ignite.lk Open in urlscan Pro
72.167.206.184 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ignite.lk/?f=MTAmYW1wO2k9MTA3NzEw
Submission: On March 23 via manual (March 23rd 2024, 5:28:32 am UTC) from ID — Scanned from DE

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 17 HTTP transactions. The main IP is 72.167.206.184, located in Ashburn, United States and belongs to GO-DADDY-COM-LLC, US. The main domain is ignite.lk.
TLS certificate: Issued by R3 on March 17th 2024. Valid for: 3 months.

This is the only time ignite.lk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	72.167.206.184 72.167.206.184	398101 (GO-DADDY-...) (GO-DADDY-COM-LLC)
10	217.21.85.69 217.21.85.69	47583 (AS-HOSTINGER) (AS-HOSTINGER)
6	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
17	4

1 72.167.206.184 (Ashburn, United States)

ASN398101 (GO-DADDY-COM-LLC, US)
PTR: 184.206.167.72.host.secureserver.net

ignite.lk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 217.21.85.69 (Mumbai, India)

ASN47583 (AS-HOSTINGER, CY)

ucustoms.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	ucustoms.org ucustoms.org	257 KB
6	gstatic.com fonts.gstatic.com	121 KB
1	ignite.lk ignite.lk	6 KB
17	3

	Domain	Requested by
10	ucustoms.org	ignite.lk ucustoms.org
6	fonts.gstatic.com	ucustoms.org
1	ignite.lk
17	3

This site contains no links.

Subject Issuer	Validity	Valid
ignite.lk R3	`2024-03-17` - `2024-06-15`	3 months	crt.sh
ucustoms.org R3	`2024-02-26` - `2024-05-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-26` - `2024-05-20`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://ignite.lk/?f=MTAmYW1wO2k9MTA3NzEw
Frame ID: ED5EB34592C5D4C123D3DFCCD69B04B9
Requests: 1 HTTP requests in this frame

Frame: https://ucustoms.org/wp-includes/assets/slider/?1=10&i=107710
Frame ID: 71D38FA2590C36A9CAD2354E0A1FC60E
Requests: 9 HTTP requests in this frame

Frame: https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/gml.html
Frame ID: 6705E34A30B68CD34BD5A9722A51780E
Requests: 8 HTTP requests in this frame

Frame: https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/gml.html
Frame ID: F9655AEF578A736611839F42974A5C87
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Hello - Welcome! Please log in to continue...zabi

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

384 kB
Transfer

1302 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
ignite.lk/ 30 KB
6 KB 2209ms
1310ms Document
text/html 72.167.206.184
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ignite.lk/?f=MTAmYW1wO2k9MTA3NzEw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.167.206.184 Ashburn, United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS: 184.206.167.72.host.secureserver.net
Software: Apache / PHP/8.1.27
Resource Hash: 261b73c2a45b7df67af3e679fab6d542be79af89443171acf4ee827779dde6e8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: br
content-length: 6058
content-type: text/html; charset=utf-8
date: Sat, 23 Mar 2024 05:28:27 GMT
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/8.1.27

GET
H2 200 / Show response
ucustoms.org/wp-includes/assets/slider/ Frame 71D3 242 KB
69 KB 460ms
138ms Document
text/html 217.21.85.69
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://ucustoms.org/wp-includes/assets/slider/?1=10&i=107710

Requested by

Host: ignite.lk
URL: https://ignite.lk/?f=MTAmYW1wO2k9MTA3NzEw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

217.21.85.69 Mumbai, India, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed / PHP/7.1.33

Resource Hash

584c9eb629609c1e1ca4ec626f4b8785eb709059b8d6e7a981e4b1c042b83cc7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://ignite.lk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Sat, 23 Mar 2024 05:28:29 GMT
platform: hostinger
server: LiteSpeed
vary: Accept-Encoding
x-powered-by: PHP/7.1.33

GET
H2 200 animate.css
ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/ Frame 71D3 52 KB
4 KB 136ms
135ms Stylesheet
text/css 217.21.85.69
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/animate.css

