palmluck.buzz
Open in
urlscan Pro
190.115.18.246
Malicious Activity!
Public Scan
Effective URL: https://palmluck.buzz/banking/
Submission: On September 15 via api from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on September 14th 2020. Valid for: 3 months.
This is the only time palmluck.buzz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Banking (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3035::681b:bca6 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 195.13.215.59 195.13.215.59 | 12578 (APOLLO-AS...) (APOLLO-AS Latvia) | |
1 1 | 2a05:d014:286... 2a05:d014:286:3502:280f:5c03:88aa:6d81 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 176.119.30.22 176.119.30.22 | 30860 (YURTEH-AS) (YURTEH-AS) | |
1 26 | 190.115.18.246 190.115.18.246 | 262254 (DDOS-GUAR...) (DDOS-GUARD CORP.) | |
25 | 1 |
ASN16509 (AMAZON-02, US)
7176w.bemobtrk.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
26 |
palmluck.buzz
1 redirects
palmluck.buzz |
345 KB |
1 |
paymentcassa.xyz
1 redirects
paymentcassa.xyz |
569 B |
1 |
bemobtrk.com
1 redirects
7176w.bemobtrk.com |
784 B |
1 |
emlbest.com
1 redirects
trk.emlbest.com |
569 B |
1 |
9tl.ru
1 redirects
9tl.ru |
785 B |
25 | 5 |
Domain | Requested by | |
---|---|---|
26 | palmluck.buzz |
1 redirects
palmluck.buzz
|
1 | paymentcassa.xyz | 1 redirects |
1 | 7176w.bemobtrk.com | 1 redirects |
1 | trk.emlbest.com | 1 redirects |
1 | 9tl.ru | 1 redirects |
25 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
palmluck.buzz Let's Encrypt Authority X3 |
2020-09-14 - 2020-12-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://palmluck.buzz/banking/
Frame ID: 7F8E347D3F886D91CC97D673DD2BEBE8
Requests: 25 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://9tl.ru/K1JI7
HTTP 301
http://trk.emlbest.com/ru/subscribe_confirm?hash=68rd4wouqyzy85o6zppe6ujs9aqmn9ftdhgk5yanthny4f9yqc... HTTP 302
https://7176w.bemobtrk.com/go/f5d2cd24-8021-428f-83a0-11ae9701c394 HTTP 302
https://paymentcassa.xyz/catalog?userId=15965342869363902&productId=15954098002106839 HTTP 301
https://palmluck.buzz/banking HTTP 301
http://palmluck.buzz/banking/ HTTP 307
https://palmluck.buzz/banking/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://9tl.ru/K1JI7
HTTP 301
http://trk.emlbest.com/ru/subscribe_confirm?hash=68rd4wouqyzy85o6zppe6ujs9aqmn9ftdhgk5yanthny4f9yqchrnhhxhu9q65a4gqotttoucygwar&hash2=444 HTTP 302
https://7176w.bemobtrk.com/go/f5d2cd24-8021-428f-83a0-11ae9701c394 HTTP 302
https://paymentcassa.xyz/catalog?userId=15965342869363902&productId=15954098002106839 HTTP 301
https://palmluck.buzz/banking HTTP 301
http://palmluck.buzz/banking/ HTTP 307
https://palmluck.buzz/banking/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
palmluck.buzz/banking/ Redirect Chain
|
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
trustuniEPbnk.css
palmluck.buzz/banking/ |
4 KB 774 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
palmluck.buzz/banking/ |
91 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
11.png
palmluck.buzz/banking/images/ |
33 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
n1.png
palmluck.buzz/banking/images/ |
867 B 948 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ftr8899.png
palmluck.buzz/banking/images/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1291-201904181109032.gif
palmluck.buzz/banking/images/ |
88 KB 88 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
verified-by-visa-logo.svg
palmluck.buzz/banking/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mastercard-secure-code-2016.svg
palmluck.buzz/banking/ |
13 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fca-regulated.png
