usource.me Open in urlscan Pro
2606:4700:20::681a:394 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/Up-dating.php?country.x=-&ACCT...
Submission: On January 24 via api (January 24th 2024, 3:02:51 pm UTC) from US — Scanned from DE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 2606:4700:20::681a:394, located in United States and belongs to CLOUDFLARENET, US. The main domain is usource.me.

This is the only time usource.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
4 13	2606:4700:20:... 2606:4700:20::681a:394	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:3965	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:20:... 2606:4700:20::681a:294	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
13	4

13 2606:4700:20::681a:394 (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

usource.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.usource.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3965 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:294 (United States)

ASN13335 (CLOUDFLARENET, US)

www.usource.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	usource.me 4 redirects usource.me www.usource.me	303 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 369	34 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 811	7 KB
13	3

	Domain	Requested by
11	usource.me	2 redirects usource.me static.cloudflareinsights.com
4	www.usource.me	2 redirects
1	ajax.googleapis.com	usource.me
1	static.cloudflareinsights.com	usource.me
13	4

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/Up-dating.php?country.x=-&ACCT.x=ID-PPL=PA324172.70.242.203=ScrPg=ae8ac29cdf8941ad6142941e4fd0070503f6437acba59a01ab4348dbbf86fcb2S=$1$Z0/Osbei$BYa3VNf4PeHmNUrS6xlBI/vyJZSGunDLh5QHxUmVCAw0cb9jdWpXREz82OkrsgMi4PBla1t7fqYIFKN3e6oTQP4nCod6mayvqb9KGJSOgprxAszRHMweVWLU0hIk5D8ftBc2NEiTZuj37Fl1XY15991655781/
Frame ID: 9C26BDAAA27C175D3F560E2ABEB29754
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

()

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

15 %
HTTPS

100 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

340 kB
Transfer

544 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/jquery.maskedinput.min.js HTTP 301
http://www.usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/jquery.maskedinput.min.js HTTP 301
https://www.usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/jquery.maskedinput.min.js

Request Chain 10

http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/jquery.maskedinput.min.js HTTP 301
http://www.usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/jquery.maskedinput.min.js HTTP 301
https://www.usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/jquery.maskedinput.min.js

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Up-dating.php Show response
usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/ 6 KB
3 KB 212ms
160ms Document
text/html 2606:4700:20::681a:394
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/Up-dating.php?country.x=-&ACCT.x=ID-PPL=PA324172.70.242.203=ScrPg=ae8ac29cdf8941ad6142941e4fd0070503f6437acba59a01ab4348dbbf86fcb2S=$1$Z0/Osbei$BYa3VNf4PeHmNUrS6xlBI/vyJZSGunDLh5QHxUmVCAw0cb9jdWpXREz82OkrsgMi4PBla1t7fqYIFKN3e6oTQP4nCod6mayvqb9KGJSOgprxAszRHMweVWLU0hIk5D8ftBc2NEiTZuj37Fl1XY15991655781/
Protocol: HTTP/1.1
Server: 2606:4700:20::681a:394 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ac5317b9f4bf79d15c0808a153ab09980d80a7c54acbb2cbde2c1e4c3576085

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

CF-Cache-Status: BYPASS
CF-Ray: 84a928c78d20bbf2-FRA
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 24 Jan 2024 15:02:45 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Pragma: no-cache
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FwXP3qrocjYb9TAEgAlJn2J%2FpEUdwJUZO3Mh4IVcoUe%2B2wIgK1sL6BAt3gZuzMVkbk9QCdpmuYLo5rZqp%2FBWs3NNE9fCDKzcpdiya6SAKpnANr%2FnNgCnPJsjjJ%2BxMwpJUGbYU%2Bmp%2BbY%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
cf-apo-via: origin,no-cache

GET
H/1.1 200
OK appSuperBowl.css
usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/ 146 KB
24 KB 135ms
135ms Stylesheet
text/css 2606:4700:20::681a:394
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/appSuperBowl.css