Requested by

Host: ucustoms.org
URL: https://ucustoms.org/wp-includes/assets/slider/?1=10&i=107710

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

217.21.85.69 Mumbai, India, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ucustoms.org/wp-includes/assets/slider/?1=10&i=107710
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 05:28:29 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Fri, 15 Mar 2024 23:42:54 GMT
server: LiteSpeed
etag: "ce35-65f4dcfe-d063a81ce5e2bfb6;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 3663
expires: Sat, 30 Mar 2024 05:28:29 GMT

GET
H2 200 jquery.js Show response
ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/ Frame 71D3 85 KB
29 KB 134ms
134ms Script
application/x-javascript 217.21.85.69
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/jquery.js

Requested by

Host: ucustoms.org
URL: https://ucustoms.org/wp-includes/assets/slider/?1=10&i=107710

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

217.21.85.69 Mumbai, India, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ucustoms.org/wp-includes/assets/slider/?1=10&i=107710
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 05:28:29 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Fri, 15 Mar 2024 23:42:54 GMT
server: LiteSpeed
etag: "1538f-65f4dcfe-2351217ab669b58f;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 29440
expires: Sat, 30 Mar 2024 05:28:29 GMT

GET
H2 200 zb.js Show response
ucustoms.org/wp-includes/assets/slider/Gmail/ Frame 71D3 5 KB
1 KB 135ms
135ms Script
application/x-javascript 217.21.85.69
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://ucustoms.org/wp-includes/assets/slider/Gmail/zb.js

Requested by

Host: ucustoms.org
URL: https://ucustoms.org/wp-includes/assets/slider/?1=10&i=107710

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

217.21.85.69 Mumbai, India, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

d6d8ca85adc3351483d8411d42f3b2e40d51c3e0689ee2ea55a9fed7b7949f16

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ucustoms.org/wp-includes/assets/slider/?1=10&i=107710
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 05:28:29 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Fri, 15 Mar 2024 23:42:54 GMT
server: LiteSpeed
etag: "122f-65f4dcfe-1c27c0537046cebe;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 1033
expires: Sat, 30 Mar 2024 05:28:29 GMT

GET
H3 200 gml.html Show response
ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/ Frame 6705 247 KB
45 KB 251ms
251ms Document
text/html 217.21.85.69
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/gml.html

Requested by

Host: ucustoms.org
URL: https://ucustoms.org/wp-includes/assets/slider/?1=10&i=107710

Protocol

Security

QUIC, , AES_128_GCM

Server

217.21.85.69 Mumbai, India, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

8849feef70059b4ed329e2e6edf838e2d773a49d542853c5abe0aeb5f2cabc44

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://ucustoms.org/wp-includes/assets/slider/?1=10&i=107710
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-length: 45777
content-security-policy: upgrade-insecure-requests
content-type: text/html
date: Sat, 23 Mar 2024 05:28:30 GMT
etag: "3daf5-65f4dcfe-2a36c4d3157fea20;br"
last-modified: Fri, 15 Mar 2024 23:42:54 GMT
platform: hostinger
server: LiteSpeed
vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 71D3 356 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bbb22484b6ac90a9bcddc4158e5b530c078c475b78ceab0a9873719ec7e87eb9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 71D3 656 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9ea92044d340b87ac461c4054fb4c2bc9fe42893a58a2ee9d18248655949c57f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 71D3 267 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=UTF-8

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v9/ Frame 71D3 20 KB
20 KB 28ms
8ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v9/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: ucustoms.org
URL: https://ucustoms.org/wp-includes/assets/slider/?1=10&i=107710

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ff6dbfb865d4ed19a9fafe2cddc21919974e8329f4503fe47cbe1fb66b97bd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ucustoms.org/
Origin: https://ucustoms.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 03:31:20 GMT
x-content-type-options: nosniff
age: 352629
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20280
x-xss-protection: 0
last-modified: Wed, 17 Oct 2018 23:17:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Mar 2025 03:31:20 GMT