palmluck.buzz/banking/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bltick.png
palmluck.buzz/banking/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0009.png
palmluck.buzz/banking/images/ |
282 B 330 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
113.png
palmluck.buzz/banking/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0014.png
palmluck.buzz/banking/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_blue.png
palmluck.buzz/banking/images/ |
605 B 655 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0006.png
palmluck.buzz/banking/images/ |
233 B 282 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0001.png
palmluck.buzz/banking/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0013.png
palmluck.buzz/banking/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
B7Qh_OGIgAMzeE9.png%20large.png
palmluck.buzz/banking/images/ |
44 KB 44 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MSR-1110231784.png
palmluck.buzz/banking/images/ |
39 KB 39 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img0010.png
palmluck.buzz/banking/images/ |
233 B 282 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GothamPro-Light.html
palmluck.buzz/banking/ |
14 KB 14 KB |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MicraDi.html
palmluck.buzz/banking/ |
10 KB 10 KB |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DroidSans.html
palmluck.buzz/banking/ |
49 KB 49 KB |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GothamPro-Light-2.html
palmluck.buzz/banking/ |
20 KB 20 KB |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Banking (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| get_cookie undefined| url function| noselect1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.palmluck.buzz/ | Name: __ddg1 Value: JpHBzNVFnWhnfLX6y4Xa |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests; |
Strict-Transport-Security | max-age=2628000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
7176w.bemobtrk.com
9tl.ru
palmluck.buzz
paymentcassa.xyz
trk.emlbest.com
176.119.30.22
190.115.18.246
195.13.215.59
2606:4700:3035::681b:bca6
2a05:d014:286:3502:280f:5c03:88aa:6d81
0075174bdf083d22b69003025b3f6caeb9b3efe2526767c21d2ffb789bf48109
01334268dcf9acf9cf06d013256802ac5ae71c8c8dd3102eb39bc1e89a307d29
0ff0448cc3005328fd2365cf91c03b10f451e15f5718bebdae34c48174261bd3
1a51271a2e4ed6f1022f323e14d7d254c6580485db901f26a30f3cfefbcdea9b
2b37a9cfae3aec838fd20b03d76ed964cd6690d7e2b07ea6e3c15ed042231b39
2ce089b517a8559f8ed0aa90caea5e1707650add0f73f6a8154daa842d5d7ed6
41d82061b87b8339aaf1aef9dd32c3dbb8c1994bcaaf0716fdb8451b47b20a1f
4835f303e137faa6cabdfec2ce6528d277f5978e5a8928fac4630ecb909e59a2
4b3809a80be876bdefd4eb66252e55e193499c5c77aae1a4dd8e9c687448f1e8
5d436540aa29aff5d390c9835d4b567f2fb1592b6d6fe7617c773fa9932846e1
6d94ffea9556956578b07c893020c98cd5fc9d134c14f7f072c461eb94149f22
7346fa2af89b79704bbe3fb05d211b3150c9b67fa8ce8ac625cd4e68c12abc01
7743b93bfe418d7c0daaf0911fb442de1e50ae11d8048864fa25db7a147edf6b
7c06e26b61d2b90b2665e12ab9bbcb1b2cf1563bea5cca21792981a8ce5206ad
7e32f5c5c2eac447529192b5eb32029283b2cb45f1f3ad6f54d2ea8342935b5a
9212a8bed1938a6109be0258dfbcb60931d60b0259d399e249b6a34c13696bdd
995567caefcbbc6d9a447e9246e59da7863eb844836d048073c4e5099cb7d005
c0620157eaca321164b33c0879a350c4fb38ed05f6857677a21f9fb4d28b202f
c5ebdf18386412cab54216d97a4b908d467b0710dccc137661030c5488795f04
d3fb4bc8dc0f390a225e831b13eb87f1269cc6bc8a75f6faa488d629255a1701
e6cf9247eb9d4d2ca34a5b22a8011f740ba6d582d55f603bca1c4da45cbceee8
e7ac2871db7d8a7d1f925d66bed0d09ac0ec43103c827b8f51ca24afb71dd1c0
ea0b1c5dc1558c5461a8ea624ec765aeaaa940a9ab993511764482113046b517
f175f0beee2c45e190e07d8171e5bca9f96d14ea154440b3da82d4ba2a64fd91