Requested by

Host: usource.me
URL: http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/Up-dating.php?country.x=-&ACCT.x=ID-PPL=PA324172.70.242.203=ScrPg=ae8ac29cdf8941ad6142941e4fd0070503f6437acba59a01ab4348dbbf86fcb2S=$1$Z0/Osbei$BYa3VNf4PeHmNUrS6xlBI/vyJZSGunDLh5QHxUmVCAw0cb9jdWpXREz82OkrsgMi4PBla1t7fqYIFKN3e6oTQP4nCod6mayvqb9KGJSOgprxAszRHMweVWLU0hIk5D8ftBc2NEiTZuj37Fl1XY15991655781/

Protocol

HTTP/1.1

Server

2606:4700:20::681a:394 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6247b6a4adbefb7ccfbea592140bcda2651689db5427726d841a637814460865

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/Up-dating.php?country.x=-&ACCT.x=ID-PPL=PA324172.70.242.203=ScrPg=ae8ac29cdf8941ad6142941e4fd0070503f6437acba59a01ab4348dbbf86fcb2S=$1$Z0/Osbei$BYa3VNf4PeHmNUrS6xlBI/vyJZSGunDLh5QHxUmVCAw0cb9jdWpXREz82OkrsgMi4PBla1t7fqYIFKN3e6oTQP4nCod6mayvqb9KGJSOgprxAszRHMweVWLU0hIk5D8ftBc2NEiTZuj37Fl1XY15991655781/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Wed, 24 Jan 2024 15:02:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Content-Length: 23389
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 06 Apr 2022 00:57:36 GMT
Server: cloudflare
ETag: "24687-5dbf1d8e6a984-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oFfvLfMp%2B3UTn9WVbB7iNu61%2Fqy1O0V1ZbdGeokNStlWeeCvLIM1DjJQyZuXschgGIvO4un8nIsgC6zqZC%2BghXNDhoVJitorK%2FlvttBYzU5xamH%2FvAwBjfM2uxIiJ8v6%2BfXRfx2Z8UA%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=31536000
Accept-Ranges: bytes
CF-RAY: 84a928c89e44bbf2-FRA
Expires: Thu, 23 Jan 2025 15:02:45 GMT

GET
H/1.1 200
OK rocket-loader.min.js Show response
usource.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
5 KB 88ms
48ms Script
application/javascript 2606:4700:20::681a:394
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://usource.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Protocol

HTTP/1.1

Server

2606:4700:20::681a:394 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/Up-dating.php?country.x=-&ACCT.x=ID-PPL=PA324172.70.242.203=ScrPg=ae8ac29cdf8941ad6142941e4fd0070503f6437acba59a01ab4348dbbf86fcb2S=$1$Z0/Osbei$BYa3VNf4PeHmNUrS6xlBI/vyJZSGunDLh5QHxUmVCAw0cb9jdWpXREz82OkrsgMi4PBla1t7fqYIFKN3e6oTQP4nCod6mayvqb9KGJSOgprxAszRHMweVWLU0hIk5D8ftBc2NEiTZuj37Fl1XY15991655781/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Wed, 24 Jan 2024 15:02:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 19 Jan 2024 15:56:35 GMT
Server: cloudflare
ETag: W/"65aa9bb3-302c"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FMRP6jqhDxuG3nG6GBZw660AYLI%2BSLLYVOfO8p3wLYYPJjQKTzBR2hn3uX%2B%2FVD%2BrcYUv6wUzI%2Bmhj1c6I7I%2BuZv5JDnK799D%2B5PMkxJrxzjTtNzSY4ine5T8rFSIa19Pz8sTEbjSQ9w%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
X-Frame-Options: DENY
Cache-Control: max-age=172800, public
CF-RAY: 84a928c8dd31bba9-FRA
Expires: Fri, 26 Jan 2024 15:02:45 GMT

