Submitted URL: https://9tl.ru/K1JI7
Effective URL: https://palmluck.buzz/banking/
Submission: On September 15 via api from US

Summary

This website contacted 1 IPs in 5 countries across 5 domains to perform 25 HTTP transactions. The main IP is 190.115.18.246, located in Belize and belongs to DDOS-GUARD CORP., BZ. The main domain is palmluck.buzz.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 14th 2020. Valid for: 3 months.
This is the only time palmluck.buzz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Banking (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 195.13.215.59 12578 (APOLLO-AS...)
1 1 2a05:d014:286... 16509 (AMAZON-02)
1 1 176.119.30.22 30860 (YURTEH-AS)
1 26 190.115.18.246 262254 (DDOS-GUAR...)
25 1
Apex Domain
Subdomains
Transfer
26 palmluck.buzz
palmluck.buzz
345 KB
1 paymentcassa.xyz
paymentcassa.xyz
569 B
1 bemobtrk.com
7176w.bemobtrk.com
784 B
1 emlbest.com
trk.emlbest.com
569 B
1 9tl.ru
9tl.ru
785 B
25 5
Domain Requested by
26 palmluck.buzz 1 redirects palmluck.buzz
1 paymentcassa.xyz 1 redirects
1 7176w.bemobtrk.com 1 redirects
1 trk.emlbest.com 1 redirects
1 9tl.ru 1 redirects
25 5

This site contains no links.

Subject Issuer Validity Valid
palmluck.buzz
Let's Encrypt Authority X3
2020-09-14 -
2020-12-13
3 months crt.sh

This page contains 1 frames:

Primary Page: https://palmluck.buzz/banking/
Frame ID: 7F8E347D3F886D91CC97D673DD2BEBE8
Requests: 25 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://9tl.ru/K1JI7 HTTP 301
    http://trk.emlbest.com/ru/subscribe_confirm?hash=68rd4wouqyzy85o6zppe6ujs9aqmn9ftdhgk5yanthny4f9yqc... HTTP 302
    https://7176w.bemobtrk.com/go/f5d2cd24-8021-428f-83a0-11ae9701c394 HTTP 302
    https://paymentcassa.xyz/catalog?userId=15965342869363902&productId=15954098002106839 HTTP 301
    https://palmluck.buzz/banking HTTP 301
    http://palmluck.buzz/banking/ HTTP 307
    https://palmluck.buzz/banking/ Page URL

Page Statistics

25
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

1
IPs

5
Countries

345 kB
Transfer

444 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://9tl.ru/K1JI7 HTTP 301
    http://trk.emlbest.com/ru/subscribe_confirm?hash=68rd4wouqyzy85o6zppe6ujs9aqmn9ftdhgk5yanthny4f9yqchrnhhxhu9q65a4gqotttoucygwar&hash2=444 HTTP 302
    https://7176w.bemobtrk.com/go/f5d2cd24-8021-428f-83a0-11ae9701c394 HTTP 302
    https://paymentcassa.xyz/catalog?userId=15965342869363902&productId=15954098002106839 HTTP 301
    https://palmluck.buzz/banking HTTP 301
    http://palmluck.buzz/banking/ HTTP 307
    https://palmluck.buzz/banking/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
palmluck.buzz/banking/
Redirect Chain
  • https://9tl.ru/K1JI7
  • http://trk.emlbest.com/ru/subscribe_confirm?hash=68rd4wouqyzy85o6zppe6ujs9aqmn9ftdhgk5yanthny4f9yqchrnhhxhu9q65a4gqotttoucygwar&hash2=444
  • https://7176w.bemobtrk.com/go/f5d2cd24-8021-428f-83a0-11ae9701c394
  • https://paymentcassa.xyz/catalog?userId=15965342869363902&productId=15954098002106839
  • https://palmluck.buzz/banking
  • http://palmluck.buzz/banking/
  • https://palmluck.buzz/banking/
8 KB
3 KB
Document
General
Full URL
https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
e6cf9247eb9d4d2ca34a5b22a8011f740ba6d582d55f603bca1c4da45cbceee8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

