urlscan.io logo urlscan.io
SecurityTrails logo

uphold.sitelio.me Open in urlscan Pro
2606:4700::6812:b394  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://uphold.sitelio.me/?entity=4201580
Effective URL: https://uphold.sitelio.me/?entity=4201580
Submission: On December 16 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 6 domains to perform 18 HTTP transactions. The main IP is 2606:4700::6812:b394, located in United States and belongs to CLOUDFLARENET, US. The main domain is uphold.sitelio.me.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 7th 2022. Valid for: a year.
This is the only time uphold.sitelio.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
2 9 2606:4700::68... 13335 (CLOUDFLAR...)
2 35.190.14.35 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 13.92.180.208 8075 (MICROSOFT...)
18 8
9    2606:4700::6812:b394 (United States)

ASN13335 (CLOUDFLARENET, US)
uphold.sitelio.me
2    35.190.14.35 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 35.14.190.35.bc.googleusercontent.com
components.mywebsitebuilder.com
1    2a00:1450:400d:807::200a (Ireland)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2606:4700::6812:9709 (United States)

ASN13335 (CLOUDFLARENET, US)
runtime.builderservices.io
images.builderservices.io
3    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2606:4700::6813:a30a (United States)

ASN13335 (CLOUDFLARENET, US)
in-app.mywebsitebuilder.com
2    13.92.180.208 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
in-us-east-event-hubs.servicebus.windows.net
Apex Domain
Subdomains		 Transfer
9 sitelio.me
uphold.sitelio.me
590 KB
3 gstatic.com
fonts.gstatic.com
48 KB
3 mywebsitebuilder.com
components.mywebsitebuilder.com — Cisco Umbrella Rank: 78684
in-app.mywebsitebuilder.com — Cisco Umbrella Rank: 193294
115 KB
2 windows.net
in-us-east-event-hubs.servicebus.windows.net — Cisco Umbrella Rank: 89754
312 B
2 builderservices.io
runtime.builderservices.io — Cisco Umbrella Rank: 173159
images.builderservices.io — Cisco Umbrella Rank: 185165
1007 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 37
947 B
18 6
Domain Requested by
9 uphold.sitelio.me 2 redirects uphold.sitelio.me
runtime.builderservices.io
3 fonts.gstatic.com fonts.googleapis.com
2 in-us-east-event-hubs.servicebus.windows.net in-app.mywebsitebuilder.com
2 components.mywebsitebuilder.com uphold.sitelio.me
components.mywebsitebuilder.com
1 in-app.mywebsitebuilder.com runtime.builderservices.io
1 images.builderservices.io
1 runtime.builderservices.io uphold.sitelio.me
1 fonts.googleapis.com uphold.sitelio.me
18 8

This site contains links to these domains. Also see Links.

Domain
www.sitelio.com
Subject Issuer Validity Valid
sitelio.me
Cloudflare Inc ECC CA-3		 2022-05-07 -
2023-05-07		 a year crt.sh
*.mywebsitebuilder.com
Sectigo RSA Domain Validation Secure Server CA		 2022-10-23 -
2023-11-23		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
builderservices.io
Cloudflare Inc ECC CA-3		 2022-04-06 -
2023-04-06		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-11-07 -
2023-01-30		 3 months crt.sh
mywebsitebuilder.com
Cloudflare Inc ECC CA-3		 2022-04-30 -
2023-04-30		 a year crt.sh
servicebus.windows.net
Microsoft Azure TLS Issuing CA 01		 2022-10-16 -
2023-10-11		 a year crt.sh

This page contains 1 frames:

Primary Page: https://uphold.sitelio.me/?entity=4201580
Frame ID: E3C6EB1317460DBA166A71ACC9761B1C
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login - uphold

Page URL History Show full URLs

  1. http://uphold.sitelio.me/?entity=4201580 Page URL
  2. http://uphold.sitelio.me/cdn-cgi/phish-bypass?atok=l9onrZRY.h5eb6MW0ji5pfx1zJWRYuY9OwjFXPyhJzg-167121... HTTP 301
    http://uphold.sitelio.me/?entity=4201580 HTTP 301
    https://uphold.sitelio.me/?entity=4201580 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

