en.50kaweek.online
Open in
urlscan Pro
54.37.79.146
Malicious Activity!
Public Scan
Effective URL: https://en.50kaweek.online/?a=6920&o=3726&s=1121761704
Submission: On May 31 via manual from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on May 31st 2018. Valid for: 3 months.
This is the only time en.50kaweek.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Crypto (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.10 67.199.248.10 | 395224 (BITLY-AS) (BITLY-AS - Bitly Inc) | |
2 2 | 199.188.200.13 199.188.200.13 | 22612 (NAMECHEAP...) (NAMECHEAP-NET - Namecheap) | |
1 1 | 52.26.217.111 52.26.217.111 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 1 | 35.165.72.15 35.165.72.15 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 1 | 185.170.147.229 185.170.147.229 | 34934 (UKFAST) (UKFAST) | |
1 1 | 54.37.76.79 54.37.76.79 | 16276 (OVH) (OVH) | |
1 8 | 54.37.79.146 54.37.79.146 | 16276 (OVH) (OVH) | |
3 | 209.197.3.15 209.197.3.15 | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
3 | 104.19.197.151 104.19.197.151 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 216.58.207.72 216.58.207.72 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 216.58.207.74 216.58.207.74 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 216.58.207.67 216.58.207.67 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 2 | 216.58.207.78 216.58.207.78 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 173.194.76.157 173.194.76.157 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 216.58.206.14 216.58.206.14 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 172.217.21.238 172.217.21.238 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
21 | 11 |
ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
PTR: premium40-5.web-hosting.com
zenmaker.network |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-26-217-111.us-west-2.compute.amazonaws.com
newjamtrax.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-165-72-15.us-west-2.compute.amazonaws.com
jbrotrk.com |
ASN16276 (OVH, FR)
PTR: ip-54-37-79.eu
en.50kaweek.online |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net
maxcdn.bootstrapcdn.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f8.1e100.net
www.googletagmanager.com |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f3.1e100.net
fonts.gstatic.com |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f14.1e100.net
www.google-analytics.com |
ASN15169 (GOOGLE - Google LLC, US)
PTR: ws-in-f157.1e100.net
stats.g.doubleclick.net |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s20-in-f14.1e100.net
www.youtube.com |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f238.1e100.net
s.ytimg.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
50kaweek.online
1 redirects
en.50kaweek.online |
204 KB |
3 |
cloudflare.com
cdnjs.cloudflare.com |
40 KB |
3 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
92 KB |
2 |
youtube.com
www.youtube.com |
927 B |
2 |
google-analytics.com
1 redirects
www.google-analytics.com |
14 KB |
2 |
zenmaker.network
2 redirects
zenmaker.network |
422 B |
1 |
ytimg.com
s.ytimg.com |
8 KB |
1 |
doubleclick.net
stats.g.doubleclick.net |
103 B |
1 |
gstatic.com
fonts.gstatic.com |
30 KB |
1 |
googleapis.com
fonts.googleapis.com |
332 B |
1 |
googletagmanager.com
www.googletagmanager.com |
29 KB |
1 |
ai-redirect.me
1 redirects
ai-redirect.me |
183 B |
1 |
clicksure.com
1 redirects
jsanfran25.500awik.cpa.clicksure.com |
1 KB |
1 |
jbrotrk.com
1 redirects
jbrotrk.com |
692 B |
1 |
newjamtrax.com
1 redirects
newjamtrax.com |
242 B |
1 |
bit.ly
1 redirects
bit.ly |
424 B |
21 | 16 |
Domain | Requested by | |
---|---|---|
8 | en.50kaweek.online |
1 redirects
en.50kaweek.online
|
3 | cdnjs.cloudflare.com |
en.50kaweek.online
|
3 | maxcdn.bootstrapcdn.com |
en.50kaweek.online
|
2 | www.youtube.com |
en.50kaweek.online
s.ytimg.com |
2 | www.google-analytics.com |
1 redirects
www.googletagmanager.com
|
2 | zenmaker.network | 2 redirects |