GET
H2 200 v84a3a4012de94ce1a686ba8c167c359c1696973893317 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 206ms
124ms Script
text/javascript 2606:4700::6810:3965
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by: Host: usource.me
URL: http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/Up-dating.php?country.x=-&ACCT.x=ID-PPL=PA324172.70.242.203=ScrPg=ae8ac29cdf8941ad6142941e4fd0070503f6437acba59a01ab4348dbbf86fcb2S=$1$Z0/Osbei$BYa3VNf4PeHmNUrS6xlBI/vyJZSGunDLh5QHxUmVCAw0cb9jdWpXREz82OkrsgMi4PBla1t7fqYIFKN3e6oTQP4nCod6mayvqb9KGJSOgprxAszRHMweVWLU0hIk5D8ftBc2NEiTZuj37Fl1XY15991655781/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer: http://usource.me/
Origin: http://usource.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 24 Jan 2024 15:02:46 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
server: cloudflare
etag: W/"2023.10.0"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 84a928c91a9a6904-FRA

GET
H2

404

jquery.maskedinput.min.js
www.usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/
Redirect Chain

http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/jquery.maskedinput.min.js
http://www.usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/jquery.maskedinput.min.js
https://www.usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/jquery.maskedinput.min.js

0
0

577ms
426ms

Script
text/html

2606:4700:20::681a:294
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/jquery.maskedinput.min.js
Protocol: H2
Server: 2606:4700:20::681a:294 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://usource.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Redirect headers

Date: Wed, 24 Jan 2024 15:02:46 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6N81gYVYYsQWsrliwwhCE9BdMBkrgB%2B8jdPUKqkfKWjQE6QJUIA9ilU7zDtOYjcAnxi2bd%2F35SN3zAl0d%2FpQziqmjs5Rjyx62xyIEe2x4wo4%2FY7NwQDX%2BqGEBKiku%2F%2Fo2jBIsuLlEvOk25I2"}],"group":"cf-nel","max_age":604800}
Location: https://www.usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/jquery.maskedinput.min.js
Cache-Control: max-age=3600
Vary: Accept-Encoding
Connection: keep-alive
CF-RAY: 84a928cbedeb18d4-FRA
Expires: Wed, 24 Jan 2024 16:02:46 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 95 KB
34 KB 127ms
41ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: usource.me
URL: http://usource.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://usource.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 23:35:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55643
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33951
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 23:35:23 GMT

GET
H/1.1 200
OK bck.jpeg
usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/ 119 KB
120 KB 142ms
142ms Image
image/jpeg 2606:4700:20::681a:394
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/bck.jpeg

Requested by

Host: usource.me
URL: http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/appSuperBowl.css

Protocol

HTTP/1.1

Server

2606:4700:20::681a:394 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe192efe8fcf4b8d4f9d940c7617b25248a5d7186d6334ddd2410c4aebe4cd07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/appSuperBowl.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Wed, 24 Jan 2024 15:02:46 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Content-Length: 121791
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 06 Apr 2022 00:57:36 GMT
Server: cloudflare
ETag: "1dbbf-5dbf1d8e66b04"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/jpeg
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SSwjgJeVikEOfcaKgyxPXNagYiYmSFU2b50azX%2BCFkY8NRfz43K110ojvJC4zxNSbyGGyr8%2FOMLMGsNlS1TcZdjnQ3UZYaTWiHI6BzaZqZazcqMbBQtfHEzzRYWAILAxIJwCqqD5PMw%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=31536000
Accept-Ranges: bytes
CF-RAY: 84a928c97df3bba9-FRA
Expires: Thu, 23 Jan 2025 15:02:45 GMT

GET
H/1.1 200
OK lg.svg
usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/ 5 KB
3 KB 145ms
107ms Image
image/svg+xml 2606:4700:20::681a:394
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/lg.svg

Requested by

Host: usource.me
URL: http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/appSuperBowl.css