:method
GET
:authority
palmluck.buzz
:scheme
https
:path
/banking/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__ddg1=JpHBzNVFnWhnfLX6y4Xa
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
server
ddos-guard
strict-transport-security
max-age=2628000
content-security-policy
upgrade-insecure-requests;
date
Tue, 15 Sep 2020 08:42:08 GMT
last-modified
Sun, 09 Aug 2020 00:09:36 GMT
etag
W/"1ebe-5ac66a73e4b52"
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-encoding
br
vary
Accept-Encoding

Redirect headers

Location
https://palmluck.buzz/banking/
Non-Authoritative-Reason
HSTS
trustuniEPbnk.css
palmluck.buzz/banking/
4 KB
774 B
Stylesheet
General
Full URL
https://palmluck.buzz/banking/trustuniEPbnk.css
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
f175f0beee2c45e190e07d8171e5bca9f96d14ea154440b3da82d4ba2a64fd91
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
content-encoding
br
last-modified
Sun, 09 Aug 2020 00:09:36 GMT
server
ddos-guard
etag
W/"e4f-5ac66a73e89d2"
vary
Accept-Encoding
content-type
text/css
status
200
date
Tue, 15 Sep 2020 08:42:08 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
index.css
palmluck.buzz/banking/
91 KB
8 KB
Stylesheet
General
Full URL
https://palmluck.buzz/banking/index.css
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
0ff0448cc3005328fd2365cf91c03b10f451e15f5718bebdae34c48174261bd3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
content-encoding
br
last-modified
Sun, 09 Aug 2020 00:09:36 GMT
server
ddos-guard
etag
W/"16c37-5ac66a73dda0a"
vary
Accept-Encoding
content-type
text/css
status
200
date
Tue, 15 Sep 2020 08:42:08 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
11.png
palmluck.buzz/banking/images/
33 KB
34 KB
Image
General
Full URL
https://palmluck.buzz/banking/images/11.png
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
0075174bdf083d22b69003025b3f6caeb9b3efe2526767c21d2ffb789bf48109
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
last-modified
Sun, 09 Aug 2020 00:09:35 GMT
server
ddos-guard
etag
"85a2-5ac66a73b3643"
content-type
image/png
status
200
date
Tue, 15 Sep 2020 08:42:09 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
content-length
34210
n1.png
palmluck.buzz/banking/images/
867 B
948 B
Image
General
Full URL
https://palmluck.buzz/banking/images/n1.png
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
7743b93bfe418d7c0daaf0911fb442de1e50ae11d8048864fa25db7a147edf6b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
last-modified
Sun, 09 Aug 2020 00:09:35 GMT
server
ddos-guard
etag
"363-5ac66a73ab943"
content-type
image/png
status
200
date
Tue, 15 Sep 2020 08:42:08 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
content-length
867
ftr8899.png
palmluck.buzz/banking/images/
9 KB
10 KB
Image
General
Full URL
https://palmluck.buzz/banking/images/ftr8899.png
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
41d82061b87b8339aaf1aef9dd32c3dbb8c1994bcaaf0716fdb8451b47b20a1f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
last-modified
Sun, 09 Aug 2020 00:09:35 GMT
server
ddos-guard
etag
"25db-5ac66a73d2272"
content-type
image/png
status
200
date
Tue, 15 Sep 2020 08:42:08 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
content-length
9691
1291-201904181109032.gif
palmluck.buzz/banking/images/
88 KB
88 KB
Image
General
Full URL
https://palmluck.buzz/banking/images/1291-201904181109032.gif
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
01334268dcf9acf9cf06d013256802ac5ae71c8c8dd3102eb39bc1e89a307d29
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
last-modified
Sun, 09 Aug 2020 00:09:35 GMT
server
ddos-guard
etag
"160d2-5ac66a73a961b"
content-type
image/gif
status
200
date
Tue, 15 Sep 2020 08:42:08 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
content-length
90322
verified-by-visa-logo.svg
palmluck.buzz/banking/
3 KB
2 KB
Image
General
Full URL
https://palmluck.buzz/banking/verified-by-visa-logo.svg
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
9212a8bed1938a6109be0258dfbcb60931d60b0259d399e249b6a34c13696bdd
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
content-encoding
br
last-modified
Sun, 09 Aug 2020 00:09:36 GMT
server
ddos-guard
etag
W/"dc6-5ac66a73ed7f2"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
date
Tue, 15 Sep 2020 08:42:08 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
mastercard-secure-code-2016.svg
palmluck.buzz/banking/
13 KB
5 KB
Image
General
Full URL
https://palmluck.buzz/banking/mastercard-secure-code-2016.svg
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
2ce089b517a8559f8ed0aa90caea5e1707650add0f73f6a8154daa842d5d7ed6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
content-encoding
br
last-modified
