won800casino.com
Open in
urlscan Pro
69.65.31.55
Malicious Activity!
Public Scan
Submitted URL: https://won800casino.com/up/
Effective URL: https://won800casino.com/up/signin
Submission: On April 07 via manual from US — Scanned from DE
Effective URL: https://won800casino.com/up/signin
Submission: On April 07 via manual from US — Scanned from DE
Summary
This website contacted 3 IPs
in 1 countries
across 2 domains to perform 27 HTTP transactions.
The main IP is 69.65.31.55, located in
Arlington Heights, United States and
belongs to ASN-GIGENET, US.
The main domain is won800casino.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 5th 2022. Valid for: 3 months.
This is the only time won800casino.com was scanned on urlscan.io!
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 5th 2022. Valid for: 3 months.
This is the only time won800casino.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: USPS (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 6 | 69.65.31.55 69.65.31.55 | 32181 (ASN-GIGENET) (ASN-GIGENET) | |
| 16 | 2606:2800:233... 2606:2800:233:df95:1212:762c:504b:cf9d | 15133 (EDGECAST) (EDGECAST) | |
| 27 | 3 |
6
69.65.31.55
(Arlington Heights, United States)
ASN32181 (ASN-GIGENET, US)
PTR: rea2.readysetgo.host
ASN32181 (ASN-GIGENET, US)
PTR: rea2.readysetgo.host
| won800casino.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 16 |
usps.com
reg.usps.com — Cisco Umbrella Rank: 48299 |
92 KB |
| 6 |
won800casino.com
1 redirects
won800casino.com |
366 KB |
| 27 | 2 |
| Domain | Requested by | |
|---|---|---|
| 16 | reg.usps.com |
won800casino.com
reg.usps.com |
| 6 | won800casino.com |
1 redirects
won800casino.com
|
| 27 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| won800casino.com cPanel, Inc. Certification Authority |
2022-04-05 - 2022-07-04 |
3 months | crt.sh |
| *.usps.com DigiCert SHA2 Secure Server CA |
2020-05-14 - 2022-05-16 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://won800casino.com/up/signin
Frame ID: 6F932709EC420781CB6A3C8725BF8D82
Requests: 27 HTTP requests in this frame
Screenshot
Page Title
USPS.comĀ® - Verify AddressPage URL History Show full URLs
-
https://won800casino.com/up/
HTTP 302
https://won800casino.com/up/signin Page URL
Detected technologies
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://won800casino.com/up/
HTTP 302
https://won800casino.com/up/signin Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
signin
won800casino.com/up/ Redirect Chain
|
25 KB 26 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
usps-fonts.css
reg.usps.com//entreg/assets/css/globals/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.css
reg.usps.com//entreg/assets/css/vendor/bootstrap/3.5.5/ |
120 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap-sticky-footer.css
reg.usps.com//entreg/assets/css/vendor/bootstrap/3.5.5/ |
234 B 372 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
theme.css
reg.usps.com//entreg/assets/css/vendor/bootstrap/3.5.5/ |
63 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
tinyscrollbar.css
reg.usps.com//entreg/assets/css/vendor/tinyscrollbar/ |
9 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
gen_validatorv4.js
won800casino.com/up/lib/js/ |
31 KB 32 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.js
won800casino.com/up/lib/js/ |
286 KB 286 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.maskedinput.js
won800casino.com/up/lib/js/ |
10 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.payment.js
won800casino.com/up/lib/js/ |
11 KB 11 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
des_brd_2color_logo_34x50.png
reg.usps.com//entreg/assets/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
des_brd_2color_logo_260x59.png
reg.usps.com//entreg/assets/images/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rmin-step-1.png
reg.usps.com//entreg/assets/images/ |
506 B 567 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
info.png
reg.usps.com//entreg/assets/images/icons/ |
633 B 694 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
success-icon.png
reg.usps.com//entreg/assets/images/icons/ |
810 B 870 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sorry-icon.png
reg.usps.com//entreg/assets/images/icons/ |
826 B 886 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo-mini-sb.png
reg.usps.com/entreg/assets/images/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
facebook54x53.png
reg.usps.com/entreg/assets/images/footer/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
twitter54x53.png
reg.usps.com/entreg/assets/images/footer/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pinterest54x53.png
reg.usps.com/entreg/assets/images/footer/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
youtube54x53.png
reg.usps.com/entreg/assets/images/footer/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
d5af76d8-a90b-4527-b3a3-182207cc3250.woff
