plasma-audio.com
Open in
urlscan Pro
2606:4700:3033::ac43:9ab4
Malicious Activity!
Public Scan
Effective URL: https://plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/
Submission Tags: 6961440
Submission: On February 10 via api from NL
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 6th 2020. Valid for: a year.
This is the only time plasma-audio.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Saudi Post (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 59.106.171.15 59.106.171.15 | 9370 (SAKURA-B ...) (SAKURA-B SAKURA Internet Inc.) | |
1 | 2606:4700:303... 2606:4700:3033::6815:10d8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6810:a823 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.22.52.65 104.22.52.65 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 22 | 2606:4700:303... 2606:4700:3033::ac43:9ab4 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
26 | 5 |
ASN9370 (SAKURA-B SAKURA Internet Inc., JP)
PTR: www2005.sakura.ne.jp
tsunagari.sakura.ne.jp |
ASN13335 (CLOUDFLARENET, US)
secure.statcounter.com | |
c.statcounter.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
plasma-audio.com
1 redirects
plasma-audio.com |
186 KB |
2 |
statcounter.com
secure.statcounter.com c.statcounter.com |
13 KB |
1 |
cloudflare.com
ajax.cloudflare.com |
5 KB |
1 |
nullrefer.com
nullrefer.com |
1 KB |
1 |
sakura.ne.jp
tsunagari.sakura.ne.jp |
335 B |
26 | 5 |
Domain | Requested by | |
---|---|---|
22 | plasma-audio.com |
1 redirects
plasma-audio.com
|
1 | c.statcounter.com |
secure.statcounter.com
|
1 | secure.statcounter.com |
ajax.cloudflare.com
|
1 | ajax.cloudflare.com |
nullrefer.com
|
1 | nullrefer.com |
tsunagari.sakura.ne.jp
|
1 | tsunagari.sakura.ne.jp | |
26 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.paytabs.com |
mci.gov.sa |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.sakura.ne.jp Gehirn Managed Certification Authority - RSA DV |
2020-05-28 - 2022-05-28 |
2 years | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-07-06 - 2021-07-06 |
a year | crt.sh |
ajax.cloudflare.com DigiCert ECC Secure Server CA |
2020-08-11 - 2022-08-16 |
2 years | crt.sh |
us-dallas.statcounter.com Sectigo RSA Domain Validation Secure Server CA |
2020-10-13 - 2021-11-13 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/
Frame ID: 8121BE7FCFFDD903B451B25799CE2334
Requests: 26 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://tsunagari.sakura.ne.jp/hp/wp-includes/css/js/index.php Page URL
- https://nullrefer.com/?https://plasma-audio.com/wp-content/Die-Post/ch/ni/ Page URL
-
https://plasma-audio.com/wp-content/Die-Post/ch/ni/
HTTP 302
https://plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/ Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Bootstrap (Web Frameworks) Expand
Detected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Terms & Conditions
Search URL Search Domain Scan URL
Title: mci.gov.sa
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://tsunagari.sakura.ne.jp/hp/wp-includes/css/js/index.php Page URL
- https://nullrefer.com/?https://plasma-audio.com/wp-content/Die-Post/ch/ni/ Page URL
-
https://plasma-audio.com/wp-content/Die-Post/ch/ni/
HTTP 302
https://plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
index.php
tsunagari.sakura.ne.jp/hp/wp-includes/css/js/ |
236 B 335 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
nullrefer.com/ |
836 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rocket-loader.min.js
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ |
12 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
counter.js
secure.statcounter.com/counter/ |
38 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/ Redirect Chain
|
16 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t.php
c.statcounter.com/ |
377 B 553 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.css
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
134 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom.css
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
2 KB 767 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans.css
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
1 KB 545 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading_payment.gif
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
11 KB 11 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
62617_1589791686.jpg
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
106 KB 107 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cards.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p1.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p2.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p3.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
credit-cards.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
visa-icon.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
master-card-icon.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sadad-en-2016.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rotate-device.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
express-checkout.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem8YaGs126MiZpBA-UFVZ0b.woff2
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem5YaGs126MiZpBA-UNirkOUuhp.woff2
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Saudi Post (Government)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| $cc1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.plasma-audio.com/ | Name: __cfduid Value: dcf6144c0b568f6593985fa3c953874791612952466 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.cloudflare.com
c.statcounter.com
nullrefer.com
plasma-audio.com
secure.statcounter.com
tsunagari.sakura.ne.jp
104.22.52.65
2606:4700:3033::6815:10d8
2606:4700:3033::ac43:9ab4
2606:4700::6810:a823
59.106.171.15
04f1232c00f86d3a342a5c8ced4594bc17c64f25b96519b196f603af4a2f2382
0d38c2901f916ed13747352b787d6335ded7fa0096b030577e753111f24f337f
24659c763d595a3c543648ecce68060e3d9c6af0100991017278498d66ad8d6d
2d51360026652a6b018b5352b94965275d863ffb104b4aa75197043d3105a020
4f5cb44eaf44171c773db823b43d2f71b143ab0ccd73dafe2d4da75a9b527fba
5432b59decde382eae206cbe12dee7dd05ca9dcacb67f027a59b6a97a4379f07
704f42f2b8d5c2cf34161340102f38f70ead0a89f3a616b6f2c3ec1f500de3bd
8a67af5b95d4b4ff29b868b7d5ff794db7f269dfa67e43249f1053a874385b6e
8cab535899226d06d469729ec985b9e6c3d02839580011dd3f2bc2496cb95217
8dda1f5573ab398e6e557a6219ec0d837ff4da16cf1ae23e598e57879af6f41a
92eda55cfcd4423dfa402b96ec7c4c4016e6299d06ef3f0393862c4216304d04
95ca2aecfd0c06c7c138910cd402deb49c713befd6e335e7270d8877b18bd125
a5ca036a508c4c10c3b1d0c1aa0bfd155ccffe2a63ed248fc1b22aaba1399a39
a60a31e4e77b8fb6360b986653ac24762db5249892d8907099b7109d2194110c
a6c46c09291b11b56ec8272f62213a7e29ed57ad13e943a61a7588a029bd65fa
a7a929e9986ff28daf0d6e93093ca394c33aabb143b6351a5e8ef6bc2a15f88a
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
bc74a9bd2c5f0b80ed89a44aade16452923be510caa69247f77b9122e27dd42e
d5dce38263f5759f49f991a2a50098a91aa82ba3ce5a2eb33a66ea2a29855feb
e981a7d8f07e0a8c1955d960a85f511fb9d77325c58346d3a84c60925204ea70
fd420bd53afb73813efe037efbe844409d1323b9652a6c7fe784f19757e15b24