billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 3 HTTP transactions. The main IP is 162.222.225.77, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net.

This is the only time billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: State Bank of India (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:10:... 2606:4700:10::6814:8b41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	162.222.225.77 162.222.225.77	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
3	1

1 2606:4700:10::6814:8b41 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tinyurl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.222.225.77 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: plesk-web4.webhostbox.net

billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	webhostbox.net billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net	233 KB
1	tinyurl.com 1 redirects tinyurl.com — Cisco Umbrella Rank: 16079	406 B
3	2

	Domain	Requested by
3	billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net	billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net
1	tinyurl.com	1 redirects
3	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net/Dixie-Chambers-Don-Acosta-Alexis-Dodson-Wanda-Brown/
Frame ID: 215AA5ED738956A5AC1C46E90333B16A
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://tinyurl.com/a2sbaSBaI HTTP 307
https://tinyurl.com/a2sbaSBaI HTTP 301
http://billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net/Dixie-Chambers-Don-Acosta-Alexis-Dodson-Wanda-Brown/ Page URL

Page Statistics

3
Requests

0 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

233 kB
Transfer

233 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://tinyurl.com/a2sbaSBaI HTTP 307
https://tinyurl.com/a2sbaSBaI HTTP 301
http://billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net/Dixie-Chambers-Don-Acosta-Alexis-Dodson-Wanda-Brown/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net/Dixie-Chambers-Don-Acosta-Alexis-Dodson-Wanda-Brown/ Redirect Chain http://tinyurl.com/a2sbaSBaI https://tinyurl.com/a2sbaSBaI http://billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net/Dixie-Chambers-Don-Acosta-Alexis-Dodson-Wanda-Brown/	2 KB 1 KB	321ms 162ms	Document text/html	162.222.225.77 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL http://billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net/Dixie-Chambers-Don-Acosta-Alexis-Dodson-Wanda-Brown/ Protocol HTTP/1.1 Server 162.222.225.77 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS plesk-web4.webhostbox.net Software / ASP.NET Resource Hash `f61ac1600c1520a616e415c4eff35bfcfd3fc97581ee0b85326131c7a8430f9d` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Content-Encoding gzip Content-Length 995 Content-Type text/html Date Thu, 27 Oct 2022 13:29:31 GMT ETag "f627dcd3f2e5d81:0" Last-Modified Sat, 22 Oct 2022 08:46:50 GMT Server Vary Accept-Encoding X-Powered-By ASP.NET X-Powered-By-Plesk PleskWin Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control max-age=0, public, s-max-age=900, stale-if-error: 86400 cf-cache-status DYNAMIC cf-ray 760bc7f44e319a00-FRA content-type text/html; charset=UTF-8 date Thu, 27 Oct 2022 13:29:32 GMT location http://billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net/Dixie-Chambers-Don-Acosta-Alexis-Dodson-Wanda-Brown/ referrer-policy unsafe-url server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff x-powered-by PHP/8.1.8 x-xss-protection 1; mode=block
GET H/1.1	200 OK	HEADER12.jpg billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net/Dixie-Chambers-Don-Acosta-Alexis-Dodson-Wanda-Brown/	10 KB 10 KB	152ms 152ms	Image image/jpeg	162.222.225.77 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL http://billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net/Dixie-Chambers-Don-Acosta-Alexis-Dodson-Wanda-Brown/HEADER12.jpg Requested by Host: billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net URL: http://billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net/Dixie-Chambers-Don-Acosta-Alexis-Dodson-Wanda-Brown/ Protocol HTTP/1.1 Server 162.222.225.77 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS plesk-web4.webhostbox.net Software / ASP.NET Resource Hash `7f47db1674ce04f579ff72ca4eee3f6de5e87efc19d210655673a4b4cfd75632` Request headers accept-language de-DE,de;q=0.9 Referer http://billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net/Dixie-Chambers-Don-Acosta-Alexis-Dodson-Wanda-Brown/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36 Response headers X-Powered-By-Plesk PleskWin Date Thu, 27 Oct 2022 13:29:31 GMT Last-Modified Sat, 22 Oct 2022 08:46:44 GMT Server ETag "b466f3cff2e5d81:0" X-Powered-By ASP.NET Content-Type image/jpeg Accept-Ranges bytes Content-Length 9971
GET H/1.1	200 OK	NEEWMG.jpg billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net/Dixie-Chambers-Don-Acosta-Alexis-Dodson-Wanda-Brown/	221 KB 222 KB	300ms 154ms	Image image/jpeg	162.222.225.77 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL http://billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net/Dixie-Chambers-Don-Acosta-Alexis-Dodson-Wanda-Brown/NEEWMG.jpg Requested by Host: billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net URL: http://billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net/Dixie-Chambers-Don-Acosta-Alexis-Dodson-Wanda-Brown/ Protocol HTTP/1.1 Server 162.222.225.77 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS plesk-web4.webhostbox.net Software / ASP.NET Resource Hash `da1bf343a7afdb90a69432aa21648bf0c9df67f24948d2b7caec08e1d9b44c82` Request headers accept-language de-DE,de;q=0.9 Referer http://billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net/Dixie-Chambers-Don-Acosta-Alexis-Dodson-Wanda-Brown/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36 Response headers X-Powered-By-Plesk PleskWin Date Thu, 27 Oct 2022 13:29:31 GMT Last-Modified Sat, 22 Oct 2022 08:47:00 GMT Server ETag "1c4e81d9f2e5d81:0" X-Powered-By ASP.NET Content-Type image/jpeg Accept-Ranges bytes Content-Length 226775

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: State Bank of India (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net
tinyurl.com
162.222.225.77
2606:4700:10::6814:8b41
7f47db1674ce04f579ff72ca4eee3f6de5e87efc19d210655673a4b4cfd75632
da1bf343a7afdb90a69432aa21648bf0c9df67f24948d2b7caec08e1d9b44c82
f61ac1600c1520a616e415c4eff35bfcfd3fc97581ee0b85326131c7a8430f9d

billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net Open in urlscan Pro 162.222.225.77 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

3 Requests

0 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

1 IPs

1 Countries

233 kBTransfer

233 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

billderxu.co.in.162-222-225-77.plesk-web4.webhostbox.net Open in urlscan Pro
162.222.225.77 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

0 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

233 kB
Transfer

233 kB
Size

0
Cookies

3 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!