18
Requests

83 %
HTTPS

71 %
IPv6

6
Domains

8
Subdomains

8
IPs

3
Countries

1760 kB
Transfer

3188 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://uphold.sitelio.me/?entity=4201580 Page URL
  2. http://uphold.sitelio.me/cdn-cgi/phish-bypass?atok=l9onrZRY.h5eb6MW0ji5pfx1zJWRYuY9OwjFXPyhJzg-1671219822-0-%2F%3Fentity%3D4201580 HTTP 301
    http://uphold.sitelio.me/?entity=4201580 HTTP 301
    https://uphold.sitelio.me/?entity=4201580 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
uphold.sitelio.me/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://uphold.sitelio.me/?entity=4201580
Protocol
HTTP/1.1
Server
2606:4700::6812:b394 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c0e1624e149780dc718918e5b6eca2a31fe49da794eea97854ef10acfc76426
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

CF-RAY
77a9e8d2db31994a-FRA
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 16 Dec 2022 19:43:42 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
cf.errors.css
uphold.sitelio.me/cdn-cgi/styles/ 		24 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://uphold.sitelio.me/cdn-cgi/styles/cf.errors.css
Requested by
Host: uphold.sitelio.me
URL: http://uphold.sitelio.me/?entity=4201580
Protocol
HTTP/1.1
Server
2606:4700::6812:b394 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://uphold.sitelio.me/?entity=4201580
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 16 Dec 2022 19:43:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 14 Dec 2022 12:20:52 GMT
Server
cloudflare
ETag
W/"6399bfa4-5e44"
Transfer-Encoding
chunked
X-Frame-Options
DENY
Content-Type
text/css
Vary
Accept-Encoding
Cache-Control
max-age=7200, public
Connection
keep-alive
CF-RAY
77a9e8d32bcb994a-FRA
Expires
Fri, 16 Dec 2022 21:43:42 GMT
icon-exclamation.png
uphold.sitelio.me/cdn-cgi/images/ 		452 B
889 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://uphold.sitelio.me/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: uphold.sitelio.me
URL: http://uphold.sitelio.me/cdn-cgi/styles/cf.errors.css
Protocol
HTTP/1.1
Server
2606:4700::6812:b394 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://uphold.sitelio.me/cdn-cgi/styles/cf.errors.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Fri, 16 Dec 2022 19:43:42 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 14 Dec 2022 12:20:52 GMT
Server
cloudflare
ETag
"6399bfa4-1c4"
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=7200, public
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
77a9e8d34c31994a-FRA
Content-Length
452
Expires
Fri, 16 Dec 2022 21:43:42 GMT
Primary Request /
uphold.sitelio.me/
Redirect Chain
  • http://uphold.sitelio.me/cdn-cgi/phish-bypass?atok=l9onrZRY.h5eb6MW0ji5pfx1zJWRYuY9OwjFXPyhJzg-1671219822-0-%2F%3Fentity%3D4201580
  • http://uphold.sitelio.me/?entity=4201580
  • https://uphold.sitelio.me/?entity=4201580
205 KB
30 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://uphold.sitelio.me/?entity=4201580
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b394 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
770856a822fe81b9b90c3b0921095f16d8d4ef53ea504ec286ca7e1f7e910496

Request headers

Referer
http://uphold.sitelio.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
243333
cf-cache-status
HIT
cf-ray
77a9e8ed0f1e9177-FRA
content-encoding
br
content-type
text/html
date
Fri, 16 Dec 2022 19:43:47 GMT
last-modified
Wed, 30 Nov 2022 05:36:18 GMT
server
cloudflare
vary
Accept-Encoding
x-goog-generation
1669786578121349
x-goog-hash
crc32c=zwL+cQ== md5=r3MXojA3N1zgqROo+0Xrlg==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
209963
x-guploader-uploadid
ADPycdv-1x6bqSwpdk6EW4_aonOHJPtYacoGjIbEfrzOt4pbPLKIIzvlP-Mgc7HJYtYg-nQ2laz-H1rc_msMRXod0uiwjg
x-worker-version
1.0.0

