www.oddsandpots.com
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Effective URL: https://www.oddsandpots.com/wp-admin/includes/PostBank/
Submission: On June 13 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 18th 2022. Valid for: a year.
This is the only time www.oddsandpots.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Postbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2001:1600:4:b... 2001:1600:4:b:3673:5aff:fea4:aa94 | 29222 (INFOMANIA...) (INFOMANIAK-AS) | |
1 21 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 3 | 23.36.163.228 23.36.163.228 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2a02:26f0:350... 2a02:26f0:3500:18::1724:a29c | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
23 | 3 |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-163-228.deploy.static.akamaitechnologies.com
img1.wsimg.com | |
img6.wsimg.com |
ASN20940 (AKAMAI-ASN1, NL)
events.api.secureserver.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
oddsandpots.com
1 redirects
www.oddsandpots.com |
1 MB |
3 |
wsimg.com
2 redirects
img1.wsimg.com — Cisco Umbrella Rank: 8734 img6.wsimg.com — Cisco Umbrella Rank: 11102 |
12 KB |
2 |
secureserver.net
events.api.secureserver.net — Cisco Umbrella Rank: 12459 |
588 B |
1 |
jesigxfat.dev
1 redirects
jesigxfat.dev |
273 B |
23 | 4 |
Domain | Requested by | |
---|---|---|
21 | www.oddsandpots.com |
1 redirects
www.oddsandpots.com
|
2 | events.api.secureserver.net |
img1.wsimg.com
|
2 | img1.wsimg.com | 2 redirects |
1 | img6.wsimg.com |
www.oddsandpots.com
|
1 | jesigxfat.dev | 1 redirects |
23 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-01-18 - 2023-01-17 |
a year | crt.sh |
*.api.secureserver.net Starfield Secure Certificate Authority - G2 |
2021-09-14 - 2022-10-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.oddsandpots.com/wp-admin/includes/PostBank/
Frame ID: 8CB3057A54C1E18B9A002F34727D15ED
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
LoginPage URL History Show full URLs
-
https://jesigxfat.dev/lmao
HTTP 302
https://www.oddsandpots.com/wp-admin/includes/PostBank HTTP 301
https://www.oddsandpots.com/wp-admin/includes/PostBank/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://jesigxfat.dev/lmao
HTTP 302
https://www.oddsandpots.com/wp-admin/includes/PostBank HTTP 301
https://www.oddsandpots.com/wp-admin/includes/PostBank/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 13- https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js HTTP 302
- https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 302
- https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.oddsandpots.com/wp-admin/includes/PostBank/ Redirect Chain
|
7 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
www.oddsandpots.com/wp-admin/includes/PostBank/assets/css/ |
152 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
helpers.css
www.oddsandpots.com/wp-admin/includes/PostBank/assets/css/ |
41 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fonts.css
www.oddsandpots.com/wp-admin/includes/PostBank/assets/css/ |
2 KB 943 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.css
www.oddsandpots.com/wp-admin/includes/PostBank/assets/css/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.svg
www.oddsandpots.com/wp-admin/includes/PostBank/assets/images/ |
6 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img1.jpg
www.oddsandpots.com/wp-admin/includes/PostBank/assets/images/ |
370 KB 371 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img2.jpg
www.oddsandpots.com/wp-admin/includes/PostBank/assets/images/ |
15 KB 16 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img3.jpg
www.oddsandpots.com/wp-admin/includes/PostBank/assets/images/ |
186 KB 187 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
www.oddsandpots.com/wp-admin/includes/PostBank/assets/js/ |
86 KB 32 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
popper.min.js
www.oddsandpots.com/wp-admin/includes/PostBank/assets/js/ |
20 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
www.oddsandpots.com/wp-admin/includes/PostBank/assets/js/ |
133 KB 26 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fontawesome.min.js
www.oddsandpots.com/wp-admin/includes/PostBank/assets/js/ |
1 MB 371 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
www.oddsandpots.com/wp-admin/includes/PostBank/assets/js/ |
2 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tccl.min.js
img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/ Redirect Chain
|
44 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
OpenSans-Bold.woff
www.oddsandpots.com/wp-admin/includes/PostBank/assets/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
OpenSans-SemiBold.woff
www.oddsandpots.com/wp-admin/includes/PostBank/assets/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
OpenSans-Regular.woff
www.oddsandpots.com/wp-admin/includes/PostBank/assets/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
OpenSans-Regular.ttf
www.oddsandpots.com/wp-admin/includes/PostBank/assets/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
OpenSans-Bold.ttf
www.oddsandpots.com/wp-admin/includes/PostBank/assets/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
OpenSans-SemiBold.ttf
www.oddsandpots.com/wp-admin/includes/PostBank/assets/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event
events.api.secureserver.net/t/1/tl/ |
43 B 294 B |
XHR
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event
events.api.secureserver.net/t/1/tl/ |
43 B 294 B |
XHR
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Postbank (Banking)25 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| $ function| jQuery function| Popper object| bootstrap object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome boolean| isShift string| seperator string| dash function| cc_date function| date_of_birth object| _trfd boolean| _tcclPageReqFired object| _tcclInternal object| _expDataLayer object| _trfq object| tccl2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.oddsandpots.com/ | Name: _tccl_visitor Value: b794f7dc-6b5c-539f-9149-98811b9c7a3e |
|
.oddsandpots.com/ | Name: _tccl_visit Value: b794f7dc-6b5c-539f-9149-98811b9c7a3e |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
events.api.secureserver.net
img1.wsimg.com
img6.wsimg.com
jesigxfat.dev
www.oddsandpots.com
2001:1600:4:b:3673:5aff:fea4:aa94
23.36.163.228
2a02:26f0:3500:18::1724:a29c
2a06:98c1:3121::3
130d73c4eb6e09d7372576762b61bdc69ccc112befefde6c40220278baf30686
1ad849d8a916dcde00adb1ee3d0f21c7f636a98b7b2c49f57194f245d37b2e91
21bd54c766f0a1385f24f0b9a074e83881d82288d9d31bab0e3076721121f52e
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58
387f1794c17dee4f44dc6bc96ad7dd835706cc3f2e30bea841f626f583abb4b0
4fa75ee47fff91e4313626e9472aafb62b06467c269bdac1e1ac767ac96eb235
550778f7050b2f39fc38c8e326c78e0a53921774f9f39dd3685f1c73efee2613
615e782518f2abc201644955b4569770d416f0ca2444d2f4c76b4475aa542f9b
6cb0efedc1729d965016a35584cb00b03aa46e1a5e170f4b3ce092c7c3e99ec7
946660bb68994bd9480fd5822b55ebd2907bcf76927305e84f47c20431568789
a94a3b55a2d818dfc6b95d9fc158d1674d2069e1d3f2848f568a18390ae5b3c1
ae576713bc196098f7438dede6ff1f835a23291c32b745ad7e6fb6db809a719b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
d73bea9406631c38d4e2ececd4531cd7522c7edf81b57d08caf074654a5e1569
e08509dbc957f16b23edf52159c4403dded420c385bcc4524a7ce4802ba3dfb0