Sun, 09 Aug 2020 00:09:36 GMT
server
ddos-guard
etag
W/"3586-5ac66a73dbeb2"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
date
Tue, 15 Sep 2020 08:42:09 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
fca-regulated.png
palmluck.buzz/banking/images/
3 KB
3 KB
Image
General
Full URL
https://palmluck.buzz/banking/images/fca-regulated.png
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
ea0b1c5dc1558c5461a8ea624ec765aeaaa940a9ab993511764482113046b517
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
last-modified
Sun, 09 Aug 2020 00:09:35 GMT
server
ddos-guard
etag
"db5-5ac66a73b45e3"
content-type
image/png
status
200
date
Tue, 15 Sep 2020 08:42:09 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
content-length
3509
bltick.png
palmluck.buzz/banking/images/
2 KB
2 KB
Image
General
Full URL
https://palmluck.buzz/banking/images/bltick.png
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
c5ebdf18386412cab54216d97a4b908d467b0710dccc137661030c5488795f04
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
last-modified
Sun, 09 Aug 2020 00:09:35 GMT
server
ddos-guard
etag
"6af-5ac66a73ca572"
content-type
image/png
status
200
date
Tue, 15 Sep 2020 08:42:08 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
content-length
1711
img0009.png
palmluck.buzz/banking/images/
282 B
330 B
Image
General
Full URL
https://palmluck.buzz/banking/images/img0009.png
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
5d436540aa29aff5d390c9835d4b567f2fb1592b6d6fe7617c773fa9932846e1
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
last-modified
Sun, 09 Aug 2020 00:09:35 GMT
server
ddos-guard
etag
"11a-5ac66a73ccc82"
content-type
image/png
status
200
date
Tue, 15 Sep 2020 08:42:08 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
content-length
282
113.png
palmluck.buzz/banking/images/
5 KB
5 KB
Image
General
Full URL
https://palmluck.buzz/banking/images/113.png
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
4835f303e137faa6cabdfec2ce6528d277f5978e5a8928fac4630ecb909e59a2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
last-modified
Sun, 09 Aug 2020 00:09:35 GMT
server
ddos-guard
etag
"13e0-5ac66a73bf992"
content-type
image/png
status
200
date
Tue, 15 Sep 2020 08:42:08 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
content-length
5088
img0014.png
palmluck.buzz/banking/images/
2 KB
2 KB
Image
General
Full URL
https://palmluck.buzz/banking/images/img0014.png
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
d3fb4bc8dc0f390a225e831b13eb87f1269cc6bc8a75f6faa488d629255a1701
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
last-modified
Sun, 09 Aug 2020 00:09:35 GMT
server
ddos-guard
etag
"6f7-5ac66a73ca18a"
content-type
image/png
status
200
date
Tue, 15 Sep 2020 08:42:08 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
content-length
1783
logo_blue.png
palmluck.buzz/banking/images/
605 B
655 B
Image
General
Full URL
https://palmluck.buzz/banking/images/logo_blue.png
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
c0620157eaca321164b33c0879a350c4fb38ed05f6857677a21f9fb4d28b202f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
last-modified
Sun, 09 Aug 2020 00:09:35 GMT
server
ddos-guard
etag
"25d-5ac66a73a4413"
content-type
image/png
status
200
date
Tue, 15 Sep 2020 08:42:08 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
content-length
605
img0006.png
palmluck.buzz/banking/images/
233 B
282 B
Image
General
Full URL
https://palmluck.buzz/banking/images/img0006.png
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
2b37a9cfae3aec838fd20b03d76ed964cd6690d7e2b07ea6e3c15ed042231b39
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
last-modified
Sun, 09 Aug 2020 00:09:35 GMT
server
ddos-guard
etag
"e9-5ac66a73bedda"
content-type
image/png
status
200
date
Tue, 15 Sep 2020 08:42:08 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
content-length
233
img0001.png
palmluck.buzz/banking/images/
2 KB
2 KB
Image
General
Full URL
https://palmluck.buzz/banking/images/img0001.png
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
7e32f5c5c2eac447529192b5eb32029283b2cb45f1f3ad6f54d2ea8342935b5a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
last-modified
Sun, 09 Aug 2020 00:09:35 GMT
server
ddos-guard
etag
"8d7-5ac66a73b1703"
content-type
image/png
status
200
date
Tue, 15 Sep 2020 08:42:10 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
content-length
2263
img0013.png
palmluck.buzz/banking/images/
3 KB
3 KB
Image
General
Full URL
https://palmluck.buzz/banking/images/img0013.png
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
4b3809a80be876bdefd4eb66252e55e193499c5c77aae1a4dd8e9c687448f1e8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
last-modified
