praxispharmaceutical.com.co Open in urlscan Pro
50.62.142.99 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.yrcoder.com/redirect.php
Effective URL:
https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/
Submission Tags: falconsandbox
Submission: On October 15 via api (October 15th 2022, 7:45:33 am UTC) from US — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 14 HTTP transactions. The main IP is 50.62.142.99, located in United States and belongs to GO-DADDY-COM-LLC, US. The main domain is praxispharmaceutical.com.co.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 10th 2022. Valid for: 3 months.

This is the only time praxispharmaceutical.com.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 2	166.62.28.106 166.62.28.106	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
1	23.239.10.90 23.239.10.90	63949 (LINODE-AP...) (LINODE-AP Linode)
4 15	50.62.142.99 50.62.142.99	398101 (GO-DADDY-...) (GO-DADDY-COM-LLC)
1	2a00:86c0:209... 2a00:86c0:2091::1	() ()
14	4

2 166.62.28.106 (Singapore, Singapore) 1 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: 106.28.62.166.host.secureserver.net

www.yrcoder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.239.10.90 (Cedar Knolls, United States)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: nw68.fcomet.com

savemysquashplantsfromborers.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 50.62.142.99 (United States) 4 redirects

ASN398101 (GO-DADDY-COM-LLC, US)
PTR: 99.142.62.50.host.secureserver.net

praxispharmaceutical.com.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:86c0:2091::1 (None, )

ASN- ()

assets.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	praxispharmaceutical.com.co 4 redirects praxispharmaceutical.com.co	453 KB
2	yrcoder.com 1 redirects www.yrcoder.com	488 B
1	nflxext.com assets.nflxext.com	72 KB
1	savemysquashplantsfromborers.com savemysquashplantsfromborers.com	348 B
14	4

	Domain	Requested by
15	praxispharmaceutical.com.co	4 redirects praxispharmaceutical.com.co
2	www.yrcoder.com	1 redirects
1	assets.nflxext.com	praxispharmaceutical.com.co
1	savemysquashplantsfromborers.com
14	4

This site contains no links.

Subject Issuer	Validity	Valid
www.yrcoder.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-08-12` - `2023-08-13`	a year	crt.sh
savemysquashplantsfromborers.com R3	`2022-09-10` - `2022-12-09`	3 months	crt.sh
praxispharmaceutical.com.co cPanel, Inc. Certification Authority	`2022-10-10` - `2023-01-08`	3 months	crt.sh
*.1.nflxso.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2022-10-28`	a month	crt.sh

This page contains 1 frames:

Primary Page: https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/
Frame ID: 19EB882C6671770C0A4EB2456DF2A482
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.yrcoder.com/redirect.php HTTP 301
https://www.yrcoder.com/redirect.php Page URL
https://savemysquashplantsfromborers.com/redirect.php Page URL
https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix HTTP 301
https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ HTTP 302
https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f... HTTP 301
https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f... Page URL
https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f... HTTP 301
https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

525 kB
Transfer

1637 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.yrcoder.com/redirect.php HTTP 301
https://www.yrcoder.com/redirect.php Page URL
https://savemysquashplantsfromborers.com/redirect.php Page URL
https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix HTTP 301
https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ HTTP 302
https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e HTTP 301
https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/ Page URL
https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients HTTP 301
https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.yrcoder.com/redirect.php HTTP 301
https://www.yrcoder.com/redirect.php

