![](/screenshots/aaf91bb6-e78d-4bd7-9fc5-3b041a83cfb7.png)
nuevositio.badabishdigital.com
Open in
urlscan Pro
70.32.23.68
Malicious Activity!
Public Scan
Submission Tags: @phish_report
Submission: On January 11 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 4th 2024. Valid for: 3 months.
This is the only time nuevositio.badabishdigital.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Mooney (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 70.32.23.68 70.32.23.68 | 55293 (A2HOSTING) (A2HOSTING) | |
1 2 | 172.67.41.16 172.67.41.16 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.186.138 142.250.186.138 | 15169 (GOOGLE) (GOOGLE) | |
10 | 3 |
ASN55293 (A2HOSTING, US)
PTR: mi3-ss53.a2hosting.com
nuevositio.badabishdigital.com |
ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f10.1e100.net
ajax.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
badabishdigital.com
nuevositio.badabishdigital.com |
135 KB |
2 |
tailwindcss.com
1 redirects
cdn.tailwindcss.com — Cisco Umbrella Rank: 57927 |
109 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 708 |
30 KB |
10 | 3 |
Domain | Requested by | |
---|---|---|
8 | nuevositio.badabishdigital.com |
nuevositio.badabishdigital.com
|
2 | cdn.tailwindcss.com |
1 redirects
nuevositio.badabishdigital.com
|
1 | ajax.googleapis.com |
nuevositio.badabishdigital.com
|
10 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
nuevositio.badabishdigital.com cPanel, Inc. Certification Authority |
2024-01-04 - 2024-04-03 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-12-11 - 2024-03-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://nuevositio.badabishdigital.com/kiram/wp-admin/js/.000/moo/
Frame ID: 15D7E88ABDDC4088AB2B3342BB6356E5
Requests: 10 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://cdn.tailwindcss.com/ HTTP 302
- https://cdn.tailwindcss.com/3.4.1
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
nuevositio.badabishdigital.com/kiram/wp-admin/js/.000/moo/ |
14 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.4.1
cdn.tailwindcss.com/ Redirect Chain
|
359 KB 109 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
nuevositio.badabishdigital.com/kiram/wp-admin/js/.000/moo/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
nuevositio.badabishdigital.com/kiram/wp-admin/js/.000/moo/assets/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
close.svg
nuevositio.badabishdigital.com/kiram/wp-admin/js/.000/moo/assets/ |
704 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
close.svg
nuevositio.badabishdigital.com/kiram/wp-admin/js/.000/moo/assets/ |
704 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.svg
nuevositio.badabishdigital.com/kiram/wp-admin/js/.000/moo/assets/ |
41 KB 42 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Gotham-Book_Web.woff2
nuevositio.badabishdigital.com/kiram/wp-admin/js/.000/moo/assets/ |
41 KB 41 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Gotham-Medium_Web.woff2
nuevositio.badabishdigital.com/kiram/wp-admin/js/.000/moo/assets/ |
41 KB 41 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Mooney (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture object| tailwind string| /template.html function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdn.tailwindcss.com
nuevositio.badabishdigital.com
142.250.186.138
172.67.41.16
70.32.23.68
151c30a9c3810c4a00decc7ac92110d0660b64b6e25973116935faa14d232a81
3f51250e2d3ef478f59bc89cb67681b5ed423f8f8dc22062fb49e101e5032a2e
49616c860ff4ad5bed99b66a2b1295e7ef5213d5d5cf76ad2560d2f1daa06635
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8c037974a6a522818c33b1de8f55b6ae38d6dbca682bd9fbac5ca30b0aa06ebf
a332ca3d23059d37a26c3957b44670cada5a32ecaf94987b3ebe127a8dc0ce4d
b7f782249809b905d9189076f7ac869090da684bd4d586340ec0d9e1ff880d76
ba17f8257b1f710aa0e7136f4bd4b91a9a7db4f9cac2c409caf8708a64787303
bf661481c77d9464950c5b6368d2c125607456044ef943fc5d057f2eb5a7cb9f