urlscan.io logo urlscan.io
SecurityTrails logo

greetcup.s2-tastewp.com Open in urlscan Pro
104.21.54.107  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/PLj8SQu2vd
Effective URL: https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
Submission: On April 04 via manual from AU — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 10 HTTP transactions. The main IP is 104.21.54.107, located in and belongs to CLOUDFLARENET, US. The main domain is greetcup.s2-tastewp.com.
TLS certificate: Issued by GTS CA 1P5 on February 6th 2023. Valid for: 3 months.
This is the only time greetcup.s2-tastewp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Australian Government (Government)

Domain & IP information

IP Address AS Autonomous System
1 104.244.42.133 13414 (TWITTER)
1 195.110.124.188 39729 (REGISTER-AS)
1 1 172.64.148.75 13335 (CLOUDFLAR...)
2 10 104.21.54.107 13335 (CLOUDFLAR...)
10 3
Apex Domain
Subdomains		 Transfer
10 s2-tastewp.com
greetcup.s2-tastewp.com
148 KB
1 myclickfunnels.com
klientelv1.myclickfunnels.com
2 KB
1 droniasti.it
australix.droniasti.it
342 B
1 t.co
t.co — Cisco Umbrella Rank: 525
722 B
10 4
Domain Requested by
10 greetcup.s2-tastewp.com 2 redirects australix.droniasti.it
greetcup.s2-tastewp.com
1 klientelv1.myclickfunnels.com 1 redirects
1 australix.droniasti.it t.co
1 t.co
10 4

This site contains no links.

Subject Issuer Validity Valid
t.co
DigiCert TLS RSA SHA256 2020 CA1		 2022-12-25 -
2023-12-25		 a year crt.sh
*.s2-tastewp.com
GTS CA 1P5		 2023-02-06 -
2023-05-07		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
Frame ID: 902484833A79D59E172E10A5F333EA1B
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://t.co/PLj8SQu2vd Page URL
  2. http://australix.droniasti.it/ Page URL
  3. https://klientelv1.myclickfunnels.com/australia--e7299 HTTP 302
    https://greetcup.s2-tastewp.com/DPvBGeCihn/app/ HTTP 302
    https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/index.php?valid=true&id=88761264 HTTP 302
    https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

90 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

148 kB
Transfer

503 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/PLj8SQu2vd Page URL
  2. http://australix.droniasti.it/ Page URL
  3. https://klientelv1.myclickfunnels.com/australia--e7299 HTTP 302
    https://greetcup.s2-tastewp.com/DPvBGeCihn/app/ HTTP 302
    https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/index.php?valid=true&id=88761264 HTTP 302
    https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
PLj8SQu2vd
t.co/ 		280 B
722 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/PLj8SQu2vd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.133 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_m /
Resource Hash
Security Headers
Name Value
Content-Security-Policy referrer always;
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
private,max-age=300
content-encoding
gzip
content-length
190
content-security-policy
referrer always;
content-type
text/html; charset=utf-8
date
Tue, 04 Apr 2023 22:19:49 GMT
expires
Tue, 04 Apr 2023 22:24:50 GMT
perf
7626143928
referrer-policy
unsafe-url
server
tsa_m
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
d9f45967a5f87adf6cefc06fb4cfc09be86ed2bd9feae294d1b1b63b105d0b9a
x-response-time
106
x-transaction-id
fd2e1dd87201a206
x-xss-protection
0
/
australix.droniasti.it/ 		115 B
342 B 		Document
General
Check archive.org
Download Go to
Full URL
http://australix.droniasti.it/
Requested by
Host: t.co
URL: https://t.co/PLj8SQu2vd
Protocol
HTTP/1.1
Server
195.110.124.188 , Italy, ASN39729 (REGISTER-AS, IT),
Reverse DNS
opus.register.it
Software
Apache /
Resource Hash

Request headers

Referer
https://t.co/PLj8SQu2vd
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
close
Content-Language
it
Content-Length
115
Content-Type
text/html
Date
Tue, 04 Apr 2023 22:19:51 GMT
Last-Modified
Tue, 04 Apr 2023 03:17:33 GMT
Server
Apache
Primary Request l1254net1.php
greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/
Redirect Chain
  • https://klientelv1.myclickfunnels.com/australia--e7299
  • https://greetcup.s2-tastewp.com/DPvBGeCihn/app/
  • https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/index.php?valid=true&id=88761264
  • https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
9 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
Requested by
Host: australix.droniasti.it
URL: http://australix.droniasti.it/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d02e66380e4e7c2bced91ed913a1e1997482922b3c1cd850019ed557878ba65c