Request Chain 2

https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix HTTP 301
https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ HTTP 302
https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e HTTP 301
https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	redirect.php Show response www.yrcoder.com/ Redirect Chain http://www.yrcoder.com/redirect.php https://www.yrcoder.com/redirect.php	197 B 240 B	750ms 254ms	Document text/html	166.62.28.106 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://www.yrcoder.com/redirect.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 166.62.28.106 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS 106.28.62.166.host.secureserver.net Software Apache / PHP/7.4.32 Resource Hash `28b66581792c82ba835c8927d7ba8c9b2efe7068c2555151aaac3b8deaa031ab` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-length 125 content-type text/html; charset=UTF-8 date Sat, 15 Oct 2022 07:45:25 GMT server Apache vary Accept-Encoding x-powered-by PHP/7.4.32 Redirect headers Connection Keep-Alive Content-Length 244 Content-Type text/html; charset=iso-8859-1 Date Sat, 15 Oct 2022 07:45:25 GMT Keep-Alive timeout=5 Location https://www.yrcoder.com/redirect.php Server Apache
GET H2	200	redirect.php Show response savemysquashplantsfromborers.com/	246 B 348 B	437ms 183ms	Document text/html	23.239.10.90 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL https://savemysquashplantsfromborers.com/redirect.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.239.10.90 Cedar Knolls, United States, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS nw68.fcomet.com Software Apache / PHP/7.2.34 Resource Hash `7a54498999e57c0e3955c8a78c78a8cc711afbabbf4efad450794c04179f059a` Request headers Referer https://www.yrcoder.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-type text/html; charset=UTF-8 date Sat, 15 Oct 2022 07:45:27 GMT server Apache x-powered-by PHP/7.2.34
GET H2	200	/ praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/ Redirect Chain https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/	151 B 133 B	161ms 161ms	Document text/html	50.62.142.99 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 50.62.142.99 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 99.142.62.50.host.secureserver.net Software Apache / PHP/7.4.30 Resource Hash Request headers Referer https://savemysquashplantsfromborers.com/redirect.php Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-length 103 content-type text/html; charset=UTF-8 date Sat, 15 Oct 2022 07:45:29 GMT server Apache vary Accept-Encoding x-powered-by PHP/7.4.30 Redirect headers content-length 332 content-type text/html; charset=iso-8859-1 date Sat, 15 Oct 2022 07:45:29 GMT location https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/ server Apache
GET H2	200	Primary Request / Show response praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ Redirect Chain https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/	15 KB 3 KB	1536ms 1536ms	Document text/html	50.62.142.99 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ Requested by Host: praxispharmaceutical.com.co URL: https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 50.62.142.99 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 99.142.62.50.host.secureserver.net Software Apache / PHP/7.4.30 Resource Hash `81f24c739356d0aeaf674f0e960eb169d68a78d7acec6a5bfda4748927f9aed3` Request headers Referer https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding br content-length 3419 content-type text/html; charset=UTF-8 date Sat, 15 Oct 2022 07:45:29 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache vary Accept-Encoding x-powered-by PHP/7.4.30 Redirect headers content-length 340 content-type text/html; charset=iso-8859-1 date Sat, 15 Oct 2022 07:45:29 GMT location https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ server Apache
GET H2	200	none.css praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/css/	15 KB 3 KB	153ms 152ms	Stylesheet text/css	50.62.142.99 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/css/none.css Requested by Host: praxispharmaceutical.com.co URL: https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 50.62.142.99 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 99.142.62.50.host.secureserver.net Software Apache / Resource Hash `b30650bcb993a63e2256cbcaa4f1c8179e04d23e95f997378c370ebf90d4a5b8` Request headers accept-language de-DE,de;q=0.9 Referer https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Sat, 15 Oct 2022 07:45:31 GMT content-encoding br last-modified Sat, 15 Oct 2022 07:45:29 GMT server Apache etag "2ac13d9-3a34-5eb0ded229489-br" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 2497
