promotisu.bid
Open in
urlscan Pro
2606:4700:3036::6815:8c8
Malicious Activity!
Public Scan
Effective URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473...
Submission: On January 20 via api from US — Scanned from US
Summary
TLS certificate: Issued by E1 on January 2nd 2024. Valid for: 3 months.
This is the only time promotisu.bid was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 185.140.54.135 185.140.54.135 | 200514 (KNOWNSRV) (KNOWNSRV) | |
1 1 | 50.115.174.138 50.115.174.138 | 32875 (VIRP) (VIRP) | |
2 19 | 2606:4700:303... 2606:4700:3036::6815:8c8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:440... 2606:4700:4400::ac40:93bc | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2606:4700:e4:... 2606:4700:e4::ac40:a507 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2607:f8b0:400... 2607:f8b0:4006:816::200a | 15169 (GOOGLE) (GOOGLE) | |
3 | 2606:4700:303... 2606:4700:3037::6815:4392 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 45.55.126.207 45.55.126.207 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
2 | 20.50.64.3 20.50.64.3 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
32 | 9 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
23 |
promotisu.bid
2 redirects
promotisu.bid beacon.promotisu.bid |
1 MB |
4 |
fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 1448 ka-f.fontawesome.com — Cisco Umbrella Rank: 3140 |
24 KB |
3 |
virtualpushplatform.com
virtualpushplatform.com — Cisco Umbrella Rank: 392976 |
5 KB |
2 |
pushvisit.xyz
pushvisit.xyz — Cisco Umbrella Rank: 348541 |
2 KB |
2 |
jinxmux.com
1 redirects
jinxmux.com |
653 B |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 28 |
849 B |
1 |
quberty.com
1 redirects
quberty.com |
632 B |
32 | 7 |
Domain | Requested by | |
---|---|---|
19 | promotisu.bid |
2 redirects
jinxmux.com
promotisu.bid |
4 | beacon.promotisu.bid |
promotisu.bid
|
3 | virtualpushplatform.com |
promotisu.bid
virtualpushplatform.com |
3 | ka-f.fontawesome.com |
kit.fontawesome.com
|
2 | pushvisit.xyz |
virtualpushplatform.com
|
2 | jinxmux.com | 1 redirects |
1 | fonts.googleapis.com |
promotisu.bid
|
1 | kit.fontawesome.com |
promotisu.bid
|
1 | quberty.com | 1 redirects |
32 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
jinxmux.com Sectigo RSA Domain Validation Secure Server CA |
2023-09-20 - 2024-09-19 |
a year | crt.sh |
promotisu.bid E1 |
2024-01-02 - 2024-04-01 |
3 months | crt.sh |
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-12-04 - 2025-01-03 |
a year | crt.sh |
ka-f.fontawesome.com GTS CA 1P5 |
2024-01-06 - 2024-04-05 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-12-11 - 2024-03-04 |
3 months | crt.sh |
virtualpushplatform.com Cloudflare Inc ECC CA-3 |
2024-01-14 - 2024-12-31 |
a year | crt.sh |
beacon.promotisu.bid R3 |
2024-01-13 - 2024-04-12 |
3 months | crt.sh |
pushvisit.xyz Sectigo RSA Domain Validation Secure Server CA |
2023-08-02 - 2024-08-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Frame ID: D92C9DFA81042F00EC96AAB28B251B30
Requests: 30 HTTP requests in this frame
Screenshot
Page Title
CostcoPage URL History Show full URLs
-
http://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23
HTTP 302
https://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23 Page URL
-
https://quberty.com/r/a3501303-1549-4168-88e0-7a84e1875424/473183/1437133294/1_22066
HTTP 302
https://promotisu.bid/sf/tpl9?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-... HTTP 301
http://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747... HTTP 301
https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747... Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23
HTTP 302
https://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23 Page URL
-
https://quberty.com/r/a3501303-1549-4168-88e0-7a84e1875424/473183/1437133294/1_22066
HTTP 302
https://promotisu.bid/sf/tpl9?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294 HTTP 301
http://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294 HTTP 301
https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23 HTTP 302
- https://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23
32 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
23
jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/ Redirect Chain
|
147 B 445 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
promotisu.bid/sf/tpl9/ Redirect Chain
|
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
268a7048dd.js
kit.fontawesome.com/ |
12 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.e20945059b52412df364.css
promotisu.bid/sf/tpl9/ |
9 MB 857 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img-4.png
promotisu.bid/sf/tpl9/public/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
like.png
promotisu.bid/sf/tpl9/public/ |
466 B 959 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img-5.png
promotisu.bid/sf/tpl9/public/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-6.png