Sun, 09 Aug 2020 00:09:35 GMT
server
ddos-guard
etag
"a96-5ac66a73b4db3"
content-type
image/png
status
200
date
Tue, 15 Sep 2020 08:42:10 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
content-length
2710
B7Qh_OGIgAMzeE9.png%20large.png
palmluck.buzz/banking/images/
44 KB
44 KB
Image
General
Full URL
https://palmluck.buzz/banking/images/B7Qh_OGIgAMzeE9.png%20large.png
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
1a51271a2e4ed6f1022f323e14d7d254c6580485db901f26a30f3cfefbcdea9b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
last-modified
Sun, 09 Aug 2020 00:09:35 GMT
server
ddos-guard
etag
"afa6-5ac66a73a7ac3"
content-type
image/png
status
200
date
Tue, 15 Sep 2020 08:42:08 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
content-length
44966
MSR-1110231784.png
palmluck.buzz/banking/images/
39 KB
39 KB
Image
General
Full URL
https://palmluck.buzz/banking/images/MSR-1110231784.png
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
6d94ffea9556956578b07c893020c98cd5fc9d134c14f7f072c461eb94149f22
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
last-modified
Sun, 09 Aug 2020 00:09:35 GMT
server
ddos-guard
etag
"9a4a-5ac66a73d0332"
content-type
image/png
status
200
date
Tue, 15 Sep 2020 08:42:10 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
content-length
39498
img0010.png
palmluck.buzz/banking/images/
233 B
282 B
Image
General
Full URL
https://palmluck.buzz/banking/images/img0010.png
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
2b37a9cfae3aec838fd20b03d76ed964cd6690d7e2b07ea6e3c15ed042231b39
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Referer
https://palmluck.buzz/banking/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
last-modified
Sun, 09 Aug 2020 00:09:35 GMT
server
ddos-guard
etag
"e9-5ac66a73c3bfa"
content-type
image/png
status
200
date
Tue, 15 Sep 2020 08:42:10 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
content-length
233
GothamPro-Light.html
palmluck.buzz/banking/
14 KB
14 KB
Font
General
Full URL
https://palmluck.buzz/banking/GothamPro-Light.html
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/trustuniEPbnk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
995567caefcbbc6d9a447e9246e59da7863eb844836d048073c4e5099cb7d005
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Origin
https://palmluck.buzz
Referer
https://palmluck.buzz/banking/trustuniEPbnk.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
content-encoding
br
last-modified
Sun, 09 Aug 2020 00:09:36 GMT
server
ddos-guard
etag
W/"387c-5ac66a740898a"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
status
200
date
Tue, 15 Sep 2020 08:42:08 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
MicraDi.html
palmluck.buzz/banking/
10 KB
10 KB
Font
General
Full URL
https://palmluck.buzz/banking/MicraDi.html
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/trustuniEPbnk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
e7ac2871db7d8a7d1f925d66bed0d09ac0ec43103c827b8f51ca24afb71dd1c0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Origin
https://palmluck.buzz
Referer
https://palmluck.buzz/banking/trustuniEPbnk.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
content-encoding
br
last-modified
Sun, 09 Aug 2020 00:09:35 GMT
server
ddos-guard
etag
W/"2758-5ac66a7396953"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
status
200
date
Tue, 15 Sep 2020 08:42:08 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
DroidSans.html
palmluck.buzz/banking/
49 KB
49 KB
Font
General
Full URL
https://palmluck.buzz/banking/DroidSans.html
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/trustuniEPbnk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
7346fa2af89b79704bbe3fb05d211b3150c9b67fa8ce8ac625cd4e68c12abc01
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Origin
https://palmluck.buzz
Referer
https://palmluck.buzz/banking/trustuniEPbnk.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
content-encoding
br
last-modified
Sun, 09 Aug 2020 00:09:35 GMT
server
ddos-guard
etag
W/"c378-5ac66a7394dfb"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
status
200
date
Tue, 15 Sep 2020 08:42:08 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
GothamPro-Light-2.html
palmluck.buzz/banking/
20 KB
20 KB
Font
General
Full URL
https://palmluck.buzz/banking/GothamPro-Light-2.html
Requested by
Host: palmluck.buzz
URL: https://palmluck.buzz/banking/trustuniEPbnk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
190.115.18.246 , Belize, ASN262254 (DDOS-GUARD CORP., BZ),
Reverse DNS
owner.bityoung.net
Software
ddos-guard /
Resource Hash
7c06e26b61d2b90b2665e12ab9bbcb1b2cf1563bea5cca21792981a8ce5206ad
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Request headers

