![](/screenshots/891a3000-604e-436b-bd5c-ea731a4da064.png)
sneakeropen.com
Open in
urlscan Pro
2607:f1c0:869:1100::58:4181
Malicious Activity!
Public Scan
Effective URL: https://sneakeropen.com/wpad/signin.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=fb8948683f6848234e5329739acc8f37cf3...
Submission: On November 17 via manual from IN
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on November 8th 2020. Valid for: 3 months.
This is the only time sneakeropen.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: GoDaddy (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 4 | 2607:f1c0:869... 2607:f1c0:869:1100::58:4181 | 8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48) | |
5 | 92.123.6.69 92.123.6.69 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 2606:4700::68... 2606:4700::6810:125e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2600:3c01::f0... 2600:3c01::f03c:91ff:fe79:43b | 63949 (LINODE-AP...) (LINODE-AP Linode) | |
10 | 4 |
ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)
sneakeropen.com |
ASN16625 (AKAMAI-AS, US)
PTR: a92-123-6-69.deploy.static.akamaitechnologies.com
img1.wsimg.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
wsimg.com
img1.wsimg.com |
131 KB |
4 |
sneakeropen.com
1 redirects
sneakeropen.com |
63 KB |
1 |
jsonip.com
jsonip.com |
453 B |
1 |
cloudflare.com
cdnjs.cloudflare.com |
64 KB |
10 | 4 |
Domain | Requested by | |
---|---|---|
5 | img1.wsimg.com |
sneakeropen.com
|
4 | sneakeropen.com |
1 redirects
sneakeropen.com
|
1 | jsonip.com |
cdnjs.cloudflare.com
|
1 | cdnjs.cloudflare.com |
sneakeropen.com
|
10 | 4 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sneakeropen.com Let's Encrypt Authority X3 |
2020-11-08 - 2021-02-06 |
3 months | crt.sh |
*.wsimg.com Starfield Secure Certificate Authority - G2 |
2020-09-22 - 2021-10-24 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-21 - 2021-10-20 |
a year | crt.sh |
jsonip.com Let's Encrypt Authority X3 |
2020-10-26 - 2021-01-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://sneakeropen.com/wpad/signin.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=fb8948683f6848234e5329739acc8f37cf333c50e4184ae89910d92bcff980ac7fc77c57
Frame ID: 4669D44ADED1FDC007FEEC0881649543
Requests: 10 HTTP requests in this frame
Screenshot
![](/screenshots/891a3000-604e-436b-bd5c-ea731a4da064.png)
Page URL History Show full URLs
-
https://sneakeropen.com/wpad/index.php
HTTP 303
https://sneakeropen.com/wpad/signin.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=fb8948683f68482... Page URL
Detected technologies
Detected patterns
- url /\.php(?:$|\?)/i
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
60 Outgoing links
These are links going to different origins than the main page.
Title: Argentina - Español
Search URL Search Domain Scan URL
Title: Australia - English
Search URL Search Domain Scan URL
Title: België - Nederlands
Search URL Search Domain Scan URL
Title: Belgique - Français
Search URL Search Domain Scan URL
Title: Brasil - Português
Search URL Search Domain Scan URL
Title: Canada - English
Search URL Search Domain Scan URL
Title: Canada - Français
Search URL Search Domain Scan URL
Title: Chile - Español
Search URL Search Domain Scan URL
Title: Colombia - Español
Search URL Search Domain Scan URL
Title: Danmark - Dansk
Search URL Search Domain Scan URL
Title: Deutschland - Deutsch
Search URL Search Domain Scan URL
Title: España - Español
Search URL Search Domain Scan URL
Title: Estados Unidos - Español
Search URL Search Domain Scan URL
Title: France - Français
Search URL Search Domain Scan URL
Title: Hong Kong - English
Search URL Search Domain Scan URL
Title: India - English
Search URL Search Domain Scan URL
Title: India - मराठी
Search URL Search Domain Scan URL
Title: India - हिंदी
Search URL Search Domain Scan URL
Title: India - தமிழ்
Search URL Search Domain Scan URL
Title: Indonesia - Bahasa Indonesia
Search URL Search Domain Scan URL
Title: Ireland - English
Search URL Search Domain Scan URL
Title: Israel - English
Search URL Search Domain Scan URL
Title: Italia - Italiano
Search URL Search Domain Scan URL
Title: Malaysia - English
Search URL Search Domain Scan URL
Title: México - Español
Search URL Search Domain Scan URL
Title: Nederland - Nederlands
Search URL Search Domain Scan URL
Title: New Zealand - English
Search URL Search Domain Scan URL
Title: Norge - Bokmål