Protocol

HTTP/1.1

Server

2606:4700:20::681a:394 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e35c57fad02017983d4261c8d65697ec8b312a2a19127cb93f92d1eca6408015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/appSuperBowl.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Wed, 24 Jan 2024 15:02:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Content-Length: 1988
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Server: cloudflare
ETag: "1445-5dbf1d8e6bd0c-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/svg+xml
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lb2640evozXVuvePkWlJQybIrs4m5JfeRRPU7h3e%2FsQJzh7wUq0lsdI7d3NLh8YzBM9MMaluRE2pArNQn%2FFscO9VWm9GWWOwc69f%2Bj8hpdW%2BxztFU%2F7IqAhDJsuDy6aGWL9S6MQAeC4%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=31536000
Accept-Ranges: bytes
CF-RAY: 84a928c9bb179235-FRA
Expires: Thu, 23 Jan 2025 15:02:45 GMT

GET
H/1.1 200
OK scs.png
usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/ 28 KB
29 KB 171ms
131ms Image
image/png 2606:4700:20::681a:394
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/scs.png

Requested by

Host: usource.me
URL: http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/appSuperBowl.css

Protocol

HTTP/1.1

Server

2606:4700:20::681a:394 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6cfdeac3ea88a45d99b7336b28d5b4554654c042377950e80a4129847c3e548a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/appSuperBowl.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Wed, 24 Jan 2024 15:02:46 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Content-Length: 28966
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 06 Apr 2022 00:57:36 GMT
Server: cloudflare
ETag: "7126-5dbf1d8e6a1b4"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/png
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fn93btg85cQYw%2FFrNtTD3kQxahkMKwQdHj%2F1H5bUG6NrfCvgZv9FnV%2BBarDgPQxxszwHFKgAbajUaqljaM4xaNbXSHu%2BNSGe722pC5tzXKT7WBx84%2FcJ7%2B1IoOEJHuXAGdZ6CPEjjVE%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=31536000
Accept-Ranges: bytes
CF-RAY: 84a928c9bf1fbbcd-FRA
Expires: Thu, 23 Jan 2025 15:02:45 GMT

GET
H/1.1 200
OK psr.woff
usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/ 46 KB
47 KB 182ms
144ms Font
application/font-woff 2606:4700:20::681a:394
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/psr.woff

Requested by

Host: usource.me
URL: http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/appSuperBowl.css

Protocol

HTTP/1.1

Server

2606:4700:20::681a:394 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/appSuperBowl.css
Origin: http://usource.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Wed, 24 Jan 2024 15:02:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Content-Length: 47319
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Server: cloudflare
ETag: "b8eb-5dbf1d8e6a1b4-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/font-woff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VnEeEhb47lGqYjBfPgz%2BWMImsvOOvvPDKG7tAbcjr7Zb4pgk0Rs2blOuMcI3RwcUZJ2f%2BWKnTccgyTBgiZStCSK7B4Z22MeEurnf8iuJJIrni3S53kgxlBkNxP3jl%2B691iOcaJUflNo%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=31536000
Accept-Ranges: bytes
CF-RAY: 84a928c9bf529195-FRA
Expires: Thu, 23 Jan 2025 15:02:45 GMT

GET
H/1.1 200
OK scf.png
usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/ 68 KB
69 KB 179ms
140ms Image
image/png 2606:4700:20::681a:394
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/scf.png

Requested by

Host: usource.me
URL: http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/appSuperBowl.css

Protocol

HTTP/1.1

Server

2606:4700:20::681a:394 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94ffc263295036858354cea9af2d7f0e45e1a030e781edd1655727c4b0eb226c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/appSuperBowl.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Wed, 24 Jan 2024 15:02:46 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Content-Length: 69730
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 06 Apr 2022 00:57:36 GMT
Server: cloudflare
ETag: "11062-5dbf1d8e6a1b4"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/png
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fPQUOxqaEI2wkZcWwsDcaTnt9tDZdQNWiRcLttCmasWLx%2FzeT%2FRtFa1cPTiHsPVkRPkZlERGM6ctbtxzV5fPv3EuGTzhDUbSQUM%2Frfmdkv18%2BJxfUS%2BwC6vUUqQBlCu4vGgR8IaWGjM%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=31536000
Accept-Ranges: bytes
CF-RAY: 84a928c9b9109131-FRA
Expires: Thu, 23 Jan 2025 15:02:45 GMT