1 | s.ytimg.com |
www.youtube.com
|
1 | stats.g.doubleclick.net |
en.50kaweek.online
|
1 | fonts.gstatic.com |
en.50kaweek.online
|
1 | fonts.googleapis.com |
en.50kaweek.online
|
1 | www.googletagmanager.com |
en.50kaweek.online
|
1 | ai-redirect.me | 1 redirects |
1 | jsanfran25.500awik.cpa.clicksure.com | 1 redirects |
1 | jbrotrk.com | 1 redirects |
1 | newjamtrax.com | 1 redirects |
1 | bit.ly | 1 redirects |
21 | 16 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
en.50kaweek.online Let's Encrypt Authority X3 |
2018-05-31 - 2018-08-29 |
3 months | crt.sh |
*.google.com Google Internet Authority G3 |
2018-05-15 - 2018-08-07 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://en.50kaweek.online/?a=6920&o=3726&s=1121761704
Frame ID: 96D41484C2F0DFCE0C05C4125FF9C503
Requests: 21 HTTP requests in this frame
Frame:
https://www.youtube.com/embed/?controls=1&rel=0&showinfo=0&mute=true&enablejsapi=1&origin=https%3A%2F%2Fen.50kaweek.online&widgetid=1
Frame ID: 77E674C96837F152DDEDEAC7EC1C6484
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://bit.ly/2kAqkBB?IKwg
HTTP 301
http://zenmaker.network/?OQzdDQ HTTP 302
http://zenmaker.network/indexa.php HTTP 302
http://newjamtrax.com/?a=1019&c=1408&s1=mail HTTP 302
http://jbrotrk.com/?a=1019&c=1408&s1=mail&ckmguid=72fbec9e-51ec-42aa-bb56-14c8b6c8b299 HTTP 302
http://jsanfran25.500awik.cpa.clicksure.com/ HTTP 302
http://ai-redirect.me/JB0kO?a=6920&o=3726&s=1121761704 HTTP 302
http://en.50kaweek.online/?a=6920&o=3726&s=1121761704 HTTP 302
https://en.50kaweek.online/?a=6920&o=3726&s=1121761704 Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
- env /^gaGlobal$/i
Google Tag Manager (Tag Managers) Expand
Detected patterns
- env /^google_tag_manager$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bit.ly/2kAqkBB?IKwg
HTTP 301
http://zenmaker.network/?OQzdDQ HTTP 302
http://zenmaker.network/indexa.php HTTP 302
http://newjamtrax.com/?a=1019&c=1408&s1=mail HTTP 302
http://jbrotrk.com/?a=1019&c=1408&s1=mail&ckmguid=72fbec9e-51ec-42aa-bb56-14c8b6c8b299 HTTP 302
http://jsanfran25.500awik.cpa.clicksure.com/ HTTP 302
http://ai-redirect.me/JB0kO?a=6920&o=3726&s=1121761704 HTTP 302
http://en.50kaweek.online/?a=6920&o=3726&s=1121761704 HTTP 302
https://en.50kaweek.online/?a=6920&o=3726&s=1121761704 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 16- https://www.google-analytics.com/r/collect?v=1&_v=j68&a=1138802086&t=pageview&_s=1&dl=https%3A%2F%2Fen.50kaweek.online%2F%3Fa%3D6920%26o%3D3726%26s%3D1121761704&ul=en-us&de=UTF-8&dt=en.50kaweek.online&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAAB~&jid=432421455&gjid=1506762216&cid=1906846190.1527794217&tid=UA-80184432-1&_gid=1785553429.1527794217&_r=1>m=G5oWFBL9N7&z=462874096 HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-80184432-1&cid=1906846190.1527794217&jid=432421455&_gid=1785553429.1527794217&gjid=1506762216&_v=j68&z=462874096
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
en.50kaweek.online/ Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ |
27 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
layout_50kweek.css
en.50kaweek.online/css/ |
24 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.js
en.50kaweek.online/js/ |
579 KB 141 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/ |
84 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
js.cookie.min.js
cdnjs.cloudflare.com/ajax/libs/js-cookie/2.1.1/ |
2 KB 1021 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
bootstrap.min.js
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/ |
36 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
gtm.js
www.googletagmanager.com/ |
125 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
css
fonts.googleapis.com/ |
474 B 332 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bgBluePattern.png
en.50kaweek.online/images/ |
27 KB 27 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
formPattern.png
en.50kaweek.online/images/ |
958 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