Redirect headers

CF-RAY
77a9e8eccf4f994a-FRA
Cache-Control
max-age=3600
Connection
keep-alive
Date
Fri, 16 Dec 2022 19:43:46 GMT
Expires
Fri, 16 Dec 2022 20:43:46 GMT
Location
https://uphold.sitelio.me/?entity=4201580
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
font-awesome.css
components.mywebsitebuilder.com/fonts/ 		30 KB
31 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://components.mywebsitebuilder.com/fonts/font-awesome.css
Requested by
Host: uphold.sitelio.me
URL: https://uphold.sitelio.me/?entity=4201580
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.14.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
35.14.190.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
bd1411968f2f8d6fac8407f679d31f30939345c45bf1df811ba149120d879fb1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uphold.sitelio.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Sun, 11 Dec 2022 14:52:19 GMT
age
449488
x-guploader-uploadid
ADPycds-WjzM1zEem2USpyavnaA4SHA7_Yd6WzhwfaYrEUIeGEt0obFUUMLJHSI9r40M5-q0Keym3cP4n1AkvAXQR-PdLg
x-goog-storage-class
STANDARD
x-goog-custom-time
1970-01-01T00:00:00Z
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30748
x-goog-meta-
last-modified
Fri, 18 Dec 2020 10:13:33 GMT
server
UploadServer
etag
"9f3af79fa00509146c92bd91454d4eaf"
x-goog-generation
1608286413516447
x-goog-hash
crc32c=ghVUSQ==, md5=nzr3n6AFCRRskr2RRU1Orw==
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
Cache-Control:public,max-age=315360001
x-goog-stored-content-length
30748
accept-ranges
bytes
content-type
text/css
expires
Mon, 11 Dec 2023 14:52:19 GMT
css
fonts.googleapis.com/ 		2 KB
947 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?display=swap&family=Cinzel:400,700|Fauna+One:400,700
Requested by
Host: uphold.sitelio.me
URL: https://uphold.sitelio.me/?entity=4201580
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:807::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
159ea9c0da84b42bb593feca2414e16abc87e8a4a063ef684bd36d6f7378180f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uphold.sitelio.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 16 Dec 2022 19:43:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 16 Dec 2022 19:43:47 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 16 Dec 2022 19:43:47 GMT
login.3294cbca.js
uphold.sitelio.me/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uphold.sitelio.me/login.3294cbca.js
Requested by
Host: uphold.sitelio.me
URL: https://uphold.sitelio.me/?entity=4201580
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b394 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4250564f2ff5183f214a4df07c969efbe35384d42a8a7345afa2b223a68e619

