theexpiredbook.com Open in urlscan Pro
18.217.116.81 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://theexpiredbook.com/citi/confirm.php
Submission Tags: @ipnigh
Submission: On February 19 via api (February 19th 2020, 12:21:16 am UTC) from GB

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 18.217.116.81, located in Columbus, United States and belongs to AMAZON-02, US. The main domain is theexpiredbook.com.

This is the only time theexpiredbook.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking) KeyBank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
5	18.217.116.81 18.217.116.81	16509 (AMAZON-02) (AMAZON-02)
8	23.45.97.177 23.45.97.177	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
13	2

5 18.217.116.81 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-217-116-81.us-east-2.compute.amazonaws.com

theexpiredbook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.45.97.177 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-45-97-177.deploy.static.akamaitechnologies.com

public.cobrowse.oraclecloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sc40562060us3.cobrowse.oraclecloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	oraclecloud.com public.cobrowse.oraclecloud.com sc40562060us3.cobrowse.oraclecloud.com	15 KB
5	theexpiredbook.com theexpiredbook.com	163 KB
13	2

	Domain	Requested by
7	public.cobrowse.oraclecloud.com	theexpiredbook.com
5	theexpiredbook.com	theexpiredbook.com
1	sc40562060us3.cobrowse.oraclecloud.com	theexpiredbook.com
13	3

This site contains no links.

Subject Issuer	Validity	Valid
*.cobrowse.oraclecloud.com DigiCert SHA2 Secure Server CA	`2019-10-07` - `2021-01-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://theexpiredbook.com/citi/confirm.php
Frame ID: 5DD4975CC2CA78A8A4437CC2FCB00928
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Angular (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<[^>]+ ng-version="([\d.]+)"/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