reg.usps.com/entreg/assets/fonts/usps/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
4a9c62ab-b359-4081-8383-a0d1cdebd111.woff
reg.usps.com/entreg/assets/fonts/usps/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
5b4a262e-3342-44e2-8ad7-719998a68134.woff
reg.usps.com/entreg/assets/fonts/usps/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
4a3ef5d8-cfd9-4b96-bd67-90215512f1e5.ttf
reg.usps.com/entreg/assets/fonts/usps/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
db5f9ba6-05a4-433a-9461-0a6f257a0c3a.ttf
reg.usps.com/entreg/assets/fonts/usps/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
1d238354-d156-4dde-89ea-4770ef04b9f9.ttf
reg.usps.com/entreg/assets/fonts/usps/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- reg.usps.com
- URL
- https://reg.usps.com/entreg/assets/fonts/usps/d5af76d8-a90b-4527-b3a3-182207cc3250.woff
- Domain
- reg.usps.com
- URL
- https://reg.usps.com/entreg/assets/fonts/usps/4a9c62ab-b359-4081-8383-a0d1cdebd111.woff
- Domain
- reg.usps.com
- URL
- https://reg.usps.com/entreg/assets/fonts/usps/5b4a262e-3342-44e2-8ad7-719998a68134.woff
- Domain
- reg.usps.com
- URL
- https://reg.usps.com/entreg/assets/fonts/usps/4a3ef5d8-cfd9-4b96-bd67-90215512f1e5.ttf
- Domain
- reg.usps.com
- URL
- https://reg.usps.com/entreg/assets/fonts/usps/db5f9ba6-05a4-433a-9461-0a6f257a0c3a.ttf
- Domain
- reg.usps.com
- URL
- https://reg.usps.com/entreg/assets/fonts/usps/1d238354-d156-4dde-89ea-4770ef04b9f9.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: USPS (Transportation)69 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails function| Validator function| sfm_validator_enable_focus function| add_addnl_vfunction function| set_addnl_vfunction function| run_addnl_validations function| sfm_set_focus function| sfm_disable_validations function| sfm_enable_show_msgs_together function| sfm_validator_message_disp_pos function| clear_all_validations function| form_submit_handler function| add_validation function| handle_item_on_killfocus function| validator_enable_OPED function| validator_enable_OPED_SB function| sfm_ErrorDisplayHandler function| edh_clear_msgs function| edh_FinalShowMsg function| edh_EnableOnPageDisplay function| edh_ShowMsg function| AlertMsgDisplayer function| alert_clearmsg function| alert_showmsg function| sfm_show_error_msg function| SingleBoxErrorDisplay function| sb_div_clearmsg function| sb_div_showmsg function| form_error_div_name function| sfm_show_div_msg function| DivMsgDisplayer function| div_clearmsg function| element_div_name function| div_showmsg function| show_div_msg function| ValidationDesc function| vdesc_validate function| ValidationSet function| add_validationdesc function| vset_validate function| validateEmail function| TestComparison function| TestSelMin function| TestSelMax function| IsCheckSelected function| TestDontSelectChk function| TestShouldSelectChk function| TestRequiredInput function| TestFileExtension function| TestMaxLen function| TestMinLen function| TestInputType function| TestEmail function| TestLessThan function| TestGreaterThan function| TestRegExp function| TestDontSelect function| TestSelectOneRadio function| TestSelectRadio function| validateInput function| VWZ_IsListItemSelected function| VWZ_IsChecked function| sfm_str_trim function| VWZ_IsEmpty function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| won800casino.com/ | Name: PHPSESSID Value: 76a0ca219cd5be1b833bec2f446ae2e8 |
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
reg.usps.com
won800casino.com
reg.usps.com
2606:2800:233:df95:1212:762c:504b:cf9d
69.65.31.55
03ca1e2ab37fb3830730e8732c052d69d07d48d5e91f90222584dc85935e612c
10544816ae4a69b52155ba141224b1d85e1e46db151fda7d1e674c277bfb0c4b
585262db6911000f59795831f9db7bb41477bcafb135c82b51b0473363134fcf
59f5e4d40c77bc5155713bc956ddb8f4c14e3438d906a920f977073a071fb228
5ffcf42b2df079d5018a41a9ab77bba083a5ba68b0bb973e0054cb6cc16802e0
67a4999a59962445831760592fbdc95e023c6c0884cec51fa7bc7cd22c6e0a8a
692d421d5c163409a5918e802f507abbaa6bec90baa454c5252977a5b3b7ff0d
6b1512cdc4e555e710a1312eb41622763d58d73d3e220b2af12084501f277b39
748622d4d088b843e200776ce65e48c3e7e4b3a7c0fc959c691d99def179205e
8dad9dde52c81931668987b33133434fc45072be0f2988d6654e04751c4c7fed
b3a08dd44a05750d27893ce5557ad47333e42d9be692e494675ea8a6b4a41ec5
ba301c5ae0d795e133519ac0d2891d8f9cf3820c487e029dbfef86cf61a0c5d2
bcafef03600ff7498457c30861f61146e46c7320c085bc27d540c1e2357bc3dc
c21e587f451bafb53b32a72423f894ac1d3c3c9d63f71fc47fe0f190ead12e94
c75ef4ed711014b31fe4cc01e7b96ee7723d2fe8b77c7158f45a885f1a15d4ad
ccbadff5afdc080f00da54378d4942b0587425a4179fb17ceb7df56f260d1cd7
cfb569ff4fa58691f534fce6b33a274e95f0fda0aeaaf75944cde559f556725a
dd58c5e5e7042748207f49ef8ac8d2247bc14ab632d0bb8f98ac6e6cdb2bca95
f3092fd4fc24e99f6c922814b77a3ff627d37b5a99dd2356a15a43b4b74c6c82
f4bbc1d72d017bef7a1d71c52e952861b92178cc2dd5378592eb875dfdae9b66
f9ca3b5aa9e7732b65432f646e07ff0a34841b512d850b040b9fda86f55b35a0