promotisu.bid/sf/tpl9/public/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-7.png
promotisu.bid/sf/tpl9/public/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-3.png
promotisu.bid/sf/tpl9/public/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-8.png
promotisu.bid/sf/tpl9/public/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-9.png
promotisu.bid/sf/tpl9/public/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-10.png
promotisu.bid/sf/tpl9/public/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-11.png
promotisu.bid/sf/tpl9/public/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-12.png
promotisu.bid/sf/tpl9/public/ |
875 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
13.c7cb0d34.chunk.js
promotisu.bid/sf/tpl9/js/ |
390 KB 126 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app.7be75b3f.js
promotisu.bid/sf/tpl9/js/ |
886 KB 148 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
59 KB 13 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
26 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
3 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
2 KB 849 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ace-push.js
virtualpushplatform.com/ |
13 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
summary
beacon.promotisu.bid/geo/ |
126 B 580 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
costco.png
promotisu.bid/sf/tpl9/public/costco/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cart.png
promotisu.bid/sf/tpl9/public/costco/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0aa1ed35-047c-44e4-a211-47dc2b9c1be9
beacon.promotisu.bid/g/ |
113 B 582 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9803f154-47cf-4893-8b8f-050abdccfd99
beacon.promotisu.bid/s/ |
19 KB 10 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
9803f154-47cf-4893-8b8f-050abdccfd99
beacon.promotisu.bid/s/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
visit
pushvisit.xyz/api/v1/ |
2 KB 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
visit
pushvisit.xyz/api/v1/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
log-client-error
virtualpushplatform.com/api/v1/visit/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H3 |
log-client-error
virtualpushplatform.com/api/v1/visit/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| FontAwesomeKitConfig object| webpackJsonp function| _ object| core function| ScratchCard object| SCRATCH_TYPE function| initializeAcePush function| setBaseUrl function| getLocation function| registerServiceWorker3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
jinxmux.com/ | Name: uid25815 Value: 1437133294-20240120150714-d588f8077f55b058e90b31f0c0e39f86-4878 |
|
.virtualpushplatform.com/ | Name: TiPMix Value: 99.3849330590135 |
|
.virtualpushplatform.com/ | Name: x-ms-routing-name Value: self |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
beacon.promotisu.bid
fonts.googleapis.com
jinxmux.com
ka-f.fontawesome.com
kit.fontawesome.com
promotisu.bid
pushvisit.xyz
quberty.com
virtualpushplatform.com
185.140.54.135
20.50.64.3
2606:4700:3036::6815:8c8
2606:4700:3037::6815:4392
2606:4700:4400::ac40:93bc
2606:4700:e4::ac40:a507
2607:f8b0:4006:816::200a
45.55.126.207
50.115.174.138
01ff0a6dfebce308d517e495941065eb38cc8b37a7b2bf67df272aea25f69c40
022ed52cc9b74e014777c23c71c8af5cecba0f4cca91e1716fa07e70a1a961dc
0ca3bcdc244a011cff113f873678ee9de68479a7f6c7f360b171c3edbc96dd1a
0cee972f52f443216ed569505738e89b08925201f31b5d7a51783ee9a0dcc785
0e9774ab96c1ecac6a1069547fbcda58e9ec2ee24a0445b99a5fc421a6f6ecff
182600ef12499261e2e971331530eb1caacd6c2106c4c864d158ac9c4a9a2327
18f551911c68e079ef629648f47ad743c99d47e9d5c0d5a475c7392a1f0ab248
23533ed27dc1885253298758edd58bc3bfd0aba83da72ef332fc444ccace958d
4409414f7e2d21567df75696ae82d51a08563913103680af2d048be64381b7e0
4ba90609efbf3e11565b8b9005e57d80f53a8837ce693c9023ccb0626461d212
5b817d86aff80a58f7440cbf3f6e24eeab0c41cef66274d6972a465106af99fc
6b4e33dc9ef0b1336575b8ed8cda708f4547ff5c230fb5f1793e35ed46476644
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
6e5c0a74e6badb5493cfe21658c43ac319e5b21270b73a0a22192895fce91235
73cb358bf47ed149f8fd7e3eada678166cfab77538c313ba72cb6e38d13253fa
7adac1888791ad42f547c97c9c9dad37faee15dfb5e76f20eabc8a0a0b6168e9
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
845a5200eb01a02833e74b09ab84d6ec2aab5ee16211ee1a31b7eb6a4bb61ecc
8ccb0012003dab50823fce820de11c5930b427c0dc9203b574bd69b889b8951b
9b17d1bc53a49edcab5f29c232dde056d8ad18b6c948ad908134b64130eb2606
b0c40a3ef77aea7e48c710fa701af1d074224846ebf30cd9d82b7596c15da2c1
b95042810433c28c6811c0dc12a09d17d0975527cf1286afc89c73f7bef98930
e3bd0bb9c81300549973c534de26accf7b6104bed7bee20c8bf0371022dd7c2e
e8f6c96d3a54549641340194881aaab5294bf1bb91e645e9ee579d8fa8938bfd
fba1dafda080b2bf2c0074fc8eb29203c48f2afa916065df41a0a76e48f63987
fc48a6a88ccc0344ca9768de457004af880f9a59defc48691c3ec8709efe4947
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda
ff214ede87812bf3e599c1ee64eec782239874c03b53888692fbe95cee2b2d29