videoBg.png
en.50kaweek.online/images/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
freeAccessStripe.png
en.50kaweek.online/images/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/ |
65 KB 65 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
LDI2apCSOBg7S-QT7pa8FvOleeI.ttf
fonts.gstatic.com/s/rajdhani/v7/ |
70 KB 30 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
analytics.js
www.google-analytics.com/ |
34 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
collect
stats.g.doubleclick.net/r/ Redirect Chain
|
35 B 103 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
iframe_api
www.youtube.com/ |
859 B 927 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
www-widgetapi.js
s.ytimg.com/yts/jsbin/www-widgetapi-vflQSvpsZ/ |
20 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.youtube.com/embed/ Frame 77E6 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Crypto (Crypto Exchange)31 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| dataLayer function| postscribe object| google_tag_manager string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| $cookies object| gajus function| onYouTubeIframeAPIReady function| $ function| jQuery function| Cookies object| YT object| YTConfig function| onYTReady object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter13 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.youtube.com/ | Name: GPS Value: 1 |
|
.youtube.com/ | Name: YSC Value: 5Y2y4VQI2DI |
|
.youtube.com/ | Name: PREF Value: f1=50000000 |
|
.youtube.com/ | Name: VISITOR_INFO1_LIVE Value: 5pjrMPnxx7E |
|
.en.50kaweek.online/ | Name: _gid Value: GA1.3.1785553429.1527794217 |
|
en.50kaweek.online/ | Name: lic_time_cookie Value: 26126 |
|
en.50kaweek.online/ | Name: s Value: 1121761704 |
|
en.50kaweek.online/ | Name: lic_time_helper_cookie Value: 10706 |
|
en.50kaweek.online/ | Name: o Value: 3726 |
|
en.50kaweek.online/ | Name: a Value: 6920 |
|
.en.50kaweek.online/ | Name: _gat_UA-80184432-1 Value: 1 |
|
en.50kaweek.online/ | Name: spots_available Value: 30 |
|
.en.50kaweek.online/ | Name: _ga Value: GA1.3.1906846190.1527794217 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ai-redirect.me
bit.ly
cdnjs.cloudflare.com
en.50kaweek.online
fonts.googleapis.com
fonts.gstatic.com
jbrotrk.com
jsanfran25.500awik.cpa.clicksure.com
maxcdn.bootstrapcdn.com
newjamtrax.com
s.ytimg.com
stats.g.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
www.youtube.com
zenmaker.network
104.19.197.151
172.217.21.238
173.194.76.157
185.170.147.229
199.188.200.13
209.197.3.15
216.58.206.14
216.58.207.67
216.58.207.72
216.58.207.74
216.58.207.78
35.165.72.15
52.26.217.111
54.37.76.79
54.37.79.146
67.199.248.10
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1045300bee15c28d5a98bf1a9ee88eea8d188a7c07ad5a86b48050dfe9b1d89f
13aa38e65146a1734db1726539ef7fa2129e69772171d03f230a8812cc757828
22161a17e0342b8ddb508a65a0557f1452b0e84c5bef4e0d64cad8735f366d57
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
467bc074ef4ba9ffc97b678b9b59251e607fc7d400f7f0a9b01d6c8cc98b937e
4b98d0ae0bee1ab393622be0f9c7edc2a4d84f89ab0786e4e7d76874f0d08564
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
53a38379592286cea290cd5315d36768edf6640aff3169573517fe82541e5a0a
66e4fe51ab191d871d798815101978b58539444236cf1ba2581342dd8c861c13
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
a599232b27762d0deef401c854b6c5f7f9f7b69c63a22fdf36b99bac156946fc
b0a23ca17305ef42cf90037aefd2877a312bd437b1c6d7415f23e86cf3f999e5
b56586ccc2a08b1ce24f1c198bd68743e94a0bc2d5bb78a195fe9dc421c77131
be54c985cc5600c1bb5f6d421492bea1ffca8e762bbf47a732ea26de9e7b0159
dce9519416c10e2bb0409807cf927280199c891dee5155ce0d2d8b3b3fea49da
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
e23cca7e03476a9230883dbd4ded1d1b4ef3d8c062ee6f0cd7fad8c102059068
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
fe6468e53a8521e2795b2a4d0918fbcc44e620179069ec4e4ca45bea253bef85
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995