cheapestprice.xyz
Open in
urlscan Pro
66.29.132.55
Malicious Activity!
Public Scan
Submitted URL: https://upgrade-main.gq/
Effective URL: https://cheapestprice.xyz/wp-includes/block-patterns/upd/
Submission: On May 26 via manual from US — Scanned from US
Effective URL: https://cheapestprice.xyz/wp-includes/block-patterns/upd/
Submission: On May 26 via manual from US — Scanned from US
Summary
This website contacted 2 IPs
in 2 countries
across 2 domains to perform 3 HTTP transactions.
The main IP is 66.29.132.55, located in
United States and
belongs to NAMECHEAP-NET, US.
The main domain is cheapestprice.xyz.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 5th 2021. Valid for: a year.
This is the only time cheapestprice.xyz was scanned on urlscan.io!
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 5th 2021. Valid for: a year.
This is the only time cheapestprice.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Alaska USA Federal Credit Union (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 202.83.121.116 202.83.121.116 | 131745 (IDNIC-CYB...) (IDNIC-CYBERTECHTONIC-AS-ID PT. Cybertechtonic Pratama) | |
| 2 | 66.29.132.55 66.29.132.55 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
| 3 | 2 |
1
202.83.121.116
(Indonesia)
ASN131745 (IDNIC-CYBERTECHTONIC-AS-ID PT. Cybertechtonic Pratama, ID)
PTR: iix20.sharehostserver.com
ASN131745 (IDNIC-CYBERTECHTONIC-AS-ID PT. Cybertechtonic Pratama, ID)
PTR: iix20.sharehostserver.com
| upgrade-main.gq |
2
66.29.132.55
(United States)
ASN22612 (NAMECHEAP-NET, US)
PTR: business135-5.web-hosting.com
ASN22612 (NAMECHEAP-NET, US)
PTR: business135-5.web-hosting.com
| cheapestprice.xyz |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 2 |
cheapestprice.xyz
cheapestprice.xyz |
68 KB |
| 1 |
upgrade-main.gq
upgrade-main.gq |
327 B |
| 3 | 2 |
| Domain | Requested by | |
|---|---|---|
| 2 | cheapestprice.xyz |
cheapestprice.xyz
|
| 1 | upgrade-main.gq | |
| 3 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| www.upgrade-main3.mtsdaruljannahmb2.sch.id R3 |
2022-05-26 - 2022-08-24 |
3 months | crt.sh |
| cheapestprice.xyz Sectigo RSA Domain Validation Secure Server CA |
2021-08-05 - 2022-08-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cheapestprice.xyz/wp-includes/block-patterns/upd/
Frame ID: E61E2F4D7115F1082112BED4B4744D83
Requests: 3 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://upgrade-main.gq/ Page URL
- https://cheapestprice.xyz/wp-includes/block-patterns/upd/ Page URL
Detected technologies
WordPress
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /wp-(?:content|includes)/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://upgrade-main.gq/ Page URL
- https://cheapestprice.xyz/wp-includes/block-patterns/upd/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
/
upgrade-main.gq/ |
230 B 327 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
/
cheapestprice.xyz/wp-includes/block-patterns/upd/ |
1 KB 677 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
008.png
cheapestprice.xyz/wp-includes/block-patterns/upd/ |
67 KB 68 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Alaska USA Federal Credit Union (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cheapestprice.xyz
upgrade-main.gq
202.83.121.116
66.29.132.55
7ddb87d9aeb73f5d8ad5e038007e30c3769d714bae87a0338cab9f98f49e04d3
e739a0543380314f5da5aa2deae171fcee42738c62f7ebd8ec384033196e83fd
ecc229b6b9c2ce3e2b9dc9ff9170b6f39aa8b383c95c5fd788c417b31fa5310f