8NOzhWEiRW2wGp1_qs5lA0uN43icmhkD28pfF4jp1DgT8d6-zj5WQ4r_xNKJNStvyEGIH1h-SjcDkvH_IUK Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:8404 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7e67ea465264e78496b5664b02fddce8ae4ff6b22567634ffd862d7d3c16fa5c` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 86511956a95034c4-WAW content-encoding br content-type text/html date Sat, 16 Mar 2024 01:51:35 GMT last-modified Sun, 10 Mar 2024 12:36:27 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bHW7wx5asAnGHfVE49VawmDdVgbXO%2BgDhcZDO%2BiJw2gycTxEHWhaD3u2FehCM9OCSXExfGxE76GWmP8UdNUm%2FhzgnjiCVXVThndEMLw4qEVVH9un1utFSCHwwGNFiTy4kECHJgYZmIIdAg5o358%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	style.css holidaygift.xyz/	4 KB 1 KB	186ms 186ms	Stylesheet text/css	2606:4700:3036::ac43:8404 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://holidaygift.xyz/style.css Requested by Host: holidaygift.xyz URL: https://holidaygift.xyz/?fbclid=IwAR2IiYepe71tpLszT_6Ptfo5KDGxDhdY-6nxi_iyXpiQYRY1i-a6nfYdeaI_aem_AZpRf8NOzhWEiRW2wGp1_qs5lA0uN43icmhkD28pfF4jp1DgT8d6-zj5WQ4r_xNKJNStvyEGIH1h-SjcDkvH_IUK Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:8404 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `43537b59fc14f2a6feeca0765cfe205945e2e7bd3846d5cc3e2673d3be8e3988` Request headers accept-language fi-FI,fi;q=0.9 Referer https://holidaygift.xyz/?fbclid=IwAR2IiYepe71tpLszT_6Ptfo5KDGxDhdY-6nxi_iyXpiQYRY1i-a6nfYdeaI_aem_AZpRf8NOzhWEiRW2wGp1_qs5lA0uN43icmhkD28pfF4jp1DgT8d6-zj5WQ4r_xNKJNStvyEGIH1h-SjcDkvH_IUK User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Sat, 16 Mar 2024 01:51:35 GMT content-encoding br cf-cache-status REVALIDATED last-modified Sat, 02 Mar 2024 11:37:09 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F6JGa1F%2FMf%2B2pEw4Bis00tQ5opWi12d1p5G0kCVsVKgbVxEmTtfhWyddnbANrMxnG66VsAB0tEz1%2F0rWUhe%2FuMJ9tMONLRgIHIOJvaCFo0HbtIBsbd9686l5a42UmgtQPvwfCgIqH%2FDNgFEURFc%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 8651195789ba34c4-WAW alt-svc h3=":443"; ma=86400
GET H2	200	heaad.png holidaygift.xyz/	293 KB 293 KB	133ms 132ms	Image image/png	2606:4700:3036::ac43:8404 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://holidaygift.xyz/heaad.png Requested by Host: holidaygift.xyz URL: https://holidaygift.xyz/?fbclid=IwAR2IiYepe71tpLszT_6Ptfo5KDGxDhdY-6nxi_iyXpiQYRY1i-a6nfYdeaI_aem_AZpRf8NOzhWEiRW2wGp1_qs5lA0uN43icmhkD28pfF4jp1DgT8d6-zj5WQ4r_xNKJNStvyEGIH1h-SjcDkvH_IUK Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:8404 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `58eae8f8b211f3e270d927ad9dc25879c6ca55e5ff6c71294e584ab201c8fa65` Request headers accept-language fi-FI,fi;q=0.9 Referer https://holidaygift.xyz/?fbclid=IwAR2IiYepe71tpLszT_6Ptfo5KDGxDhdY-6nxi_iyXpiQYRY1i-a6nfYdeaI_aem_AZpRf8NOzhWEiRW2wGp1_qs5lA0uN43icmhkD28pfF4jp1DgT8d6-zj5WQ4r_xNKJNStvyEGIH1h-SjcDkvH_IUK User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Sat, 16 Mar 2024 01:51:35 GMT cf-cache-status REVALIDATED last-modified Sat, 02 Mar 2024 11:37:09 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7lms%2FMWIC7lS9hZjumQeUv2BXVvQOJHmXRmTIdRL18ncnMlWe5lkzZ%2BiH1z%2BWo8wqwG4p7oqhtS%2BmVNJahiwmwl6%2Bi0sFvOeR0H2G7W2AguAIsf34UOrt8TDNcmnLUSGvFGg7xCqljWBbGFd7S0%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 8651195789bb34c4-WAW alt-svc h3=":443"; ma=86400 content-length 299577
GET H2	200	popup.png holidaygift.xyz/	538 KB 539 KB	185ms 185ms	Image image/png	2606:4700:3036::ac43:8404 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://holidaygift.xyz/popup.png Requested by Host: holidaygift.xyz URL: https://holidaygift.xyz/?fbclid=IwAR2IiYepe71tpLszT_6Ptfo5KDGxDhdY-6nxi_iyXpiQYRY1i-a6nfYdeaI_aem_AZpRf8NOzhWEiRW2wGp1_qs5lA0uN43icmhkD28pfF4jp1DgT8d6-zj5WQ4r_xNKJNStvyEGIH1h-SjcDkvH_IUK Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:8404 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2023a391ca57eb8c4d1cdf5ea816fe5cbf6267924b736abdfa02c701a8fcd78d` Request headers accept-language fi-FI,fi;q=0.9 Referer https://holidaygift.xyz/?fbclid=IwAR2IiYepe71tpLszT_6Ptfo5KDGxDhdY-6nxi_iyXpiQYRY1i-a6nfYdeaI_aem_AZpRf8NOzhWEiRW2wGp1_qs5lA0uN43icmhkD28pfF4jp1DgT8d6-zj5WQ4r_xNKJNStvyEGIH1h-SjcDkvH_IUK User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Sat, 16 Mar 2024 01:51:35 GMT cf-cache-status REVALIDATED last-modified Sat, 02 Mar 2024 11:37:09 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JhY%2Fw4fazBZx9RAQ%2Fr%2FYJHUpuId3pHTMKUjGdrQA03j9Fo9BnlofeVOa%2By4RoWOeWEP1nS%2FluosenUN0KYvZsSDyiSLG7N4O2VHZRXLRlqgi14mRFqVPwd7P%2B9mFRUw%2FRHNw9fFwjVIhz1E1wN0%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 8651195789bc34c4-WAW alt-svc h3=":443"; ma=86400 content-length 551075