GET H2	200	none1.css praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/css/	172 KB 20 KB	451ms 449ms	Stylesheet text/css	50.62.142.99 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/css/none1.css Requested by Host: praxispharmaceutical.com.co URL: https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 50.62.142.99 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 99.142.62.50.host.secureserver.net Software Apache / Resource Hash `910da06c8f8c9e1b1c7f50b4ab5465384126f70b67ac34ffcee6dfb965ca364f` Request headers accept-language de-DE,de;q=0.9 Referer https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Sat, 15 Oct 2022 07:45:31 GMT content-encoding br last-modified Sat, 15 Oct 2022 07:45:29 GMT server Apache etag "2ac13d7-2b1ef-5eb0ded2290a1-br" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 20062
GET H2	200	styles__ltr.css praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/css/	127 KB 15 KB	302ms 301ms	Stylesheet text/css	50.62.142.99 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/css/styles__ltr.css Requested by Host: praxispharmaceutical.com.co URL: https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 50.62.142.99 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 99.142.62.50.host.secureserver.net Software Apache / Resource Hash `162fa9bcda32ad3e483b06770fe20d14ce68d756d821ef68316f9891cb6f3cc6` Request headers accept-language de-DE,de;q=0.9 Referer https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Sat, 15 Oct 2022 07:45:31 GMT content-encoding br last-modified Sat, 15 Oct 2022 07:45:29 GMT server Apache etag "2ac13d8-1fa89-5eb0ded229489-br" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 15335
GET H2	200	none2.js Show response praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/js/	13 KB 4 KB	153ms 153ms	Script application/javascript	50.62.142.99 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/js/none2.js Requested by Host: praxispharmaceutical.com.co URL: https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 50.62.142.99 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 99.142.62.50.host.secureserver.net Software Apache / Resource Hash `577a43544a8d0f2b1aaaf871f41085e29a011d9383600d0c045863b5e5631b30` Request headers accept-language de-DE,de;q=0.9 Referer https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Sat, 15 Oct 2022 07:45:31 GMT content-encoding br last-modified Sat, 15 Oct 2022 07:45:29 GMT server Apache etag "2ac13e1-334b-5eb0ded229c5a-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 3742
GET H2	200	none3.js Show response praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/js/	918 KB 250 KB	599ms 598ms	Script application/javascript	50.62.142.99 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/js/none3.js Requested by Host: praxispharmaceutical.com.co URL: https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 50.62.142.99 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 99.142.62.50.host.secureserver.net Software Apache / Resource Hash `82539c15ae6125e605492f4461bc13345f86acf661ed96526226cb06c053d44f` Request headers accept-language de-DE,de;q=0.9 Referer https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Sat, 15 Oct 2022 07:45:31 GMT content-encoding br last-modified Sat, 15 Oct 2022 07:45:29 GMT server Apache etag "2ac13de-e5866-5eb0ded229872-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes
GET H2	200	jquery.js Show response praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/js/	173 KB 37 KB	598ms 598ms	Script application/javascript	50.62.142.99 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/js/jquery.js Requested by Host: praxispharmaceutical.com.co URL: https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 50.62.142.99 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 99.142.62.50.host.secureserver.net Software Apache / Resource Hash `db23cdd0865ade174d9cd3efcca36d7b673c1ac509835459a8e57de1a602db9b` Request headers accept-language de-DE,de;q=0.9 Referer https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Sat, 15 Oct 2022 07:45:31 GMT content-encoding br last-modified Sat, 15 Oct 2022 07:45:29 GMT server Apache etag "2ac13df-2b2cb-5eb0ded229c5a-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 37300