Origin
https://palmluck.buzz
Referer
https://palmluck.buzz/banking/trustuniEPbnk.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=2628000
content-encoding
br
last-modified
Sun, 09 Aug 2020 00:09:36 GMT
server
ddos-guard
etag
W/"4ff0-5ac66a73d9b8a"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
status
200
date
Tue, 15 Sep 2020 08:42:09 GMT
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Banking (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| get_cookie undefined| url function| noselect

1 Cookies

Domain/Path Name / Value
.palmluck.buzz/ Name: __ddg1
Value: JpHBzNVFnWhnfLX6y4Xa

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=2628000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

7176w.bemobtrk.com
9tl.ru
palmluck.buzz
paymentcassa.xyz
trk.emlbest.com
176.119.30.22
190.115.18.246
195.13.215.59
2606:4700:3035::681b:bca6
2a05:d014:286:3502:280f:5c03:88aa:6d81
0075174bdf083d22b69003025b3f6caeb9b3efe2526767c21d2ffb789bf48109
01334268dcf9acf9cf06d013256802ac5ae71c8c8dd3102eb39bc1e89a307d29
0ff0448cc3005328fd2365cf91c03b10f451e15f5718bebdae34c48174261bd3
1a51271a2e4ed6f1022f323e14d7d254c6580485db901f26a30f3cfefbcdea9b
2b37a9cfae3aec838fd20b03d76ed964cd6690d7e2b07ea6e3c15ed042231b39
2ce089b517a8559f8ed0aa90caea5e1707650add0f73f6a8154daa842d5d7ed6
41d82061b87b8339aaf1aef9dd32c3dbb8c1994bcaaf0716fdb8451b47b20a1f
4835f303e137faa6cabdfec2ce6528d277f5978e5a8928fac4630ecb909e59a2
4b3809a80be876bdefd4eb66252e55e193499c5c77aae1a4dd8e9c687448f1e8
5d436540aa29aff5d390c9835d4b567f2fb1592b6d6fe7617c773fa9932846e1
6d94ffea9556956578b07c893020c98cd5fc9d134c14f7f072c461eb94149f22
7346fa2af89b79704bbe3fb05d211b3150c9b67fa8ce8ac625cd4e68c12abc01
7743b93bfe418d7c0daaf0911fb442de1e50ae11d8048864fa25db7a147edf6b
7c06e26b61d2b90b2665e12ab9bbcb1b2cf1563bea5cca21792981a8ce5206ad
7e32f5c5c2eac447529192b5eb32029283b2cb45f1f3ad6f54d2ea8342935b5a
9212a8bed1938a6109be0258dfbcb60931d60b0259d399e249b6a34c13696bdd
995567caefcbbc6d9a447e9246e59da7863eb844836d048073c4e5099cb7d005
c0620157eaca321164b33c0879a350c4fb38ed05f6857677a21f9fb4d28b202f
c5ebdf18386412cab54216d97a4b908d467b0710dccc137661030c5488795f04
d3fb4bc8dc0f390a225e831b13eb87f1269cc6bc8a75f6faa488d629255a1701
e6cf9247eb9d4d2ca34a5b22a8011f740ba6d582d55f603bca1c4da45cbceee8
e7ac2871db7d8a7d1f925d66bed0d09ac0ec43103c827b8f51ca24afb71dd1c0
ea0b1c5dc1558c5461a8ea624ec765aeaaa940a9ab993511764482113046b517
f175f0beee2c45e190e07d8171e5bca9f96d14ea154440b3da82d4ba2a64fd91