www.bradleypensionblog.xyz Open in urlscan Pro
2400:cb00:2048:1::681c:aa4 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.bradleypensionblog.xyz/?ai=2190293&gi=897&ci=728&sub=222&MPC_2=264277130971787&so=DBS_CODE_186&aid=DwhR0FThE0&sxid=48o0...
Submission: On June 30 via manual (June 30th 2018, 7:04:29 pm UTC) from SG

Summary HTTP 57 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 9 IPs in 2 countries across 9 domains to perform 57 HTTP transactions. The main IP is 2400:cb00:2048:1::681c:aa4, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.bradleypensionblog.xyz.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on June 28th 2018. Valid for: 6 months.

This is the only time www.bradleypensionblog.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Lion's Den Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
3	2400:cb00:204... 2400:cb00:2048:1::681c:aa4	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:81f::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
43	2400:cb00:204... 2400:cb00:2048:1::6818:7b95	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	151.101.114.2 151.101.114.2	54113 (FASTLY) (FASTLY - Fastly)
2	151.101.112.193 151.101.112.193	54113 (FASTLY) (FASTLY - Fastly)
2	2a00:1450:400... 2a00:1450:4001:81f::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
3	205.185.216.42 205.185.216.42	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1	2400:cb00:204... 2400:cb00:2048:1::6813:c397	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2400:cb00:204... 2400:cb00:2048:1::6819:9419	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
57	9

3 2400:cb00:2048:1::681c:aa4 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.bradleypensionblog.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 2400:cb00:2048:1::6818:7b95 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.dolly.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.2 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

media.giphy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.112.193 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81f::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 205.185.216.42 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: map2.hwcdn.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6813:c397 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6819:9419 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

freegeoip.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	dolly.media cdn.dolly.media	3 MB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	79 KB
3	bradleypensionblog.xyz www.bradleypensionblog.xyz	13 KB
2	google-analytics.com www.google-analytics.com	14 KB
2	imgur.com i.imgur.com	14 KB
1	freegeoip.net freegeoip.net	645 B
1	cloudflare.com cdnjs.cloudflare.com	76 KB
1	giphy.com media.giphy.com	67 KB
1	googletagmanager.com www.googletagmanager.com	24 KB
57	9

	Domain	Requested by
43	cdn.dolly.media	www.bradleypensionblog.xyz
3	www.bradleypensionblog.xyz	www.bradleypensionblog.xyz
2	www.google-analytics.com	www.googletagmanager.com www.bradleypensionblog.xyz
2	i.imgur.com	www.bradleypensionblog.xyz
1	vars.hotjar.com	static.hotjar.com
1	freegeoip.net	cdn.dolly.media
1	script.hotjar.com	static.hotjar.com
1	cdnjs.cloudflare.com	www.bradleypensionblog.xyz
1	static.hotjar.com	www.bradleypensionblog.xyz
1	media.giphy.com	www.bradleypensionblog.xyz
1	www.googletagmanager.com	www.bradleypensionblog.xyz
57	11

This site contains links to these domains. Also see Links.

Domain
plata.company

Subject Issuer	Validity	Valid
sni207421.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-06-28` - `2019-01-04`	6 months	crt.sh
*.hotjar.com Let's Encrypt Authority X3	`2018-05-24` - `2018-08-22`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.bradleypensionblog.xyz/?ai=2190293&gi=897&ci=728&sub=222&MPC_2=264277130971787&so=DBS_CODE_186&aid=DwhR0FThE0&sxid=48o05ep83yuf
Frame ID: 1F21EB3D991641992066B6C807D86709
Requests: 56 HTTP requests in this frame

Frame: https://vars.hotjar.com/rcj-99d43ead6bdf30da8ed5ffcb4f17100c.html
Frame ID: 5A996AD6E682010B8EE34288E8D2607C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

57
Requests

7 %
HTTPS

67 %
IPv6

9
Domains

11
Subdomains

9
IPs

2
Countries

3055 kB
Transfer

3722 kB
Size

6
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://plata.company/path/out.php/?&ai=2190293&ci=728&sub=222&so=DBS_CODE_186&MPC_1=&MPC_2=264277130971787&MPC_3=&MPC_4=&lg=&gi=897

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

57 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.bradleypensionblog.xyz/ 83 KB
13 KB 275ms
241ms Document
text/html 2400:cb00:2048:1::681c:aa4
Cloudflare

General

Domain/Path	Expires	Name / Value
.bradleypensionblog.xyz/	1970-01-18 17:06:25	Name: _gat_gtag_UA_121092515_2 Value: 1
.bradleypensionblog.xyz/	1970-01-18 17:07:51	Name: _gid Value: GA1.2.1492910971.1530385458
www.bradleypensionblog.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: sg54c8vobco7tndg0qt9dh9qvl
www.bradleypensionblog.xyz/	1970-01-18 17:16:30	Name: AWSALB Value: rnt+CtYamjYgj2Y1Bhhb+P2ZwohfgCji4BVYJfStFoR7HKR1B9YLH83xduSpuzK3yX/I2QivLUYjOyDSFwnkQk/DaobhaMODfkjGJa6gGdSk03O9qtNRykLgrbRA
.bradleypensionblog.xyz/	1970-01-19 10:37:37	Name: _ga Value: GA1.2.1246698660.1530385458
.bradleypensionblog.xyz/	1970-01-19 01:52:01	Name: __cfduid Value: dc82bcf9cbe813f454146c825a28bae3a1530385457

www.bradleypensionblog.xyz Open in urlscan Pro 2400:cb00:2048:1::681c:aa4 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

57 Requests

7 %HTTPS

67 %IPv6

9 Domains

11 Subdomains

9 IPs

2 Countries

3055 kBTransfer

3722 kBSize

6 Cookies

1 Outgoing links

Redirected requests

57 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.bradleypensionblog.xyz Open in urlscan Pro
2400:cb00:2048:1::681c:aa4 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

57
Requests

7 %
HTTPS

67 %
IPv6

9
Domains

11
Subdomains

9
IPs

2
Countries

3055 kB
Transfer

3722 kB
Size

6
Cookies

57 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!