GET H2	200	jquery.mask.js Show response praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/js/	16 KB 4 KB	153ms 152ms	Script application/javascript	50.62.142.99 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/js/jquery.mask.js Requested by Host: praxispharmaceutical.com.co URL: https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 50.62.142.99 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 99.142.62.50.host.secureserver.net Software Apache / Resource Hash `a45d589f4470fbca9f4047385d2bd6b9437969e4cb28b8625fcc532cb1c0b6e3` Request headers accept-language de-DE,de;q=0.9 Referer https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Sat, 15 Oct 2022 07:45:31 GMT content-encoding br last-modified Sat, 15 Oct 2022 07:45:29 GMT server Apache etag "2ac13dd-3efe-5eb0ded229489-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 3871
GET H2	200	main_bg.jpg praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/img/	115 KB 116 KB	153ms 151ms	Image image/jpeg	50.62.142.99 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/img/main_bg.jpg Requested by Host: praxispharmaceutical.com.co URL: https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 50.62.142.99 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 99.142.62.50.host.secureserver.net Software Apache / Resource Hash `2c5dfd4b9999a9e1b334b3f1f228c7d81254a119d174b8c33f32ae8d570a1829` Request headers accept-language de-DE,de;q=0.9 Referer https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Sat, 15 Oct 2022 07:45:32 GMT last-modified Sat, 15 Oct 2022 07:45:29 GMT server Apache accept-ranges bytes etag "2ac13c4-1ca8e-5eb0ded228cb9" content-length 117390 content-type image/jpeg
GET H2	200	logo_fb.png praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/img/	1 KB 1 KB	151ms 149ms	Image image/png	50.62.142.99 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/img/logo_fb.png Requested by Host: praxispharmaceutical.com.co URL: https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 50.62.142.99 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS 99.142.62.50.host.secureserver.net Software Apache / Resource Hash `3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece` Request headers accept-language de-DE,de;q=0.9 Referer https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Sat, 15 Oct 2022 07:45:32 GMT last-modified Sat, 15 Oct 2022 07:45:29 GMT server Apache accept-ranges bytes etag "2ac13d1-5af-5eb0ded2290a1" content-length 1455 content-type image/png
GET H/1.1	200 OK	nf-icon-v1-93.woff assets.nflxext.com/ffe/siteui/fonts/	72 KB 72 KB	49ms 9ms	Font font/woff	2a00:86c0:2091::1
General Check archive.org Show headers Download Go to Full URL https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff Requested by Host: praxispharmaceutical.com.co URL: https://praxispharmaceutical.com.co/api_prod/wp-content/themes/twentytwentyone/assets/backuppagenetfix/ae73e410f6061b5ca95e/clients/assets/css/none1.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:86c0:2091::1 -, , ASN (), Reverse DNS Software nginx / Resource Hash `98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d` Request headers Referer https://praxispharmaceutical.com.co/ Origin https://praxispharmaceutical.com.co accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Sat, 15 Oct 2022 07:45:32 GMT Last-Modified Mon, 29 Jan 2018 01:50:51 GMT Server nginx Content-MD5 fPYVbMSBJEtaJUNi17c/AA== Content-Type font/woff Access-Control-Allow-Origin * Cache-Control max-age=604801 Connection keep-alive Accept-Ranges bytes Content-Length 73572 Expires Sat, 22 Oct 2022 07:45:33 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.nflxext.com
praxispharmaceutical.com.co
savemysquashplantsfromborers.com
www.yrcoder.com
166.62.28.106
23.239.10.90
2a00:86c0:2091::1
50.62.142.99
162fa9bcda32ad3e483b06770fe20d14ce68d756d821ef68316f9891cb6f3cc6
28b66581792c82ba835c8927d7ba8c9b2efe7068c2555151aaac3b8deaa031ab
2c5dfd4b9999a9e1b334b3f1f228c7d81254a119d174b8c33f32ae8d570a1829
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
577a43544a8d0f2b1aaaf871f41085e29a011d9383600d0c045863b5e5631b30
7a54498999e57c0e3955c8a78c78a8cc711afbabbf4efad450794c04179f059a
81f24c739356d0aeaf674f0e960eb169d68a78d7acec6a5bfda4748927f9aed3
82539c15ae6125e605492f4461bc13345f86acf661ed96526226cb06c053d44f
910da06c8f8c9e1b1c7f50b4ab5465384126f70b67ac34ffcee6dfb965ca364f
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
a45d589f4470fbca9f4047385d2bd6b9437969e4cb28b8625fcc532cb1c0b6e3
b30650bcb993a63e2256cbcaa4f1c8179e04d23e95f997378c370ebf90d4a5b8
db23cdd0865ade174d9cd3efcca36d7b673c1ac509835459a8e57de1a602db9b

praxispharmaceutical.com.co Open in urlscan Pro 50.62.142.99 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

525 kBTransfer

1637 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

Indicators

praxispharmaceutical.com.co Open in urlscan Pro
50.62.142.99 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

525 kB
Transfer

1637 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!