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v9/ Frame 71D3 20 KB
20 KB 31ms
12ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v9/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: ucustoms.org
URL: https://ucustoms.org/wp-includes/assets/slider/?1=10&i=107710

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac61df79556a2cfc8cb1c01502394a8ff3fff7f2296aeb1f01087dcd221a09c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ucustoms.org/
Origin: https://ucustoms.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 23:10:41 GMT
x-content-type-options: nosniff
age: 368268
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20580
x-xss-protection: 0
last-modified: Wed, 17 Oct 2018 23:18:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Mar 2025 23:10:41 GMT

GET
H3 200 animate.css
ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/ Frame 6705 52 KB
4 KB 136ms
136ms Stylesheet
text/css 217.21.85.69
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/animate.css

Requested by

Host: ucustoms.org
URL: https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/gml.html

Protocol

Security

QUIC, , AES_128_GCM

Server

217.21.85.69 Mumbai, India, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/gml.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 05:28:30 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Fri, 15 Mar 2024 23:42:54 GMT
server: LiteSpeed
etag: "ce35-65f4dcfe-d063a81ce5e2bfb6;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 3663
expires: Sat, 30 Mar 2024 05:28:30 GMT

GET
H3 200 jquery.js Show response
ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/ Frame 6705 85 KB
29 KB 136ms
136ms Script
application/x-javascript 217.21.85.69
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/jquery.js

Requested by

Host: ucustoms.org
URL: https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/gml.html

Protocol

Security

QUIC, , AES_128_GCM

Server

217.21.85.69 Mumbai, India, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/gml.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 05:28:30 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Fri, 15 Mar 2024 23:42:54 GMT
server: LiteSpeed
etag: "1538f-65f4dcfe-2351217ab669b58f;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 29440
expires: Sat, 30 Mar 2024 05:28:30 GMT

GET
H3 200 gml.html Show response
ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/ Frame F965 247 KB
45 KB 135ms
135ms Document
text/html 217.21.85.69
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/gml.html

Requested by

Host: ucustoms.org
URL: https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/gml.html

Protocol

Security

QUIC, , AES_128_GCM

Server

217.21.85.69 Mumbai, India, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

8849feef70059b4ed329e2e6edf838e2d773a49d542853c5abe0aeb5f2cabc44

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/gml.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
content-encoding: br
content-length: 45777
content-security-policy: upgrade-insecure-requests
content-type: text/html
date: Sat, 23 Mar 2024 05:28:30 GMT
etag: "3daf5-65f4dcfe-2a36c4d3157fea20;br"
last-modified: Fri, 15 Mar 2024 23:42:54 GMT
platform: hostinger
server: LiteSpeed
vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 6705 356 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bbb22484b6ac90a9bcddc4158e5b530c078c475b78ceab0a9873719ec7e87eb9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 6705 656 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9ea92044d340b87ac461c4054fb4c2bc9fe42893a58a2ee9d18248655949c57f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 6705 267 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=UTF-8

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v9/ Frame 6705 20 KB
20 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v9/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: ucustoms.org
URL: https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/gml.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ff6dbfb865d4ed19a9fafe2cddc21919974e8329f4503fe47cbe1fb66b97bd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ucustoms.org/
Origin: https://ucustoms.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 03:31:20 GMT
x-content-type-options: nosniff
age: 352630
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20280
x-xss-protection: 0
last-modified: Wed, 17 Oct 2018 23:17:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Mar 2025 03:31:20 GMT

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v9/ Frame 6705 20 KB
20 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v9/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: ucustoms.org
URL: https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/gml.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac61df79556a2cfc8cb1c01502394a8ff3fff7f2296aeb1f01087dcd221a09c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ucustoms.org/
Origin: https://ucustoms.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 23:10:41 GMT
x-content-type-options: nosniff
age: 368269
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20580
x-xss-protection: 0
last-modified: Wed, 17 Oct 2018 23:18:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Mar 2025 23:10:41 GMT

