valenciamedicare.com
Open in
urlscan Pro
192.185.129.96
Malicious Activity!
Public Scan
Submission: On May 28 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by R3 on May 21st 2022. Valid for: 3 months.
This is the only time valenciamedicare.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
13 | 192.185.129.96 192.185.129.96 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 1 | 2600:9000:215... 2600:9000:2156:3200:10:7abf:f800:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2606:50c0:800... 2606:50c0:8001::153 | 54113 (FASTLY) (FASTLY) | |
14 | 2 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: bh-ht-4.webhostbox.net
valenciamedicare.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
valenciamedicare.com
valenciamedicare.com |
4 MB |
2 |
sitepoint.com
1 redirects
www.sitepoint.com — Cisco Umbrella Rank: 216186 i2.sitepoint.com |
6 KB |
14 | 2 |
Domain | Requested by | |
---|---|---|
13 | valenciamedicare.com |
valenciamedicare.com
|
1 | i2.sitepoint.com |
valenciamedicare.com
|
1 | www.sitepoint.com | 1 redirects |
14 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.valenciamedicare.com R3 |
2022-05-21 - 2022-08-19 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://valenciamedicare.com/cgi-etc/login.php
Frame ID: 0D6C88E02533D3E1669A791C62A77BE0
Requests: 14 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js HTTP 301
- https://i2.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.php
valenciamedicare.com/cgi-etc/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MaskedPassword.js
i2.sitepoint.com/examples/password/MaskedPassword/ Redirect Chain
|
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ff1.png
valenciamedicare.com/cgi-etc/images/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s2.gif
valenciamedicare.com/cgi-etc/images/ |
4 MB 4 MB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ff2.png
valenciamedicare.com/cgi-etc/images/ |
255 KB 255 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ff3.png
valenciamedicare.com/cgi-etc/images/ |
166 KB 166 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ff4.png
valenciamedicare.com/cgi-etc/images/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ff5.png
valenciamedicare.com/cgi-etc/images/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ff6.png
valenciamedicare.com/cgi-etc/images/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ff7.png
valenciamedicare.com/cgi-etc/images/ |
30 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ff8.png
valenciamedicare.com/cgi-etc/images/ |
28 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ff9.png
valenciamedicare.com/cgi-etc/images/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ff.png
valenciamedicare.com/cgi-etc/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sgon.png
valenciamedicare.com/cgi-etc/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| MaskedPassword function| unhideBody0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
i2.sitepoint.com
valenciamedicare.com
www.sitepoint.com
192.185.129.96
2600:9000:2156:3200:10:7abf:f800:93a1
2606:50c0:8001::153
0287688c1a03f9ee32eaec33a3e24be1fbdd039fcf7ef58eb43e4ed21ae5d216
0fdf3bf4d3f4599953b1b9af6dbcf8d84dd59a54d56697cfcc8f470b237be3c1
19db4703d53a15d2ca0a6324d874878e1c4e4140e9513ea105a2cb687a9e9dcb
218274bc3781fa4fa892ba7f4df01bd21710c28c8c642e19b12e004229910cfc
2a46f92860e27a2ad304168f2e4414726d27f98e8dc693a1749f6ce3ac23f386
2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825
5c6ca93e2b4cb0a42e1bfa3acf3f4d3015b03f3066b2085eb633f6cab42d1c98
7cb975cd0cb1b85ac1bf4440cdf470aca2f3e17d6b129a551929e58e3e41e0ac
825ad5c3888d1258a089867f52fb5f4e761be17dcda67145e4e63dace1a636df
89370b5e6b2d98ab3b5daff9692788c644a9167d48d3289a1e8a31c1fe4a1e2a
a782fce93b7c95c5e36e08b266a52c51b67438823d8c2f384eb340c53f04bbb3
ba67f7b8ce117086ade4179628b07fde9ff69855c86e0307bd1627865694c099
bd268773838d20c10c43124e1e83721d7fa6ced89c4e9aea2d662b74ec7c2b51
e5db48339ab4decfc894d8f8d93d07f692809959b5ae49f4da8573b9d3d6c84f