cheapestprice.xyz
Open in
urlscan Pro
66.29.132.55
Malicious Activity!
Public Scan
Effective URL: https://cheapestprice.xyz/wp-includes/block-patterns/upd/
Submission: On May 26 via manual from US — Scanned from US
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 5th 2021. Valid for: a year.
This is the only time cheapestprice.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Alaska USA Federal Credit Union (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 202.83.121.116 202.83.121.116 | 131745 (IDNIC-CYB...) (IDNIC-CYBERTECHTONIC-AS-ID PT. Cybertechtonic Pratama) | |
2 | 66.29.132.55 66.29.132.55 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
3 | 2 |
ASN131745 (IDNIC-CYBERTECHTONIC-AS-ID PT. Cybertechtonic Pratama, ID)
PTR: iix20.sharehostserver.com
upgrade-main.gq |
ASN22612 (NAMECHEAP-NET, US)
PTR: business135-5.web-hosting.com
cheapestprice.xyz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
cheapestprice.xyz
cheapestprice.xyz |
68 KB |
1 |
upgrade-main.gq
upgrade-main.gq |
327 B |
3 | 2 |
Domain | Requested by | |
---|---|---|
2 | cheapestprice.xyz |
cheapestprice.xyz
|
1 | upgrade-main.gq | |
3 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.upgrade-main3.mtsdaruljannahmb2.sch.id R3 |
2022-05-26 - 2022-08-24 |
3 months | crt.sh |
cheapestprice.xyz Sectigo RSA Domain Validation Secure Server CA |
2021-08-05 - 2022-08-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cheapestprice.xyz/wp-includes/block-patterns/upd/
Frame ID: E61E2F4D7115F1082112BED4B4744D83
Requests: 3 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://upgrade-main.gq/ Page URL
- https://cheapestprice.xyz/wp-includes/block-patterns/upd/ Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://upgrade-main.gq/ Page URL
- https://cheapestprice.xyz/wp-includes/block-patterns/upd/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
upgrade-main.gq/ |
230 B 327 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
cheapestprice.xyz/wp-includes/block-patterns/upd/ |
1 KB 677 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
008.png
cheapestprice.xyz/wp-includes/block-patterns/upd/ |
67 KB 68 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Alaska USA Federal Credit Union (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cheapestprice.xyz
upgrade-main.gq
202.83.121.116
66.29.132.55
7ddb87d9aeb73f5d8ad5e038007e30c3769d714bae87a0338cab9f98f49e04d3
e739a0543380314f5da5aa2deae171fcee42738c62f7ebd8ec384033196e83fd
ecc229b6b9c2ce3e2b9dc9ff9170b6f39aa8b383c95c5fd788c417b31fa5310f