urlscan.io logo urlscan.io
SecurityTrails logo

cuaspa.com Open in urlscan Pro
104.198.217.65  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://cuaspa.com/wp-content/themes/classic/images/AuVn9O7uLpS9CAIbuX9tAuVn9O7uLpS9CAIbuX9t/
Submission: On May 10 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 2 HTTP transactions. The main IP is 104.198.217.65, located in Council Bluffs, United States and belongs to GOOGLE, US. The main domain is cuaspa.com.
TLS certificate: Issued by R3 on April 23rd 2023. Valid for: 3 months.
This is the only time cuaspa.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

IP Address AS Autonomous System
1 104.198.217.65 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
2 3
Apex Domain
Subdomains		 Transfer
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 385
31 KB
1 cuaspa.com
cuaspa.com
287 KB
2 2
Domain Requested by
1 ajax.googleapis.com cuaspa.com
1 cuaspa.com
2 2

This site contains links to these domains. Also see Links.

Domain
support.google.com
accounts.google.com
Subject Issuer Validity Valid
cuaspa.com
R3		 2023-04-23 -
2023-07-22		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-04-17 -
2023-07-10		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://cuaspa.com/wp-content/themes/classic/images/AuVn9O7uLpS9CAIbuX9tAuVn9O7uLpS9CAIbuX9t/
Frame ID: 21C5B6C6B99A882547A153301D258775
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in - Google Accounts

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

2
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

318 kB
Transfer

824 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
cuaspa.com/wp-content/themes/classic/images/AuVn9O7uLpS9CAIbuX9tAuVn9O7uLpS9CAIbuX9t/ 		491 KB
287 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cuaspa.com/wp-content/themes/classic/images/AuVn9O7uLpS9CAIbuX9tAuVn9O7uLpS9CAIbuX9t/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.198.217.65 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
65.217.198.104.bc.googleusercontent.com
Software
nginx / WP Engine
Resource Hash
726225d780e0803f85f09442b12ae733e518960129c91aa469b6d6c066f88df2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
max-age=600, must-revalidate
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html
date
Wed, 10 May 2023 15:20:19 GMT
etag
W/"7ab83-5fb24693ce134-gzip"
last-modified
Mon, 08 May 2023 01:18:06 GMT
server
nginx
vary
Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache
HIT: 5
x-cache-group
normal
x-cacheable
SHORT
x-powered-by
WP Engine
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: cuaspa.com
URL: https://cuaspa.com/wp-content/themes/classic/images/AuVn9O7uLpS9CAIbuX9tAuVn9O7uLpS9CAIbuX9t/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::200a New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cuaspa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 15:19:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
70
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31021
x-xss-protection
0
last-modified
Fri, 08 May 2020 07:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 09 May 2024 15:19:09 GMT
truncated
/ 		246 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aadfcaf72b321bcc9e5d2c61c9df681ad625e0383093108174a11fe4014c5dac

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		356 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bbb22484b6ac90a9bcddc4158e5b530c078c475b78ceab0a9873719ec7e87eb9

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		267 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery object| WIZ_global_data string| viewPathPrefix

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests