news.todaysmainnews.com
Open in
urlscan Pro
2606:4700:30::6812:2e9c
Malicious Activity!
Public Scan
Effective URL: https://news.todaysmainnews.com/s3j1mpm/?dom=track.tricksaremadebyclicks.com&cep=oO3QvXGA-6A9-ejDlHYyo0aJrDJA0chFXi0J5RZbFw3ieUJ...
Submission: On September 11 via manual from HK
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on November 8th 2018. Valid for: a year.
This is the only time news.todaysmainnews.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2600:9000:20e... 2600:9000:20eb:6400:3:52ae:e980:93a1 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 1 | 52.31.45.52 52.31.45.52 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 1 | 18.195.174.160 18.195.174.160 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
9 | 2606:4700:30:... 2606:4700:30::6812:2e9c | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
3 | 2606:4700::68... 2606:4700::6810:233f | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
12 | 2 |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
hello.inboxtracking92.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-31-45-52.eu-west-1.compute.amazonaws.com
tracking.1arks.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
track.tricksaremadebyclicks.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
news.todaysmainnews.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.onesignal.com | |
onesignal.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
todaysmainnews.com
news.todaysmainnews.com |
255 KB |
3 |
onesignal.com
cdn.onesignal.com onesignal.com |
59 KB |
1 |
tricksaremadebyclicks.com
1 redirects
track.tricksaremadebyclicks.com |
1 KB |
1 |
1arks.com
1 redirects
tracking.1arks.com |
1 KB |
1 |
inboxtracking92.com
1 redirects
hello.inboxtracking92.com |
310 B |
12 | 5 |
Domain | Requested by | |
---|---|---|
9 | news.todaysmainnews.com |
news.todaysmainnews.com
|
2 | cdn.onesignal.com |
news.todaysmainnews.com
cdn.onesignal.com |
1 | onesignal.com |
cdn.onesignal.com
|
1 | track.tricksaremadebyclicks.com | 1 redirects |
1 | tracking.1arks.com | 1 redirects |
1 | hello.inboxtracking92.com | 1 redirects |
12 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
track.tricksaremadebyclicks.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2018-11-08 - 2019-11-08 |
a year | crt.sh |
ssl473492.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-07-02 - 2020-01-08 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://news.todaysmainnews.com/s3j1mpm/?dom=track.tricksaremadebyclicks.com&cep=oO3QvXGA-6A9-ejDlHYyo0aJrDJA0chFXi0J5RZbFw3ieUJH2BQtiF725jLSaX3Q96UUJ57Cs1XG5SNwmNkPg9tZiGl5TSdIueyl8H7HiXYLV_9f8LNwusqV5ZcqS45YabEvPuVGTlszPdnVxnMA5Y1FnkWKH7CeFMSVMOQC8ZsVVhoz_GvDlFfHDzDEuAuJauD1KE9i_e24N0eqfaoJ1_kvi-LagjIS2E4ezbjf9-rQIifNlJnKm3VaTe5ocI5hJyncPcb6qqLVmtPW7PWVTqyl1KC7Ze6IVx069ur7sFQ&lptoken=150b68e416ed9121371c&clickid=102d1c39daa6577dfa523d4b0e2243
Frame ID: 525E0934B414F85B2357A0BC962EEB63
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://hello.inboxtracking92.com/t/c/58cf142c-b489-45bf-af27-d676fb84247f/e5e02b1f-70e6-45ef-a177-566286904f10
HTTP 302
http://tracking.1arks.com/aff_c?offer_id=3302&aff_id=1746 HTTP 302
https://track.tricksaremadebyclicks.com/24088e5d-d712-43ae-8c65-2186d6613b1f?clickid=102d1c39daa6577dfa523d4b0e2243 HTTP 302
https://news.todaysmainnews.com/s3j1mpm/?dom=track.tricksaremadebyclicks.com&cep=oO3QvXGA-6A9-ejDlHYyo0aJrDJ... Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: CONFIRM DETAILS HERE
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://hello.inboxtracking92.com/t/c/58cf142c-b489-45bf-af27-d676fb84247f/e5e02b1f-70e6-45ef-a177-566286904f10
