greetcup.s2-tastewp.com
Open in
urlscan Pro
104.21.54.107
Malicious Activity!
Public Scan
Effective URL: https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
Submission: On April 04 via manual from AU — Scanned from AU
Summary
TLS certificate: Issued by GTS CA 1P5 on February 6th 2023. Valid for: 3 months.
This is the only time greetcup.s2-tastewp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Australian Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 104.244.42.133 104.244.42.133 | 13414 (TWITTER) (TWITTER) | |
1 | 195.110.124.188 195.110.124.188 | 39729 (REGISTER-AS) (REGISTER-AS) | |
1 1 | 172.64.148.75 172.64.148.75 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 10 | 104.21.54.107 104.21.54.107 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
s2-tastewp.com
2 redirects
greetcup.s2-tastewp.com |
148 KB |
1 |
myclickfunnels.com
1 redirects
klientelv1.myclickfunnels.com |
2 KB |
1 |
droniasti.it
australix.droniasti.it |
342 B |
1 |
t.co
t.co — Cisco Umbrella Rank: 525 |
722 B |
10 | 4 |
Domain | Requested by | |
---|---|---|
10 | greetcup.s2-tastewp.com |
2 redirects
australix.droniasti.it
greetcup.s2-tastewp.com |
1 | klientelv1.myclickfunnels.com | 1 redirects |
1 | australix.droniasti.it |
t.co
|
1 | t.co | |
10 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
t.co DigiCert TLS RSA SHA256 2020 CA1 |
2022-12-25 - 2023-12-25 |
a year | crt.sh |
*.s2-tastewp.com GTS CA 1P5 |
2023-02-06 - 2023-05-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
Frame ID: 902484833A79D59E172E10A5F333EA1B
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://t.co/PLj8SQu2vd Page URL
- http://australix.droniasti.it/ Page URL
-
https://klientelv1.myclickfunnels.com/australia--e7299
HTTP 302
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/ HTTP 302
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/index.php?valid=true&id=88761264 HTTP 302
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877 Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Ahoy (Analytics) Expand
Detected patterns
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://t.co/PLj8SQu2vd Page URL
- http://australix.droniasti.it/ Page URL
-
https://klientelv1.myclickfunnels.com/australia--e7299
HTTP 302
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/ HTTP 302
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/index.php?valid=true&id=88761264 HTTP 302
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
PLj8SQu2vd
t.co/ |
280 B 722 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
australix.droniasti.it/ |
115 B 342 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
l1254net1.php
greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/ Redirect Chain
|
9 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
324325365322423.css
greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/css/ |
123 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
84848037100.svg
greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/imgs// |
113 KB 34 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
848480371001235.svg
greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/imgs// |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
848480371001.svg
greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/imgs// |
71 KB 26 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app-vendor.js
greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/js// |
148 KB 52 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/js// |
19 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.payment.js
greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/js// |
18 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Australian Government (Government)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery function| moment function| cleanDefaultValues function| setMandatoryValues function| findInfoOrErrorParent function| findSuccessParent function| clearMessageType function| setErrorParent object| formHelper object| global9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.t.co/ | Name: muc Value: 892c4461-b1f4-440d-b0cc-05219ca7074e |
|
.t.co/ | Name: muc_ads Value: 892c4461-b1f4-440d-b0cc-05219ca7074e |
|
klientelv1.myclickfunnels.com/ | Name: ahoy_visitor Value: ffa2040b-87f2-4fca-a3a3-478766243bc0 |
|
klientelv1.myclickfunnels.com/ | Name: ahoy_visit Value: e0dcef8b-f3f3-4eb9-af67-6df0b7e1c914 |
|
klientelv1.myclickfunnels.com/ | Name: cfhoy_visitor Value: ffa2040b-87f2-4fca-a3a3-478766243bc0 |
|
.myclickfunnels.com/ | Name: cfhoy_visitor Value: 4ce3f074-17c5-4422-a245-b74213d4cfad |
|
.myclickfunnels.com/ | Name: _cf_session Value: C6ZTyKeKpux6GNVnzB2rRrYk3xOs28niGTM1Gnah1xJU%2Bpoc2mmzU6xvD0psI5xJ%2BYnVugu2lngtDOhKc9oT1YFo%2FyjE9BAHWEYOOQ7ykPjUZA%2BiAs7iiqflX0qsjFFNwL9om43hyGaXxIUBB1JdYZ3f03uzAcMwktEgmL5qz%2B1QMBOP%2BSF4QreF3NsgcdW4V2VCxtuStpNshOubQHKsvo4GdCZDmgnP%2FqW%2BIa9SlNRB%2Fly32i0a7n5DMl8OGOUtKoTAtOeEG0bWwZueoIMmFtlFl2t0jbaXWFDU4eus1E0J2I8nzS%2FRYgmb0WT7RQ9HACPBok5FzUo%3D--SpnlmGCP8NLFmNtW--vyNWt8kfJ1VumM%2BCLpFrqQ%3D%3D |
|
.myclickfunnels.com/ | Name: __cf_bm Value: EqENZtS3y.RJC8lFfu6.yetyld7MefrmNdrsuIKBotM-1680646793-0-AYZGlOSRdvUs+hFX988cDoQdFPZHx8wB4C78IUL8/dSrxzUPV8PqqmLxcKFK5ABTJ9otXn8gnGIcAkYiU2B6qfo= |
|
greetcup.s2-tastewp.com/ | Name: WP-TSW-Session Value: 58379e3mj8gnre4vb4he8s6bmt |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | referrer always; |
Strict-Transport-Security | max-age=0 |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
australix.droniasti.it
greetcup.s2-tastewp.com
klientelv1.myclickfunnels.com
t.co
104.21.54.107
104.244.42.133
172.64.148.75
195.110.124.188
2bedda083bdbe6820e493159f1e3e27146b96ef6840094bd74447925e8c66e26
2d087dd1694261a3ed5201e7c14f1f7a1ba4201a3f39a7ba839a5e8d4515f678
42ded01e719714429c120fcb2076b685587196056c7e75306c7ba0da5fd91721
91e0d494b2136f506c63c13ebf1ac4a220a6e53a176ee4714505cf3703d0bdbb
bfbb8c3288312fe27cba0cdd45fe392f7f8af33c3d61c78b133744c7b494c8e8
c8aab26023d9bb302b5a19422796f2902655bbbf5425a5809caf186dc8c99616
d02e66380e4e7c2bced91ed913a1e1997482922b3c1cd850019ed557878ba65c
d7399d77beb8b8da046b06a4e106e28ac095ec09882a6cf6e04d52735396a1b6