plugins.nitrointeractive.dev Open in urlscan Pro
64.227.102.18 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://plugins.nitrointeractive.dev/
Submission Tags: phishingrod
Submission: On October 14 via api (October 14th 2023, 7:00:41 am UTC) from DE — Scanned from DE

Summary HTTP 7 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 7 HTTP transactions. The main IP is 64.227.102.18, located in Santa Clara, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is plugins.nitrointeractive.dev.
TLS certificate: Issued by R3 on October 14th 2023. Valid for: 3 months.

This is the only time plugins.nitrointeractive.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	64.227.102.18 64.227.102.18	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	52.202.162.91 52.202.162.91	14618 (AMAZON-AES) (AMAZON-AES)
7	3

5 64.227.102.18 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: plugins.nitrointeractive.dev

plugins.nitrointeractive.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.202.162.91 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-202-162-91.compute-1.amazonaws.com

boards.greenhouse.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	nitrointeractive.dev plugins.nitrointeractive.dev	57 KB
1	greenhouse.io boards.greenhouse.io — Cisco Umbrella Rank: 52057	2 KB
7	2

	Domain	Requested by
5	plugins.nitrointeractive.dev	plugins.nitrointeractive.dev
1	boards.greenhouse.io	plugins.nitrointeractive.dev
7	2

This site contains links to these domains. Also see Links.

Domain
wordpress.org

Subject Issuer	Validity	Valid
plugins.nitrointeractive.dev R3	`2023-10-14` - `2024-01-12`	3 months	crt.sh
*.greenhouse.io R3	`2023-09-28` - `2023-12-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://plugins.nitrointeractive.dev/
Frame ID: D30D9A7CDA21E1A60C344E0B000C6A44
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WordPress Plugin Repository – Just another WordPress site

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Page Statistics

7
Requests

86 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

60 kB
Transfer

374 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://wordpress.org/
Title: Proudly powered by WordPress.

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
plugins.nitrointeractive.dev/ 22 KB
6 KB 696ms
270ms Document
text/html 64.227.102.18
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins.nitrointeractive.dev/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 64.227.102.18 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: plugins.nitrointeractive.dev
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 9983e2fa0ef604fa5c0ecb2c51d3367ee234613ce8696b70098699aaad9a1e2b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 5891
Content-Type: text/html; charset=UTF-8
Date: Sat, 14 Oct 2023 07:00:36 GMT
Keep-Alive: timeout=5, max=100
Link: <https://plugins.nitrointeractive.dev/wp-json/>; rel="https://api.w.org/"
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding

GET
H/1.1 200
OK style.min.css
plugins.nitrointeractive.dev/wp-includes/css/dist/block-library/ 102 KB
14 KB 185ms
184ms Stylesheet
text/css 64.227.102.18
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins.nitrointeractive.dev/wp-includes/css/dist/block-library/style.min.css?ver=6.3
Requested by: Host: plugins.nitrointeractive.dev
URL: https://plugins.nitrointeractive.dev/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 64.227.102.18 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: plugins.nitrointeractive.dev
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 67447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://plugins.nitrointeractive.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Sat, 14 Oct 2023 07:00:36 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Aug 2023 00:08:10 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "19824-602eaf96afda2-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 13841

GET
H/1.1 200
OK style.css
plugins.nitrointeractive.dev/wp-content/themes/twentynineteen/ 221 KB
31 KB 379ms
193ms Stylesheet
text/css 64.227.102.18
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins.nitrointeractive.dev/wp-content/themes/twentynineteen/style.css?ver=2.1
Requested by: Host: plugins.nitrointeractive.dev
URL: https://plugins.nitrointeractive.dev/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 64.227.102.18 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: plugins.nitrointeractive.dev
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 08f947bb1f582c830533b84a686422e3f2482916fd04ff6f5eda9fd411b8db8e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://plugins.nitrointeractive.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Sat, 14 Oct 2023 07:00:36 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Aug 2023 00:08:10 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "37334-602eaf9683e81-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 31062