Request headers

Referer
http://australix.droniasti.it/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7b2cef894b6f2b32-MEL
content-encoding
br
content-type
text/html; charset-UTF-8;charset=UTF-8
date
Tue, 04 Apr 2023 22:19:56 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BI266uuOT6V3D8bz%2FAShtLeg%2BG2oScMj0ewWdFDhsgx0xvC1QQ57M0EjHTYgsvKJA32uMRCEd%2Bsf4vTmF1w3cKHaJ8kbCZ2YP%2BeYxmn5E6jUiYj7%2FpJhAsB3ouVRKtRl0BzGXs0R04NKvw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7b2cef86ec662b38-MEL
content-type
text/html; charset-UTF-8;charset=UTF-8
date
Tue, 04 Apr 2023 22:19:55 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
./l1254net1.php?id=904877
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CWaBNuwQ7LZfjxpINDimBcBEASiDJDHUZhaD3moy8kZ5WnAUI9O9Vb2wH3jxMKJVSihAebAjCtdbfy7%2BKe3q0491LLHGWWRXEXouAQvLnItb%2FZOCk8gehCEEUePezZR5ItVpkw%2FjmyFL1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
324325365322423.css
greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/css/ 		123 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/css/324325365322423.css
Requested by
Host: greetcup.s2-tastewp.com
URL: https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8aab26023d9bb302b5a19422796f2902655bbbf5425a5809caf186dc8c99616

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 04 Apr 2023 22:19:56 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 03 Apr 2023 16:47:53 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
67559
etag
W/"642b0339-1ea81"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KeMc1ZEzeuyBmq%2BR8ELzEUp1nAqpaF3zU71L3OBnXysdN94QNKR6F22A%2BQO%2BrMhbpF6Ts%2BBTt4WNPtGR%2BsvCNTeg%2FioDAvC6EuTDo0ohUY3ARJQ5%2BvLVmf1DtzQhw%2BymKQV%2Fg%2FUqaNjSSg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=315360000
cf-ray
7b2cef8baed92b32-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
84848037100.svg
greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/imgs// 		113 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/imgs//84848037100.svg
Requested by
Host: greetcup.s2-tastewp.com
URL: https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42ded01e719714429c120fcb2076b685587196056c7e75306c7ba0da5fd91721

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 04 Apr 2023 22:19:56 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 03 Apr 2023 16:47:53 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
67559
etag
W/"642b0339-1c460"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b8vnspa9xAREc70iy1yRn9pQW7xK4sC9ymPwDJVapJ9bB04ARVK%2FOz22OpKcnCLzE%2BpizkCfaUUQ0FIgDDML5dVutMBvPG3NgdYxdZ6U%2FWwIcMA1suIgGsx%2B6zSvXSO3NgcK0%2BaNp4s8FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=315360000
cf-ray
7b2cef8baedb2b32-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
848480371001235.svg
greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/imgs// 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/imgs//848480371001235.svg
Requested by
Host: greetcup.s2-tastewp.com
URL: https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91e0d494b2136f506c63c13ebf1ac4a220a6e53a176ee4714505cf3703d0bdbb

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 04 Apr 2023 22:19:56 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 03 Apr 2023 16:47:53 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
67560
etag
W/"642b0339-8a1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sbBRdqRfs6tPwB4dXfvdbozNuYtiogq7EQRkgh7usNX2n48C5FBx1aAudKAucqQaO0hY4bHxthG%2Ft3oOUx7QmcvTs9PLHyPYjKuV69NeDLNQuI3D9bjk1VYhSl0NyBOapjPqdnb8o%2BKWWw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=315360000
cf-ray
7b2cef8baef22b32-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
848480371001.svg
greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/imgs// 		71 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/imgs//848480371001.svg
Requested by
Host: greetcup.s2-tastewp.com
URL: https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bfbb8c3288312fe27cba0cdd45fe392f7f8af33c3d61c78b133744c7b494c8e8

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 04 Apr 2023 22:19:56 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 03 Apr 2023 16:47:53 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
67557
etag
W/"642b0339-11a6c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Jy%2FMrua7ADM%2FJP6oF9IHmwEfEXm94zI8JE1LeFLfd7K%2BLn%2BY%2FdyEKi%2FnCDSVeql%2Bgf6W%2BN582157tidddProQAOQ%2F7tGuSYg3MFNcKV4neoHeWtJCaT8ViKiebPtyUqJ2MF3C8Bj7oMCw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=315360000
cf-ray
7b2cef8baef42b32-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
app-vendor.js
greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/js// 		148 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/js//app-vendor.js
Requested by
Host: greetcup.s2-tastewp.com
URL: https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2bedda083bdbe6820e493159f1e3e27146b96ef6840094bd74447925e8c66e26