HTTP 302
http://tracking.1arks.com/aff_c?offer_id=3302&aff_id=1746 HTTP 302
https://track.tricksaremadebyclicks.com/24088e5d-d712-43ae-8c65-2186d6613b1f?clickid=102d1c39daa6577dfa523d4b0e2243 HTTP 302
https://news.todaysmainnews.com/s3j1mpm/?dom=track.tricksaremadebyclicks.com&cep=oO3QvXGA-6A9-ejDlHYyo0aJrDJA0chFXi0J5RZbFw3ieUJH2BQtiF725jLSaX3Q96UUJ57Cs1XG5SNwmNkPg9tZiGl5TSdIueyl8H7HiXYLV_9f8LNwusqV5ZcqS45YabEvPuVGTlszPdnVxnMA5Y1FnkWKH7CeFMSVMOQC8ZsVVhoz_GvDlFfHDzDEuAuJauD1KE9i_e24N0eqfaoJ1_kvi-LagjIS2E4ezbjf9-rQIifNlJnKm3VaTe5ocI5hJyncPcb6qqLVmtPW7PWVTqyl1KC7Ze6IVx069ur7sFQ&lptoken=150b68e416ed9121371c&clickid=102d1c39daa6577dfa523d4b0e2243 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
news.todaysmainnews.com/s3j1mpm/ Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lander.min.css
news.todaysmainnews.com/s3j1mpm/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OneSignalSDK.js
cdn.onesignal.com/sdks/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
product.png
news.todaysmainnews.com/s3j1mpm/ |
144 KB 144 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amazon.png
news.todaysmainnews.com/s3j1mpm/ |
36 KB 36 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
low.png
news.todaysmainnews.com/s3j1mpm/ |
35 KB 35 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
news.todaysmainnews.com/s3j1mpm/ |
27 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-2.1.4.min.js
news.todaysmainnews.com/s3j1mpm/ |
82 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.min.js
news.todaysmainnews.com/s3j1mpm/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OneSignalPageSDKES6.js
cdn.onesignal.com/sdks/ |
214 KB 52 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web
onesignal.com/api/v1/sync/546d8368-1d40-49f0-87b4-27397f31cce1/ |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.min.js
news.todaysmainnews.com/m3_assets/3/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)24 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| getURLParameter string| dom string| email string| emaildec string| realemail string| link function| OneSignal function| downloadJSAtOnload number| __oneSignalSdkLoadCount function| __jp0 function| $ function| jQuery function| startCheck function| changeBubble function| addNumber function| showMessage function| displayMessage function| showAllMessages string| data_1 string| data_2 string| data_3 object| firstQ number| t object| messages1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.todaysmainnews.com/ | Name: __cfduid Value: d58351f2ab54d46472e1af0303392aa9c1568167337 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.onesignal.com
hello.inboxtracking92.com
news.todaysmainnews.com
onesignal.com
track.tricksaremadebyclicks.com
tracking.1arks.com
18.195.174.160
2600:9000:20eb:6400:3:52ae:e980:93a1
2606:4700:30::6812:2e9c
2606:4700::6810:233f
52.31.45.52
0a2617768e184d5ddcc9a4e65b4780f0028502af41c54c438c18177bcaf581aa
0ece373f35625e65ae2497c9d0f2ff9bb0a3deeb8df2f2b7d71ade41cfb29fdf
16f688bad571627f2a40dad80951a0220fa5d11cdf8fb2888bf2887c53811c7d
1e58e2645d7ea1770f7b9c78f47f06dd8a9fc8eedc769e662e740397df8998b2
4a82eb0c48225c658a4440fc4b0dfa01c4c70eba1bdb71c1dc9e34338b6aa68f
7722372cc0c1af550de761e47316111b671326c96f6f2c6b47d97de1fa5a8912
a705dd23b75e824b4e8118a38ed5ed50e03678f72ccee1bbb9cb394f565035d8
c91328144122a2b3196a7aa5379fc26e2be6015342f9fd1b40d63763b01c198a
d795adbae5fc9f5e36c05a893fe354360fa53dcdad73daddc8c853c2ffcb7be3
e31c7de0e52dbaa9723a0c0906cbd0d1dc6bf5cccdf3627a604390b51de9390c
f16ab224bb962910558715c82f58c10c3ed20f153ddfaa199029f141b5b0255c