13
Requests

62 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

178 kB
Transfer

176 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request confirm.php Show response theexpiredbook.com/citi/	17 KB 17 KB	421ms 382ms	Document text/html	18.217.116.81 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://theexpiredbook.com/citi/confirm.php Protocol HTTP/1.1 Server 18.217.116.81 Columbus, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-217-116-81.us-east-2.compute.amazonaws.com Software Apache / Resource Hash `2e733b2f42846990c39e4c67a2e33716f4b6f247a0fb615b6ec075d2e9c6d468` Request headers Host theexpiredbook.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 19 Feb 2020 00:20:59 GMT Server Apache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	404 Not Found	styles.css theexpiredbook.com/citi/css/	0 0	240ms 223ms	Stylesheet text/html	18.217.116.81 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://theexpiredbook.com/citi/css/styles.css Requested by Host: theexpiredbook.com URL: http://theexpiredbook.com/citi/confirm.php Protocol HTTP/1.1 Server 18.217.116.81 Columbus, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-217-116-81.us-east-2.compute.amazonaws.com Software Apache / Resource Hash Request headers Referer http://theexpiredbook.com/citi/confirm.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 19 Feb 2020 00:21:00 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	caca.css theexpiredbook.com/citi/css/	0 0	244ms 227ms	Stylesheet text/html	18.217.116.81 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://theexpiredbook.com/citi/css/caca.css Requested by Host: theexpiredbook.com URL: http://theexpiredbook.com/citi/confirm.php Protocol HTTP/1.1 Server 18.217.116.81 Columbus, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-217-116-81.us-east-2.compute.amazonaws.com Software Apache / Resource Hash Request headers Referer http://theexpiredbook.com/citi/confirm.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 19 Feb 2020 00:21:00 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	citi.png theexpiredbook.com/citi/	97 KB 97 KB	244ms 226ms	Image image/png	18.217.116.81 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL http://theexpiredbook.com/citi/citi.png Requested by Host: theexpiredbook.com URL: http://theexpiredbook.com/citi/confirm.php Protocol HTTP/1.1 Server 18.217.116.81 Columbus, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-217-116-81.us-east-2.compute.amazonaws.com Software Apache / Resource Hash `6e91651dd8dd2854deacc60c489f40fe73db35e15dd757451064034919ea9e9f` Request headers Referer http://theexpiredbook.com/citi/confirm.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 19 Feb 2020 00:21:00 GMT Last-Modified Fri, 12 Jul 2019 13:19:32 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 99024
GET H/1.1	200 OK	loading.gif theexpiredbook.com/citi/	49 KB 49 KB	243ms 225ms	Image image/gif	18.217.116.81 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL http://theexpiredbook.com/citi/loading.gif Requested by Host: theexpiredbook.com URL: http://theexpiredbook.com/citi/confirm.php Protocol HTTP/1.1 Server 18.217.116.81 Columbus, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-217-116-81.us-east-2.compute.amazonaws.com Software Apache / Resource Hash `0dac73926687d157914c2595238a7af446317aa06024191b0ea1cb3984423b73` Request headers Referer http://theexpiredbook.com/citi/confirm.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 19 Feb 2020 00:21:00 GMT Last-Modified Mon, 26 Mar 2018 22:17:36 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 50335
GET H2	200	v4llpaneltoggler.png public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/	1 KB 1 KB	37ms 8ms	Image image/png	23.45.97.177 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/v4llpaneltoggler.png Requested by Host: theexpiredbook.com URL: http://theexpiredbook.com/citi/confirm.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.45.97.177 , Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a23-45-97-177.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash `26de07dd73786374a807a360158c28f7e6f4ac3be0ad17d2401521e5a289465c` Request headers Referer http://theexpiredbook.com/citi/confirm.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Wed, 19 Feb 2020 00:21:00 GMT last-modified Fri, 24 Jan 2020 04:31:41 GMT server AkamaiNetStorage etag "5bdc7a4d771d937574b4195d5ff0c3ef:1579840301.388869" content-type image/png status 200 accept-ranges bytes content-length 1303
GET H2	200	v4llpanel_innerlogo_background.png sc40562060us3.cobrowse.oraclecloud.com/ui/images/	283 B 444 B	45ms 13ms	Image image/png	23.45.97.177 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://sc40562060us3.cobrowse.oraclecloud.com/ui/images/v4llpanel_innerlogo_background.png Requested by Host: theexpiredbook.com URL: http://theexpiredbook.com/citi/confirm.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.45.97.177 , Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a23-45-97-177.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash `ee6ef2ab637e9e6fe99885c6ac5948072f04b4dee3961e9e0fee05f04b4463f2` Request headers Referer http://theexpiredbook.com/citi/confirm.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Wed, 19 Feb 2020 00:21:00 GMT last-modified Thu, 14 Nov 2019 16:48:35 GMT server AkamaiNetStorage etag "26ef9a8186201397ced45f5bae7b657b:1573750115.752098" content-type image/png status 200 accept-ranges bytes content-length 283
GET H2	200	v4llpanelhovertooltipbg.png public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/	2 KB 3 KB	37ms 9ms	Image image/png	23.45.97.177 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/v4llpanelhovertooltipbg.png Requested by Host: theexpiredbook.com URL: http://theexpiredbook.com/citi/confirm.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.45.97.177 , Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a23-45-97-177.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash `d4d092bf6f1756eab6bba58b7b7da260bd95ecd474c03f71d9893a0dbb1106e3` Request headers Referer http://theexpiredbook.com/citi/confirm.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Wed, 19 Feb 2020 00:21:00 GMT last-modified Wed, 12 Feb 2020 07:31:48 GMT server AkamaiNetStorage etag "c576a53d3f38d80e3a5ef45cdcbf35d7:1581492708.184986" content-type image/png status 200 accept-ranges bytes content-length 2463
GET H2	200	v4llpanelbg.png public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/	2 KB 2 KB	39ms 10ms	Image image/png	23.45.97.177 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/v4llpanelbg.png Requested by Host: theexpiredbook.com URL: http://theexpiredbook.com/citi/confirm.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.45.97.177 , Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a23-45-97-177.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash `70bfde3380108ca258f296bd76167e4ff5b6f7418e0f62064acd359e35e66281` Request headers Referer http://theexpiredbook.com/citi/confirm.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Wed, 19 Feb 2020 00:21:00 GMT last-modified Wed, 12 Feb 2020 07:31:46 GMT server AkamaiNetStorage etag "54710f9048de7affa74e6b84a4b0cab1:1581492706.334033" content-type image/png status 200 accept-ranges bytes content-length 2030
GET H2	200	v4llpanelsepline.png public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/	925 B 1 KB	39ms 11ms	Image image/png	23.45.97.177 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/v4llpanelsepline.png Requested by Host: theexpiredbook.com URL: http://theexpiredbook.com/citi/confirm.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.45.97.177 , Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a23-45-97-177.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash `6926b522cfe3ccd8341359a8885f3a943826ef1683d3c9576e21902b061329ce` Request headers Referer http://theexpiredbook.com/citi/confirm.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Wed, 19 Feb 2020 00:21:00 GMT last-modified Fri, 24 Jan 2020 04:31:41 GMT server AkamaiNetStorage etag "ea64790d660b9fc54d8d15226875dc09:1579840301.134671" content-type image/png status 200 accept-ranges bytes content-length 925
GET H2	200	v4llpanelminimize.png public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/	932 B 1 KB	43ms 15ms	Image image/png	23.45.97.177 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/v4llpanelminimize.png Requested by Host: theexpiredbook.com URL: http://theexpiredbook.com/citi/confirm.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.45.97.177 , Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a23-45-97-177.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash `10e7fdbaeade51e1f7f593355cd292d750e68d6b412e9ddfcea8ebcc2b4d5c3b` Request headers Referer http://theexpiredbook.com/citi/confirm.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Wed, 19 Feb 2020 00:21:00 GMT last-modified Wed, 12 Feb 2020 07:31:48 GMT server AkamaiNetStorage etag "8753b312db29713b4d1c0f9f3833bc68:1581492708.673921" content-type image/png status 200 accept-ranges bytes content-length 932
GET H2	200	v4llpanelclosebutton.png public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/	1 KB 1 KB	43ms 15ms	Image image/png	23.45.97.177 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/v4llpanelclosebutton.png Requested by Host: theexpiredbook.com URL: http://theexpiredbook.com/citi/confirm.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.45.97.177 , Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a23-45-97-177.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash `d0de9fcadbcfe80e38edfafd43d58be839af4fb14533079dae76b9168b4229e8` Request headers Referer http://theexpiredbook.com/citi/confirm.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Wed, 19 Feb 2020 00:21:00 GMT last-modified Fri, 24 Jan 2020 04:31:40 GMT server AkamaiNetStorage etag "80d485c40fff84d0d9245d845fb26352:1579840300.038877" content-type image/png status 200 accept-ranges bytes content-length 1208
GET H2	200	v4llpanelpreload.gif public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/	4 KB 4 KB	9ms 9ms	Image image/gif	23.45.97.177 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/v4llpanelpreload.gif Requested by Host: theexpiredbook.com URL: http://theexpiredbook.com/citi/confirm.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.45.97.177 , Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a23-45-97-177.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash `40cd18bafa4b8c016fb9062868737207dcad9898139431d94116e240c4f3cb33` Request headers Referer http://theexpiredbook.com/citi/confirm.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Wed, 19 Feb 2020 00:21:00 GMT last-modified Wed, 12 Feb 2020 07:31:49 GMT server AkamaiNetStorage etag "f3b68a30131042abc3a36b4bc4a8ae47:1581492709.391413" content-type image/gif status 200 accept-ranges bytes content-length 4432