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uphold.sitelio.me/?entity=4201580
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:43:47 GMT
content-encoding
br
cf-cache-status
HIT
age
30692
cf-polished
origSize=6443
x-guploader-uploadid
ADPycdu7nA_e_Y9Amb9iUgdBV9751JEBUTxLdItZB2ypuISdWldRvmTr6EDQ3wiyzcvpR-Btlorjscry5Nts6z9U2oNvpQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
last-modified
Wed, 30 Nov 2022 05:36:18 GMT
cf-bgj
minify
server
cloudflare
vary
Accept-Encoding
x-goog-generation
1669786578079410
content-type
application/javascript
x-goog-hash
crc32c=ASv5yw==, md5=D++6jYx5jF0/8NWjlPwacg==
x-goog-stored-content-length
6443
cf-ray
77a9e8ef5cdb9177-FRA
x-worker-version
1.0.0
bundle.js
runtime.builderservices.io/runtime-sitelio-21523/ 		2 MB
458 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://runtime.builderservices.io/runtime-sitelio-21523/bundle.js
Requested by
Host: uphold.sitelio.me
URL: https://uphold.sitelio.me/?entity=4201580
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:9709 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d90b6faa16ab636780b40e42816eba2888f7206bfd800054e28a16829d048bfc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uphold.sitelio.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 16 Dec 2022 19:43:47 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 09 Nov 2022 12:05:40 GMT
server
cloudflare
content-md5
FC8fOAjdXT4/3fat1I+0kw==
age
30692
vary
Accept-Encoding
content-type
application/javascript
x-ms-request-id
59ca3037-701e-000e-4f3f-11c8fc000000
cache-control
"max-age=31536000"
x-ms-version
2009-09-19
cf-ray
77a9e8ef9aea5c20-FRA
m
uphold.sitelio.me/s/cdn/v1.0/i/ 		547 KB
548 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uphold.sitelio.me/s/cdn/v1.0/i/m?url=https%3A%2F%2Fstorage.googleapis.com%2Fproduction-sitelio-v1-0-3%2F303%2F1540303%2FgYKITar2%2F06baa83271e742f49a1959b6c105f70d&methods=resize%2C2000%2C5000
Requested by
Host: uphold.sitelio.me
URL: https://uphold.sitelio.me/?entity=4201580
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b394 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9f62699cbe74d061d38e2036e87012c7ae16f29ae2d2a0076e15f747982b693
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uphold.sitelio.me/?entity=4201580
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-engine
cloud
date
Fri, 16 Dec 2022 19:43:47 GMT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
age
30690
content-length
560078
cf-resized
internal=ok/m q=0 n=464 c=13+537 v=2022.12.3 l=560078
last-modified
Wed, 30 Nov 2022 05:17:36 GMT
cf-bgj
imgq:93,h2pri
server
cloudflare
etag
"cfke478BGhsadnZa7emNkufKN-3j--lvTFa1FxIuPGDQ:6998e75056edc3b8b74e920d0f3041ec"
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, POST, PATCH, PUT, DELETE, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2678400
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
77a9e8effe1d9177-FRA
access-control-allow-headers
*
fontawesome-webfont.woff2
components.mywebsitebuilder.com/fonts/ 		75 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://components.mywebsitebuilder.com/fonts/fontawesome-webfont.woff2
Requested by
Host: components.mywebsitebuilder.com
URL: https://components.mywebsitebuilder.com/fonts/font-awesome.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.14.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
35.14.190.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer
https://components.mywebsitebuilder.com/fonts/font-awesome.css
Origin
https://uphold.sitelio.me
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 19:01:18 GMT
age
2162549
x-guploader-uploadid
ADPycdsqhdsHolKkQXkxI--UoIzmkvvWcJS6rD74u6Gt7dyCjE5ZA2A45etk3U0shdKHkZByQVVI7sRF48fr-u8475vfqJD9k_rD
x-goog-storage-class
STANDARD
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
77160
last-modified
Tue, 16 Jul 2019 09:58:09 GMT
server
UploadServer
etag
"af7ae505a9eed503f8b8e6982036873e"
x-goog-generation
1563271089052469
x-goog-hash
crc32c=hGsrhw==, md5=r3rlBanu1QP4uOaYIDaHPg==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
max-age=31557600
x-goog-stored-content-length
77160
accept-ranges
bytes
content-type
application/octet-stream
expires
Tue, 21 Nov 2023 19:01:18 GMT
8vIJ7ww63mVu7gt7-GT7LEc.woff2
fonts.gstatic.com/s/cinzel/v19/ 		13 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/cinzel/v19/8vIJ7ww63mVu7gt7-GT7LEc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?display=swap&family=Cinzel:400,700|Fauna+One:400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c4c83c2ad0e9386a1dbc4c1f631084943968d2bdffade74abf1acbcc87ef3c2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://uphold.sitelio.me
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 16:12:00 GMT
x-content-type-options
nosniff
age
99107
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13780
x-xss-protection
0
last-modified
Fri, 24 Jun 2022 18:48:30 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 15 Dec 2023 16:12:00 GMT
wlpzgwTPBVpjpCuwkuEB3kZK.woff2
fonts.gstatic.com/s/faunaone/v13/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/faunaone/v13/wlpzgwTPBVpjpCuwkuEB3kZK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?display=swap&family=Cinzel:400,700|Fauna+One:400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef7949fcabf4b5b0421194d350223cf551b194abc6292cec9a9e951b388fc08d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://uphold.sitelio.me
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 01:29:39 GMT
x-content-type-options
nosniff
age
65648
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9212
x-xss-protection
0
last-modified
Thu, 21 Apr 2022 16:27:05 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 16 Dec 2023 01:29:39 GMT
8vIJ7ww63mVu7gt79mT7.woff2
fonts.gstatic.com/s/cinzel/v19/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/cinzel/v19/8vIJ7ww63mVu7gt79mT7.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?display=swap&family=Cinzel:400,700|Fauna+One:400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5dc3de1acae3f4da0c269de47f720023720ab9ca0b84e61be6d57e1481a9e224
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://uphold.sitelio.me
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 13 Dec 2022 19:01:18 GMT
x-content-type-options
nosniff
age
261749
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24880
x-xss-protection
0
last-modified
Fri, 24 Jun 2022 18:49:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 13 Dec 2023 19:01:18 GMT
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
69998790fb83062362fac474d32fd2370c96fd3b9d2acb08e4ef8909540ed5cf