GET
H2 200 js Show response
boards.greenhouse.io/embed/job_board/ 5 KB
2 KB 463ms
183ms Script
text/html 52.202.162.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://boards.greenhouse.io/embed/job_board/js?for=samsungsemiconductor

Requested by

Host: plugins.nitrointeractive.dev
URL: https://plugins.nitrointeractive.dev/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.202.162.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-202-162-91.compute-1.amazonaws.com

Software

Resource Hash

19470e5dbc5a2e3d07b055956393cded895a2f881b0c07cf41dc4fcea1633aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://plugins.nitrointeractive.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-runtime: 0.035254
date: Sat, 14 Oct 2023 07:00:37 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
etag: W/"19470e5dbc5a2e3d07b055956393cded"
x-download-options: noopen
vary: Accept-Encoding
content-type: text/html; charset=utf-8
cache-control: max-age=0, private, must-revalidate
x-xss-protection: 1; mode=block
x-request-id: 16d8f558b7e4528bcc9f464e57187e8e

GET
H/1.1 200
OK print.css
plugins.nitrointeractive.dev/wp-content/themes/twentynineteen/ 4 KB
2 KB 523ms
182ms Stylesheet
text/css 64.227.102.18
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins.nitrointeractive.dev/wp-content/themes/twentynineteen/print.css?ver=2.1
Requested by: Host: plugins.nitrointeractive.dev
URL: https://plugins.nitrointeractive.dev/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 64.227.102.18 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: plugins.nitrointeractive.dev
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 3988e225a811f9523107de1c8098a49adf8cf3a302df020382c696168bc5cda5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://plugins.nitrointeractive.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Sat, 14 Oct 2023 07:00:37 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Aug 2023 00:08:10 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "f6d-602eaf9683e81-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1209

GET
BLOB 200
OK 4082d49d-fae1-4325-8610-46011b17505c
https://plugins.nitrointeractive.dev/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://plugins.nitrointeractive.dev/4082d49d-fae1-4325-8610-46011b17505c
Requested by: Host: plugins.nitrointeractive.dev
URL: https://plugins.nitrointeractive.dev/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
DATA 200
OK truncated
/ 808 B
808 B Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0e82505b30144c1df925f9e2b41576a1126a9168e5a2d7f4913f6304763dcdc8

Request headers

Referer
Origin: https://plugins.nitrointeractive.dev
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
plugins.nitrointeractive.dev/wp-includes/js/ 18 KB
5 KB 183ms
182ms Script
application/javascript 64.227.102.18
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins.nitrointeractive.dev/wp-includes/js/wp-emoji-release.min.js?ver=6.3
Requested by: Host: plugins.nitrointeractive.dev
URL: https://plugins.nitrointeractive.dev/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 64.227.102.18 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: plugins.nitrointeractive.dev
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://plugins.nitrointeractive.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Sat, 14 Oct 2023 07:00:37 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Aug 2023 00:08:10 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "4904-602eaf9696761-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 5039

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

boards.greenhouse.io
plugins.nitrointeractive.dev
52.202.162.91
64.227.102.18
08f947bb1f582c830533b84a686422e3f2482916fd04ff6f5eda9fd411b8db8e
0e82505b30144c1df925f9e2b41576a1126a9168e5a2d7f4913f6304763dcdc8
19470e5dbc5a2e3d07b055956393cded895a2f881b0c07cf41dc4fcea1633aa4
3988e225a811f9523107de1c8098a49adf8cf3a302df020382c696168bc5cda5
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
67447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694
9983e2fa0ef604fa5c0ecb2c51d3367ee234613ce8696b70098699aaad9a1e2b

plugins.nitrointeractive.dev Open in urlscan Pro 64.227.102.18 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

7 Requests

86 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

60 kBTransfer

374 kBSize

0 Cookies

1 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

0 Cookies

Indicators

plugins.nitrointeractive.dev Open in urlscan Pro
64.227.102.18 Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

86 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

60 kB
Transfer

374 kB
Size

0
Cookies

7 HTTP transactions
1 data transactions