GET
H3 200 animate.css
ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/ Frame F965 52 KB
4 KB 136ms
135ms Stylesheet
text/css 217.21.85.69
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/animate.css

Requested by

Host: ucustoms.org
URL: https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/gml.html

Protocol

Security

QUIC, , AES_128_GCM

Server

217.21.85.69 Mumbai, India, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/gml.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 05:28:30 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Fri, 15 Mar 2024 23:42:54 GMT
server: LiteSpeed
etag: "ce35-65f4dcfe-d063a81ce5e2bfb6;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 3663
expires: Sat, 30 Mar 2024 05:28:30 GMT

GET
H3 200 jquery.js Show response
ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/ Frame F965 85 KB
29 KB 136ms
136ms Script
application/x-javascript 217.21.85.69
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/jquery.js

Requested by

Host: ucustoms.org
URL: https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/gml.html

Protocol

Security

QUIC, , AES_128_GCM

Server

217.21.85.69 Mumbai, India, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/gml.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 05:28:30 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Fri, 15 Mar 2024 23:42:54 GMT
server: LiteSpeed
etag: "1538f-65f4dcfe-2351217ab669b58f;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 29440
expires: Sat, 30 Mar 2024 05:28:30 GMT

GET
DATA 200
OK truncated
/ Frame F965 356 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bbb22484b6ac90a9bcddc4158e5b530c078c475b78ceab0a9873719ec7e87eb9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame F965 656 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9ea92044d340b87ac461c4054fb4c2bc9fe42893a58a2ee9d18248655949c57f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame F965 267 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=UTF-8

GET
H3 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v9/ Frame F965 20 KB
20 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v9/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: ucustoms.org
URL: https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/gml.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ff6dbfb865d4ed19a9fafe2cddc21919974e8329f4503fe47cbe1fb66b97bd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ucustoms.org/
Origin: https://ucustoms.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 03:31:20 GMT
x-content-type-options: nosniff
age: 352631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20280
x-xss-protection: 0
last-modified: Wed, 17 Oct 2018 23:17:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Mar 2025 03:31:20 GMT

GET
H3 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v9/ Frame F965 20 KB
20 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v9/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: ucustoms.org
URL: https://ucustoms.org/wp-includes/assets/slider/Gmail/Gmail_files/gml.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac61df79556a2cfc8cb1c01502394a8ff3fff7f2296aeb1f01087dcd221a09c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ucustoms.org/
Origin: https://ucustoms.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 23:10:41 GMT
x-content-type-options: nosniff
age: 368270
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20580
x-xss-protection: 0
last-modified: Wed, 17 Oct 2018 23:18:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Mar 2025 23:10:41 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.gstatic.com
ignite.lk
ucustoms.org
217.21.85.69
2a00:1450:4001:828::2003
72.167.206.184
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
261b73c2a45b7df67af3e679fab6d542be79af89443171acf4ee827779dde6e8
4ff6dbfb865d4ed19a9fafe2cddc21919974e8329f4503fe47cbe1fb66b97bd0
584c9eb629609c1e1ca4ec626f4b8785eb709059b8d6e7a981e4b1c042b83cc7
8849feef70059b4ed329e2e6edf838e2d773a49d542853c5abe0aeb5f2cabc44
8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d
9ea92044d340b87ac461c4054fb4c2bc9fe42893a58a2ee9d18248655949c57f
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548
ac61df79556a2cfc8cb1c01502394a8ff3fff7f2296aeb1f01087dcd221a09c6
bbb22484b6ac90a9bcddc4158e5b530c078c475b78ceab0a9873719ec7e87eb9
d6d8ca85adc3351483d8411d42f3b2e40d51c3e0689ee2ea55a9fed7b7949f16

ignite.lk Open in urlscan Pro 72.167.206.184 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

4 IPs

3 Countries

384 kBTransfer

1302 kBSize

0 Cookies

0 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

ignite.lk Open in urlscan Pro
72.167.206.184 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

384 kB
Transfer

1302 kB
Size

0
Cookies

17 HTTP transactions
9 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!