plasma-audio.com
Open in
urlscan Pro
2606:4700:3033::ac43:9ab4
Malicious Activity!
Public Scan
Effective URL: https://plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/
Submission Tags: phishing malicious Search All
Submission: On February 11 via api from JP
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 6th 2020. Valid for: a year.
This is the only time plasma-audio.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Saudi Post (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 59.106.171.15 59.106.171.15 | 9370 (SAKURA-B ...) (SAKURA-B SAKURA Internet Inc.) | |
1 | 2606:4700:303... 2606:4700:3033::6815:10d8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6810:a723 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 172.67.38.97 172.67.38.97 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 22 | 2606:4700:303... 2606:4700:3033::ac43:9ab4 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
26 | 5 |
ASN9370 (SAKURA-B SAKURA Internet Inc., JP)
PTR: www2005.sakura.ne.jp
tsunagari.sakura.ne.jp |
ASN13335 (CLOUDFLARENET, US)
secure.statcounter.com | |
c.statcounter.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
plasma-audio.com
1 redirects
plasma-audio.com |
183 KB |
2 |
statcounter.com
secure.statcounter.com c.statcounter.com |
13 KB |
1 |
cloudflare.com
ajax.cloudflare.com |
4 KB |
1 |
nullrefer.com
nullrefer.com |
1 KB |
1 |
sakura.ne.jp
tsunagari.sakura.ne.jp |
436 B |
26 | 5 |
Domain | Requested by | |
---|---|---|
22 | plasma-audio.com |
1 redirects
plasma-audio.com
|
1 | c.statcounter.com |
secure.statcounter.com
|
1 | secure.statcounter.com |
ajax.cloudflare.com
|
1 | ajax.cloudflare.com |
nullrefer.com
|
1 | nullrefer.com |
tsunagari.sakura.ne.jp
|
1 | tsunagari.sakura.ne.jp | |
26 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.paytabs.com |
mci.gov.sa |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-07-06 - 2021-07-06 |
a year | crt.sh |
ajax.cloudflare.com DigiCert ECC Secure Server CA |
2020-08-11 - 2022-08-16 |
2 years | crt.sh |
us-dallas.statcounter.com Sectigo RSA Domain Validation Secure Server CA |
2020-10-13 - 2021-11-13 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/
Frame ID: 9BD02B7C92DD00F9F373E54C30A5FD6F
Requests: 26 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://tsunagari.sakura.ne.jp/hp/wp-includes/css/js/ Page URL
- https://nullrefer.com/?https://plasma-audio.com/wp-content/Die-Post/ch/ni/ Page URL
-
https://plasma-audio.com/wp-content/Die-Post/ch/ni/
HTTP 302
https://plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/ Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Terms & Conditions
Search URL Search Domain Scan URL
Title: mci.gov.sa
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://tsunagari.sakura.ne.jp/hp/wp-includes/css/js/ Page URL
- https://nullrefer.com/?https://plasma-audio.com/wp-content/Die-Post/ch/ni/ Page URL
-
https://plasma-audio.com/wp-content/Die-Post/ch/ni/
HTTP 302
https://plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
tsunagari.sakura.ne.jp/hp/wp-includes/css/js/ |
236 B 436 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
nullrefer.com/ |
836 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rocket-loader.min.js
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
counter.js
secure.statcounter.com/counter/ |
38 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/ Redirect Chain
|
16 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t.php
c.statcounter.com/ |
377 B 577 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.css
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
111 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom.css
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
1 KB 694 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans.css
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
991 B 548 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading_payment.gif
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
11 KB 11 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
62617_1589791686.jpg
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
106 KB 107 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cards.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p1.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p2.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p3.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
credit-cards.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
visa-icon.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
master-card-icon.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sadad-en-2016.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rotate-device.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
express-checkout.png
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem8YaGs126MiZpBA-UFVZ0b.woff2
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem5YaGs126MiZpBA-UNirkOUuhp.woff2
plasma-audio.com/wp-content/Die-Post/ch/ni/NV6588123/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Saudi Post (Government)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| $cc1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.plasma-audio.com/ | Name: __cfduid Value: d020cc5ca8870bcaa255466cbc2c35a5e1613067589 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.cloudflare.com
c.statcounter.com
nullrefer.com
plasma-audio.com
secure.statcounter.com
tsunagari.sakura.ne.jp
172.67.38.97
2606:4700:3033::6815:10d8
2606:4700:3033::ac43:9ab4
2606:4700::6810:a723
59.106.171.15
0d38c2901f916ed13747352b787d6335ded7fa0096b030577e753111f24f337f
24659c763d595a3c543648ecce68060e3d9c6af0100991017278498d66ad8d6d
3604b08559df15098d75963e2716fc0f10c3a7c9972436349689b148e5e6a1bc
4f5cb44eaf44171c773db823b43d2f71b143ab0ccd73dafe2d4da75a9b527fba
5432b59decde382eae206cbe12dee7dd05ca9dcacb67f027a59b6a97a4379f07
61b508d7aa7229b16b250da21fcea88c59e619616830d8d45b9b49bf1411a776
704f42f2b8d5c2cf34161340102f38f70ead0a89f3a616b6f2c3ec1f500de3bd
8a67af5b95d4b4ff29b868b7d5ff794db7f269dfa67e43249f1053a874385b6e
8dda1f5573ab398e6e557a6219ec0d837ff4da16cf1ae23e598e57879af6f41a
92eda55cfcd4423dfa402b96ec7c4c4016e6299d06ef3f0393862c4216304d04
95ca2aecfd0c06c7c138910cd402deb49c713befd6e335e7270d8877b18bd125
a5ca036a508c4c10c3b1d0c1aa0bfd155ccffe2a63ed248fc1b22aaba1399a39
a6c46c09291b11b56ec8272f62213a7e29ed57ad13e943a61a7588a029bd65fa
a7a929e9986ff28daf0d6e93093ca394c33aabb143b6351a5e8ef6bc2a15f88a
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
bb447b5d391a18cf79981c8c26592338878594173c823797ca6433ea296609d8
bc74a9bd2c5f0b80ed89a44aade16452923be510caa69247f77b9122e27dd42e
bd36dfc472b2b4c5e14f8596b53d0c8aadce6714752b891660c9746ffa136e08
d5dce38263f5759f49f991a2a50098a91aa82ba3ce5a2eb33a66ea2a29855feb
ee1392847b6b7855cd14e4db7506e7451f813864b080e9cde3fe31050417b12a