GET H3	200	Hindi.png holidaygift.xyz/	70 KB 71 KB	147ms 146ms	Image image/png	2606:4700:3036::ac43:8404 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://holidaygift.xyz/Hindi.png Requested by Host: holidaygift.xyz URL: https://holidaygift.xyz/?fbclid=IwAR2IiYepe71tpLszT_6Ptfo5KDGxDhdY-6nxi_iyXpiQYRY1i-a6nfYdeaI_aem_AZpRf8NOzhWEiRW2wGp1_qs5lA0uN43icmhkD28pfF4jp1DgT8d6-zj5WQ4r_xNKJNStvyEGIH1h-SjcDkvH_IUK Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8404 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4889dc7004778c695e7efdd707f8f89be9939f8ac96619d63ae120fbc0beb719` Request headers accept-language fi-FI,fi;q=0.9 Referer https://holidaygift.xyz/?fbclid=IwAR2IiYepe71tpLszT_6Ptfo5KDGxDhdY-6nxi_iyXpiQYRY1i-a6nfYdeaI_aem_AZpRf8NOzhWEiRW2wGp1_qs5lA0uN43icmhkD28pfF4jp1DgT8d6-zj5WQ4r_xNKJNStvyEGIH1h-SjcDkvH_IUK User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Sat, 16 Mar 2024 01:51:35 GMT cf-cache-status REVALIDATED last-modified Sat, 02 Mar 2024 11:37:09 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GxdJfyyx3b6E%2Bh6IbqsPa6leGwn%2F2rJMop101c%2F7DAdgBm%2Fxxn%2BsutBOMJIYI1EA2jBYbbJTKqWNWd7XtHCLgbu%2BERizbPChxE5sg1uoEqC0Frg0suB6p5MNtyqdT%2FJTRnwa0Y2%2BU%2F%2F%2FjgBcdqg%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 86511958bf543bc7-WAW alt-svc h3=":443"; ma=86400 content-length 71748
GET H3	200	YP-min.jpg holidaygift.xyz/	33 KB 33 KB	250ms 249ms	Image image/jpeg	2606:4700:3036::ac43:8404 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://holidaygift.xyz/YP-min.jpg Requested by Host: holidaygift.xyz URL: https://holidaygift.xyz/?fbclid=IwAR2IiYepe71tpLszT_6Ptfo5KDGxDhdY-6nxi_iyXpiQYRY1i-a6nfYdeaI_aem_AZpRf8NOzhWEiRW2wGp1_qs5lA0uN43icmhkD28pfF4jp1DgT8d6-zj5WQ4r_xNKJNStvyEGIH1h-SjcDkvH_IUK Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8404 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1ae5e3b569d9a2500433f9b266e7d4be19fc93ff8f4acebe64eefeee0d783118` Request headers accept-language fi-FI,fi;q=0.9 Referer https://holidaygift.xyz/?fbclid=IwAR2IiYepe71tpLszT_6Ptfo5KDGxDhdY-6nxi_iyXpiQYRY1i-a6nfYdeaI_aem_AZpRf8NOzhWEiRW2wGp1_qs5lA0uN43icmhkD28pfF4jp1DgT8d6-zj5WQ4r_xNKJNStvyEGIH1h-SjcDkvH_IUK User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Sat, 16 Mar 2024 01:51:35 GMT cf-cache-status MISS last-modified Sat, 02 Mar 2024 11:37:09 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q7q18ZnzE46%2B1DiN532A0UH53H9ghvOCJHfna458AthRbQ8GU2AegBE5nhT5QVA8VP3j7R70Xn%2ByZ22SdV50c7IV%2FqyfMcF1kcGWADJl1i2iG3BT3Y%2BmV9C7aE2kWZHWSVQ8D%2BKLo32U1b4ps%2BQ%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control max-age=14400 accept-ranges bytes cf-ray 86511958bf553bc7-WAW alt-svc h3=":443"; ma=86400 content-length 33799
GET DATA	200 OK	truncated /	23 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `3981ce8ce8573703ddf2a9a76942158a5b758810efe8482f3c18362d20ff8b1a` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d195b2bdfffd3e66d1b80920a94ebad44b309472388034cb7e374c0c82fde23b` Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Content-Type image/png
GET		phonepe://pay?ver=01&mode=02&pa=fcbizg1ehbz@freecharge&pn=PhonePeMerchant&439639658587&tr=439639667595;end&am=1997.00&cu=INR&tn=PPBL434e43c3421c87b12c86dcf610&mc=0000&purpose=00tn=b149ca57ac16d39594b46b9d2a8a&mode=02&purpose=00 phonepe://pay?ver=01&mode=02&pa=fcbizg1ehbz@freecharge&pn=PhonePeMerchant&439639658587&tr=439639667595;end&am=1997.00&cu=INR&tn=PPBL434e43c3421c87b12c86dcf610&mc=0000&purpose=00tn=b149ca57ac16d39594b46b9d2a8a&mode=02&purpose=00	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pay
URL: phonepe://pay?ver=01&mode=02&pa=fcbizg1ehbz@freecharge&pn=PhonePeMerchant&439639658587&tr=439639667595;end&am=1997.00&cu=INR&tn=PPBL434e43c3421c87b12c86dcf610&mc=0000&purpose=00tn=b149ca57ac16d39594b46b9d2a8a&mode=02&purpose=00