GET
H2

404

jquery.maskedinput.min.js
www.usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/
Redirect Chain

http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/jquery.maskedinput.min.js
http://www.usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/jquery.maskedinput.min.js
https://www.usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/jquery.maskedinput.min.js

0
0

396ms
396ms

Script
text/html

2606:4700:20::681a:294
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/jquery.maskedinput.min.js
Protocol: H2
Server: 2606:4700:20::681a:294 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://usource.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Redirect headers

Date: Wed, 24 Jan 2024 15:02:47 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LY3wbRkjsEtbvS0H35EDNFVOEbNVx3psIqs6f4X7WPbvWDDdaNdBmmqEg%2BF8KfIuJ7XFKyBZmjfrdC63d8jOOIZ7%2Bkz7be0vqURNNSSLOOS6%2FFcArVM9oMqE96cT5%2FKPe3qSE5vb6b%2FJOLLb"}],"group":"cf-nel","max_age":604800}
Location: https://www.usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/jquery.maskedinput.min.js
Cache-Control: max-age=3600
Vary: Accept-Encoding
Connection: keep-alive
CF-RAY: 84a928d02c4718d4-FRA
Expires: Wed, 24 Jan 2024 16:02:47 GMT

POST
H/1.1 204
No Content rum Show response
usource.me/cdn-cgi/ 0
371 B 42ms
42ms XHR
text/plain 2606:4700:20::681a:394
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://usource.me/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

Protocol

HTTP/1.1

Server

2606:4700:20::681a:394 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/Up-dating.php?country.x=-&ACCT.x=ID-PPL=PA324172.70.242.203=ScrPg=ae8ac29cdf8941ad6142941e4fd0070503f6437acba59a01ab4348dbbf86fcb2S=$1$Z0/Osbei$BYa3VNf4PeHmNUrS6xlBI/vyJZSGunDLh5QHxUmVCAw0cb9jdWpXREz82OkrsgMi4PBla1t7fqYIFKN3e6oTQP4nCod6mayvqb9KGJSOgprxAszRHMweVWLU0hIk5D8ftBc2NEiTZuj37Fl1XY15991655781/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
content-type: application/json

Response headers

Date: Wed, 24 Jan 2024 15:02:47 GMT
X-Content-Type-Options: nosniff
Server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: http://usource.me
X-Frame-Options: DENY
access-control-allow-credentials: true
Connection: keep-alive
CF-RAY: 84a928d2fbe7bbf2-FRA

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			usource.me/	1969-12-31 23:59:59	Name: PHPSESSID Value: 1f10709d0fa6334b9dcb1088841af55a

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/jquery.maskedinput.min.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.usource.me/wp-content/updraft/Login-account/a04e88a6caa5a5aadcdb58530c549f9f/imcs_files/jquery.maskedinput.min.js Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
static.cloudflareinsights.com
usource.me
www.usource.me
2606:4700:20::681a:294
2606:4700:20::681a:394
2606:4700::6810:3965
2a00:1450:4001:82b::200a
2ac5317b9f4bf79d15c0808a153ab09980d80a7c54acbb2cbde2c1e4c3576085
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
6247b6a4adbefb7ccfbea592140bcda2651689db5427726d841a637814460865
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6cfdeac3ea88a45d99b7336b28d5b4554654c042377950e80a4129847c3e548a
94ffc263295036858354cea9af2d7f0e45e1a030e781edd1655727c4b0eb226c
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
e35c57fad02017983d4261c8d65697ec8b312a2a19127cb93f92d1eca6408015
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fe192efe8fcf4b8d4f9d940c7617b25248a5d7186d6334ddd2410c4aebe4cd07

usource.me Open in urlscan Pro 2606:4700:20::681a:394 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

13 Requests

15 %HTTPS

100 %IPv6

3 Domains

4 Subdomains

4 IPs

2 Countries

340 kBTransfer

544 kBSize

1 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

usource.me Open in urlscan Pro
2606:4700:20::681a:394 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

15 %
HTTPS

100 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

340 kB
Transfer

544 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!