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/png
51653367
uphold.sitelio.me/v1.0/runtime/appmarket/render/2/ 		708 B
555 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://uphold.sitelio.me/v1.0/runtime/appmarket/render/2/51653367
Requested by
Host: runtime.builderservices.io
URL: https://runtime.builderservices.io/runtime-sitelio-21523/bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b394 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
feb4d5a89c89e815277af8eee1deb6d7f104e84b10f06ac4a1a0ed32056b0bab

Request headers

Referer
https://uphold.sitelio.me/?entity=4201580
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 16 Dec 2022 19:43:47 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
x-builder-tracking-id
34bfb149aee34b7b89c8cad2b9d06d99
vary
Accept-Encoding
x-worker-origin
skip-rule
content-type
application/json; charset=utf-8
cf-ray
77a9e8f179d59177-FRA
x-worker-version
1.0.0
m
images.builderservices.io/s/cdn/v1.0/i/ 		547 KB
548 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.builderservices.io/s/cdn/v1.0/i/m?url=https%3A%2F%2Fstorage.googleapis.com%2Fproduction-sitelio-v1-0-3%2F303%2F1540303%2FgYKITar2%2F06baa83271e742f49a1959b6c105f70d&methods=resize%2C2000%2C5000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:9709 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9f62699cbe74d061d38e2036e87012c7ae16f29ae2d2a0076e15f747982b693
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uphold.sitelio.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-engine
cloud
date
Fri, 16 Dec 2022 19:43:48 GMT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-length
560078
cf-resized
internal=ok/h q=0 n=20 c=11+424 v=2022.12.3 l=560078
last-modified
Wed, 30 Nov 2022 05:17:36 GMT
cf-bgj
imgq:93,h2pri
server
cloudflare
etag
"cfke478BGhsadnZa7emNkufKN-3j--lvTFa1FxIuPGDQ:6998e75056edc3b8b74e920d0f3041ec"
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, POST, PATCH, PUT, DELETE, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2678400
access-control-allow-credentials
true
cf-ray
77a9e8f1bfd05c20-FRA
access-control-allow-headers
*
sdk-insights-tracker
in-app.mywebsitebuilder.com/ 		20 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://in-app.mywebsitebuilder.com/sdk-insights-tracker?appMarketEnv=prod&debug=true&instanceJwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbnN0YW5jZUlkIjoiYWJiMWU2NzEyMzQ5NGEzYWFiYjYxNGEzZDMyNzI3N2MiLCJicmFuZCI6InNpdGVsaW8iLCJleHAiOjE2NzEzMDYyMjd9.tpOZuhRtac-sQpYz15fDqqpz8OUig7owLb_i5WCgQ_Q
Requested by
Host: runtime.builderservices.io
URL: https://runtime.builderservices.io/runtime-sitelio-21523/bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:a30a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
939b8f737d12f380c8dce8f579294323024d2f643d51fa2f0ccf56bc25989fa2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uphold.sitelio.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 16 Dec 2022 19:43:48 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
last-modified
Fri, 25 Oct 2019 09:38:44 GMT
server
cloudflare
etag
0x8D7592F1FA5BFFC
x-builder-tracking-id
97cec7064bf84fcfa35ebe3fec11bf19
vary
Accept-Encoding
content-type
application/javascript
cf-ray
77a9e8f43b869bca-FRA
x-builder-tracking-span-id
97cec7064bf84fcfa35ebe3fec11bf19
content-length
8974
/
in-us-east-event-hubs.servicebus.windows.net/in-us-east-event-hub-a1/messages/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://in-us-east-event-hubs.servicebus.windows.net/in-us-east-event-hub-a1/messages/?timeout=10
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.92.180.208 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://uphold.sitelio.me
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
authorization,content-type
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
https://uphold.sitelio.me
Access-Control-Max-Age
3600
Content-Length
0
Date
Fri, 16 Dec 2022 19:43:47 GMT
Server
Microsoft-HTTPAPI/2.0
Strict-Transport-Security
max-age=31536000
/
in-us-east-event-hubs.servicebus.windows.net/in-us-east-event-hub-a1/messages/ 		0
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://in-us-east-event-hubs.servicebus.windows.net/in-us-east-event-hub-a1/messages/?timeout=10
Requested by
Host: in-app.mywebsitebuilder.com
URL: https://in-app.mywebsitebuilder.com/sdk-insights-tracker?appMarketEnv=prod&debug=true&instanceJwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbnN0YW5jZUlkIjoiYWJiMWU2NzEyMzQ5NGEzYWFiYjYxNGEzZDMyNzI3N2MiLCJicmFuZCI6InNpdGVsaW8iLCJleHAiOjE2NzEzMDYyMjd9.tpOZuhRtac-sQpYz15fDqqpz8OUig7owLb_i5WCgQ_Q
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.92.180.208 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://uphold.sitelio.me/
accept-language
de-DE,de;q=0.9
Authorization
SharedAccessSignature sr=http%3A%2F%2Fin-us-east-event-hubs.servicebus.windows.net%2Fin-us-east-event-hub-a1&sig=9x%2Ba%2F5YGxSKLnisTvOx%2BsFnIX2PPNEfwAzmTm2xXsTk%3D&se=1671223428.265&skn=Send
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
application/json