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| DoSomething function| SetMetaTag function| showPopup function| hidePopup

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

holidaygift.xyz
pay
pay
2606:4700:3036::ac43:8404
1ae5e3b569d9a2500433f9b266e7d4be19fc93ff8f4acebe64eefeee0d783118
2023a391ca57eb8c4d1cdf5ea816fe5cbf6267924b736abdfa02c701a8fcd78d
3981ce8ce8573703ddf2a9a76942158a5b758810efe8482f3c18362d20ff8b1a
43537b59fc14f2a6feeca0765cfe205945e2e7bd3846d5cc3e2673d3be8e3988
4889dc7004778c695e7efdd707f8f89be9939f8ac96619d63ae120fbc0beb719
58eae8f8b211f3e270d927ad9dc25879c6ca55e5ff6c71294e584ab201c8fa65
7e67ea465264e78496b5664b02fddce8ae4ff6b22567634ffd862d7d3c16fa5c
d195b2bdfffd3e66d1b80920a94ebad44b309472388034cb7e374c0c82fde23b

holidaygift.xyz Open in urlscan Pro 2606:4700:3036::ac43:8404 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

7 Requests

86 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

967 kBTransfer

1009 kBSize

0 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

0 Cookies

Indicators

holidaygift.xyz Open in urlscan Pro
2606:4700:3036::ac43:8404 Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

86 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

967 kB
Transfer

1009 kB
Size

0
Cookies

7 HTTP transactions
2 data transactions