Search URL Search Domain Scan URL
Title: Österreich - Deutsch
Search URL Search Domain Scan URL
Title: Pakistan - English
Search URL Search Domain Scan URL
Title: Perú - Español
Search URL Search Domain Scan URL
Title: Philippines - English
Search URL Search Domain Scan URL
Title: Polska - Polski
Search URL Search Domain Scan URL
Title: Portugal - Português
Search URL Search Domain Scan URL
Title: Schweiz - Deutsch
Search URL Search Domain Scan URL
Title: Singapore - English
Search URL Search Domain Scan URL
Title: South Africa - English
Search URL Search Domain Scan URL
Title: Suisse - Français
Search URL Search Domain Scan URL
Title: Suomi - Suomi
Search URL Search Domain Scan URL
Title: Sverige - Svenska
Search URL Search Domain Scan URL
Title: Svizzera - Italiano
Search URL Search Domain Scan URL
Title: Türkiye - Türkçe
Search URL Search Domain Scan URL
Title: United Arab Emirates - English
Search URL Search Domain Scan URL
Title: United Kingdom - English
Search URL Search Domain Scan URL
Title: United States - English
Search URL Search Domain Scan URL
Title: Venezuela - Español
Search URL Search Domain Scan URL
Title: Việt Nam - Tiếng Việt
Search URL Search Domain Scan URL
Title: Ελλάδα - Ελληνικά
Search URL Search Domain Scan URL
Title: Россия - Русский
Search URL Search Domain Scan URL
Title: Україна - Українська
Search URL Search Domain Scan URL
Title: ไทย - ไทย
Search URL Search Domain Scan URL
Title: 대한민국 - 한국어
Search URL Search Domain Scan URL
Title: 台灣 - 繁體中文
Search URL Search Domain Scan URL
Title: 新加坡 - 简体中文
Search URL Search Domain Scan URL
Title: 日本 - 日本語
Search URL Search Domain Scan URL
Title: 香港 - 繁體中文
Search URL Search Domain Scan URL
Title: Phone numbers and hours
Search URL Search Domain Scan URL
Title: Get Help
Search URL Search Domain Scan URL
Title: I forgot
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://sneakeropen.com/wpad/index.php
HTTP 303
https://sneakeropen.com/wpad/signin.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=fb8948683f6848234e5329739acc8f37cf333c50e4184ae89910d92bcff980ac7fc77c57 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
signin.php
sneakeropen.com/wpad/ Redirect Chain
|
80 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uxfont.woff2
img1.wsimg.com/ux/fonts/uxfont/2.0/ |
12 KB 12 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Boing-Bold.woff2
img1.wsimg.com/ux/fonts/boing/1.0/ |
28 KB 28 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gd-sage-bold.woff2
img1.wsimg.com/ux/fonts/gd-sage/1.0/ |
39 KB 39 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gdsherpa-bold.woff2
img1.wsimg.com/ux/fonts/sherpa/1.0/ |
25 KB 25 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gdsherpa-regular.woff2
img1.wsimg.com/ux/fonts/sherpa/1.0/ |
26 KB 26 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uxcore2.min.css
sneakeropen.com/wpad/files/ |
226 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utilityheader.min.css
sneakeropen.com/wpad/files/ |
71 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/ |
257 KB 64 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
jsonip.com/ |
152 B 453 B |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: GoDaddy (Online)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| _expDataLayer object| sso string| split function| $ function| jQuery function| getIPAddress string| x2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
sneakeropen.com/ | Name: PHPSESSID Value: 67971ef50a6198c5c6ce04ad1b26e686 |
|
sneakeropen.com/wpad | Name: ip11 Value: 2a01:4f8:192:5414::2 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
img1.wsimg.com
jsonip.com
sneakeropen.com
2600:3c01::f03c:91ff:fe79:43b
2606:4700::6810:125e
2607:f1c0:869:1100::58:4181
92.123.6.69
49f6c1034e3661e29c5de12d1c97e489565c7d55fec513c2668a57329367e082
4e729cb03aae3843f08d49b187de566cce586da0b384787cc304dbe43a713b70
7ee688fedf0159fc1dcfeb6a84beb51be032f1cc15e5457815409ac7b5aee31e
87c0f2934654d71243acb7e4fe45c610dc93eef0ccf6e1d5de01c1ef7f06daf5
89e3135e8430b71c9470eebafc1bb498233cdde661240a03d3e864fb59a890be
8eb3cb67ef2f0f1b76167135cef6570a409c79b23f0bc0ede71c9a4018f1408a
a976c28db56ea7a1e01ccb2b67f9ad923a0cfae8e0be17d0037b29ebb0e6c270
ce3d9ff9283c62ed687f679116162a2c49df8173d887f2fc8b12df6289a1856f
d696161389a0ad742ffa68fca525065b3ce23441cce36a1a1ff73579e52120d7
eea4ba381f8d7a4f4ae45955d0ea0d6e27839112f805a4883ffe36f0303bd825