winningaprize.com
Open in
urlscan Pro
2606:4700:3035::6815:34f8
Malicious Activity!
Private Scan
Submission: On November 10 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 23rd 2021. Valid for: a year.
This is the only time winningaprize.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 2606:4700:303... 2606:4700:3035::6815:34f8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 139.45.197.250 139.45.197.250 | 9002 (RETN-AS) (RETN-AS) | |
1 | 139.45.195.8 139.45.195.8 | 9002 (RETN-AS) (RETN-AS) | |
20 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
winningaprize.com
winningaprize.com |
119 KB |
3 |
beevakum.net
beevakum.net |
31 KB |
1 |
rtmark.net
my.rtmark.net |
545 B |
20 | 3 |
Domain | Requested by | |
---|---|---|
16 | winningaprize.com |
winningaprize.com
|
3 | beevakum.net |
winningaprize.com
beevakum.net |
1 | my.rtmark.net |
beevakum.net
|
20 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-08-23 - 2022-08-22 |
a year | crt.sh |
beevakum.net R3 |
2021-10-04 - 2022-01-02 |
3 months | crt.sh |
*.rtmark.net Sectigo RSA Domain Validation Secure Server CA |
2020-10-27 - 2021-11-26 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://winningaprize.com/tgwth/?city=Ashburn&brand=Desktop&model=Desktop&isp=Amazon.com&ip=34.200.11.22®ion=Ashburn&td=bestmegaoffer.com&browser=Chrome&target=apix07-argyleforrum.com&tsid=2&caid=112&clickid=1635730872.01-191194373-69509&target=apix07-argyleforrum.com&uclick=3v9r6jfe&uclickhash=3v9r6jfe-3v9r6jfe-gxi4-0-16dz-378n-37vr-3ed252
Frame ID: 796E84945BD95D131927FFABFEF242C6
Requests: 20 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
winningaprize.com/tgwth/ |
16 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
winningaprize.com/tgwth/ |
138 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style_ab.css
winningaprize.com/tgwth/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gicon.png
winningaprize.com/tgwth/ |
393 B 702 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6.2.jpg
winningaprize.com/tgwth/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.1.jpg
winningaprize.com/tgwth/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.1.jpg
winningaprize.com/tgwth/ |
1 KB 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6.1.jpg
winningaprize.com/tgwth/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.3.jpg
winningaprize.com/tgwth/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.3.jpg
winningaprize.com/tgwth/ |
1 KB 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6.3.jpg
winningaprize.com/tgwth/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cash750.png
winningaprize.com/tgwth/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
am-300.png
winningaprize.com/tgwth/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
winningaprize.com/tgwth/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.js
winningaprize.com/tgwth/ |
50 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
micro.tag.min.js
beevakum.net/pfe/current/ |
81 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
alert6.mp3
winningaprize.com/tgwth/ |
7 KB 7 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
zone
beevakum.net/ |
0 253 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gid.js
my.rtmark.net/ |
65 B 545 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zone
beevakum.net/ |
694 B 983 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| s function| getURLParameter function| dateOffset object| names function| $ function| jQuery object| bootstrap function| exit_a1 object| ntfcSDK object| zfgformats1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
my.rtmark.net/ | Name: ID Value: 348cfae79cae48c6bbafb8d9301321ab |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
beevakum.net
my.rtmark.net
winningaprize.com
139.45.195.8
139.45.197.250
2606:4700:3035::6815:34f8
0834b6d4c045d1aa056427cfcf77a18cffe3ae96cae811a6515dd56d9e8b37ee
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
373a308faf8a076378400765e2b039e798067657b96f18e4c88c77ad332222da
40574c9048a8d30f01cb38544730d3d6f2236eabcd44f950a11edd89716081a9
4163cede747f12629317d43006aa20dbf2d8d057d846c3554d4f17a838bea14d
44d4d8d7c0344545befeb14ae0d8e9a4eb2ad23e1744248a5a3ce5df3841eee6
48bea32ed48a26e4b3e2b83a6c205019bae6a4ca430d9a007703ebc48e3f3870
4fdb5a03ae3f26e801517144609db3589bd0835a686fe11dfe7afddcdb750ef8
52ace18a8f4ea845d3d20eea6ba071fbc85a41c6367da8a076755cce2772631f
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
7e9312e4c6f1e7c946abf1e32801822620ed74b382c5051f957d969476320630
990eafca55fbafef402f508b14a8adf23191ad999001b04a171352eb6987eea5
bf69892bb4e8053ee8a0cb0a4d9312041dea82c601992797cb8008a5a4f3aecf
c9025d2a9df8a92a831d271d1f2eac9cdee050f16b181644d8ef49022f3a0d47
e21d5a832c7307c149789d8df7434d929fc40f8b9ffe33a990b1a77d180310a6
e3ad131d7f22833bdbc33f38ef46742c70db4ffeeb816172489f420e18ce9b56
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7abdd218c062827d498da4961cfee7d570816d08e52a4f1806c09a421ad4a12
f3bd598c9d500a0a57f7692fd2482b2b4ce7bca8e53160da0329bed14caeee35
f652d10e005e53faaf03fffe8bf9b5905a5a1022880d8571a2f994749bc390cc