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 04 Apr 2023 22:19:56 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 03 Apr 2023 16:47:53 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
67560
etag
W/"642b0339-251cf"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2BAm3FptMRAsCsjzBrNq8WZU31i6S1OuhNEwwdllXMGo3CztOKLR%2FmSPpcHa4tZK97hcw26QMDoXnPMHKMkvei%2Fp%2FAcJAyHoonwvWPhvPyeeRfB3aAQihLEX%2Bt%2FCDUrbDa0IQfNsz2SC3w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=315360000
cf-ray
7b2cef8baeed2b32-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
main.js
greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/js// 		19 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/js//main.js
Requested by
Host: greetcup.s2-tastewp.com
URL: https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d087dd1694261a3ed5201e7c14f1f7a1ba4201a3f39a7ba839a5e8d4515f678

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 04 Apr 2023 22:19:56 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 03 Apr 2023 16:47:53 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
67560
etag
W/"642b0339-4d9e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XWXTNKa1jYaEnrjwJl%2F6xH2TnLQZ9rqY2YFADVzvNuC7PKoT2m6YLMUL2JOYs0mfpPQGuB16lzLTjY8odbJw9yd8T6hRdSIcMzkDGHz0xo2P0gglFAxGRNTjexU6L3JhCAV5%2FdzwC6xf%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=315360000
cf-ray
7b2cef8baeef2b32-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.payment.js
greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/js// 		18 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/layouts/js//jquery.payment.js
Requested by
Host: greetcup.s2-tastewp.com
URL: https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7399d77beb8b8da046b06a4e106e28ac095ec09882a6cf6e04d52735396a1b6

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://greetcup.s2-tastewp.com/DPvBGeCihn/app/q99550/l1254net1.php?id=904877
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 04 Apr 2023 22:19:56 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 03 Apr 2023 16:47:53 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
67560
etag
W/"642b0339-4732"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=46w6Eh3Lp3lofeq37%2BkHu%2Bco8%2FZfwyxhXatjrdE14k2m6TIrYOadkkuPkuWzas6n5osyfC9lZtveVDigzOR7kCGgVuiO8oW6LWqEWDprWRtxmPqf8zCSemkD3AZ6dBe2RlzS2wXUDLtYeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=315360000
cf-ray
7b2cef8baef02b32-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Australian Government (Government)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery function| moment function| cleanDefaultValues function| setMandatoryValues function| findInfoOrErrorParent function| findSuccessParent function| clearMessageType function| setErrorParent object| formHelper object| global

9 Cookies

Domain/Path Name / Value
.t.co/ Name: muc
Value: 892c4461-b1f4-440d-b0cc-05219ca7074e
.t.co/ Name: muc_ads
Value: 892c4461-b1f4-440d-b0cc-05219ca7074e
klientelv1.myclickfunnels.com/ Name: ahoy_visitor
Value: ffa2040b-87f2-4fca-a3a3-478766243bc0
klientelv1.myclickfunnels.com/ Name: ahoy_visit
Value: e0dcef8b-f3f3-4eb9-af67-6df0b7e1c914
klientelv1.myclickfunnels.com/ Name: cfhoy_visitor
Value: ffa2040b-87f2-4fca-a3a3-478766243bc0
.myclickfunnels.com/ Name: cfhoy_visitor
Value: 4ce3f074-17c5-4422-a245-b74213d4cfad
.myclickfunnels.com/ Name: _cf_session
Value: C6ZTyKeKpux6GNVnzB2rRrYk3xOs28niGTM1Gnah1xJU%2Bpoc2mmzU6xvD0psI5xJ%2BYnVugu2lngtDOhKc9oT1YFo%2FyjE9BAHWEYOOQ7ykPjUZA%2BiAs7iiqflX0qsjFFNwL9om43hyGaXxIUBB1JdYZ3f03uzAcMwktEgmL5qz%2B1QMBOP%2BSF4QreF3NsgcdW4V2VCxtuStpNshOubQHKsvo4GdCZDmgnP%2FqW%2BIa9SlNRB%2Fly32i0a7n5DMl8OGOUtKoTAtOeEG0bWwZueoIMmFtlFl2t0jbaXWFDU4eus1E0J2I8nzS%2FRYgmb0WT7RQ9HACPBok5FzUo%3D--SpnlmGCP8NLFmNtW--vyNWt8kfJ1VumM%2BCLpFrqQ%3D%3D
.myclickfunnels.com/ Name: __cf_bm
Value: EqENZtS3y.RJC8lFfu6.yetyld7MefrmNdrsuIKBotM-1680646793-0-AYZGlOSRdvUs+hFX988cDoQdFPZHx8wB4C78IUL8/dSrxzUPV8PqqmLxcKFK5ABTJ9otXn8gnGIcAkYiU2B6qfo=
greetcup.s2-tastewp.com/ Name: WP-TSW-Session
Value: 58379e3mj8gnre4vb4he8s6bmt

1 Console Messages

Source Level URL
Text
security error URL: https://t.co/PLj8SQu2vd
Message:
Unrecognized Content-Security-Policy directive 'referrer'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy referrer always;
Strict-Transport-Security max-age=0
X-Xss-Protection 0