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking) KeyBank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| digitalData

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

public.cobrowse.oraclecloud.com
sc40562060us3.cobrowse.oraclecloud.com
theexpiredbook.com
18.217.116.81
23.45.97.177
0dac73926687d157914c2595238a7af446317aa06024191b0ea1cb3984423b73
10e7fdbaeade51e1f7f593355cd292d750e68d6b412e9ddfcea8ebcc2b4d5c3b
26de07dd73786374a807a360158c28f7e6f4ac3be0ad17d2401521e5a289465c
2e733b2f42846990c39e4c67a2e33716f4b6f247a0fb615b6ec075d2e9c6d468
40cd18bafa4b8c016fb9062868737207dcad9898139431d94116e240c4f3cb33
6926b522cfe3ccd8341359a8885f3a943826ef1683d3c9576e21902b061329ce
6e91651dd8dd2854deacc60c489f40fe73db35e15dd757451064034919ea9e9f
70bfde3380108ca258f296bd76167e4ff5b6f7418e0f62064acd359e35e66281
d0de9fcadbcfe80e38edfafd43d58be839af4fb14533079dae76b9168b4229e8
d4d092bf6f1756eab6bba58b7b7da260bd95ecd474c03f71d9893a0dbb1106e3
ee6ef2ab637e9e6fe99885c6ac5948072f04b4dee3961e9e0fee05f04b4463f2

theexpiredbook.com Open in urlscan Pro 18.217.116.81 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

13 Requests

62 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

2 IPs

2 Countries

178 kBTransfer

176 kBSize

0 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

theexpiredbook.com Open in urlscan Pro
18.217.116.81 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

62 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

178 kB
Transfer

176 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!