Response headers

Access-Control-Allow-Origin
https://uphold.sitelio.me
Strict-Transport-Security
max-age=31536000
Date
Fri, 16 Dec 2022 19:43:47 GMT
Access-Control-Allow-Credentials
true
Server
Microsoft-HTTPAPI/2.0
Transfer-Encoding
chunked
Content-Type
application/xml; charset=utf-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange object| __features object| _featureSettings object| _page object| _WP_JSONP object| regeneratorRuntime number| 2f1acc6c3a606b082e5eef5e54414ffb object| _xsrfToken function| Velocity object| _GoogleMapsApi boolean| _isPublished object| _site function| __bi__ object| _feature_events function| showModal object| _zoomUpdateEvents object| EventHubHistory

3 Cookies

Domain/Path Name / Value
.uphold.sitelio.me/ Name: __cf_mw_byp
Value: l9onrZRY.h5eb6MW0ji5pfx1zJWRYuY9OwjFXPyhJzg-1671219822-0-/?entity=4201580
uphold.sitelio.me/ Name: app_key
Value: D6D3D156-BE64-AFD2-302E-B69BD2B9ABD5/1671219828264
uphold.sitelio.me/ Name: app_ses_key
Value: 3AFAF1E9-C8A4-0DD5-7101-D355F716EE15%3A1671219828264%3A%25/http%3A//uphold.sitelio.me/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

components.mywebsitebuilder.com
fonts.googleapis.com
fonts.gstatic.com
images.builderservices.io
in-app.mywebsitebuilder.com
in-us-east-event-hubs.servicebus.windows.net
runtime.builderservices.io
uphold.sitelio.me
13.92.180.208
2606:4700::6812:9709
2606:4700::6812:b394
2606:4700::6813:a30a
2a00:1450:4001:809::2003
2a00:1450:400d:807::200a
35.190.14.35
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
159ea9c0da84b42bb593feca2414e16abc87e8a4a063ef684bd36d6f7378180f
1c0e1624e149780dc718918e5b6eca2a31fe49da794eea97854ef10acfc76426
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
5dc3de1acae3f4da0c269de47f720023720ab9ca0b84e61be6d57e1481a9e224
69998790fb83062362fac474d32fd2370c96fd3b9d2acb08e4ef8909540ed5cf
770856a822fe81b9b90c3b0921095f16d8d4ef53ea504ec286ca7e1f7e910496
939b8f737d12f380c8dce8f579294323024d2f643d51fa2f0ccf56bc25989fa2
a4250564f2ff5183f214a4df07c969efbe35384d42a8a7345afa2b223a68e619
bd1411968f2f8d6fac8407f679d31f30939345c45bf1df811ba149120d879fb1
c4c83c2ad0e9386a1dbc4c1f631084943968d2bdffade74abf1acbcc87ef3c2e
d90b6faa16ab636780b40e42816eba2888f7206bfd800054e28a16829d048bfc
d9f62699cbe74d061d38e2036e87012c7ae16f29ae2d2a0076e15f747982b693
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef7949fcabf4b5b0421194d350223cf551b194abc6292cec9a9e951b388fc08d
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
feb4d5a89c89e815277af8eee1deb6d7f104e84b10f06ac4a1a0ed32056b0bab