walesnd.buzz Open in urlscan Pro
2606:4700:3033::681b:ac3f  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response walesnd.buzz/adobeEstate/adobeEstate/adobeEstate/adobeEstate/	539 KB 359 KB	257ms 217ms	Document text/html	2606:4700:3033::681b:ac3f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://walesnd.buzz/adobeEstate/adobeEstate/adobeEstate/adobeEstate/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::681b:ac3f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c93bdc3f6370a59c4f09094e0dae79b863809147f9ca8b6a6a15bfb2e4bdaa3a Request headers :method GET :authority walesnd.buzz :scheme https :path /adobeEstate/adobeEstate/adobeEstate/adobeEstate/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-dest document accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Response headers status 200 date Fri, 27 Mar 2020 23:49:57 GMT content-type text/html set-cookie __cfduid=dd5711f7eeb4c5119671e53831fb4e23d1585352997; expires=Sun, 26-Apr-20 23:49:57 GMT; path=/; domain=.walesnd.buzz; HttpOnly; SameSite=Lax; Secure last-modified Tue, 09 Apr 2019 23:42:40 GMT cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 57ad02c97c24dfcf-FRA content-encoding br
GET DATA	200 OK	truncated /	282 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 5aca679bada4d3ad55ac43881a597f382f2fa499cd3f8a5989bcf168d2927f80 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/jpeg
GET H2	404	notice-error.png walesnd.buzz/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	315 B 315 B	212ms 212ms	Image text/html	2606:4700:3033::681b:ac3f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://walesnd.buzz/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-error.png Requested by Host: walesnd.buzz URL: https://walesnd.buzz/adobeEstate/adobeEstate/adobeEstate/adobeEstate/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::681b:ac3f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Request headers Referer https://walesnd.buzz/adobeEstate/adobeEstate/adobeEstate/adobeEstate/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Fri, 27 Mar 2020 23:49:58 GMT content-encoding br cf-cache-status MISS server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html; charset=iso-8859-1 status 404 cache-control max-age=14400 cf-ray 57ad02cd7a56dfcf-FRA
GET DATA	200 OK	truncated /	71 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4cf0818dd9010568437158677180d8aa461ec9c52770ee6cef771b5f6d01f3c1 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/png
GET H2	404	icon-username.png walesnd.buzz/cPanel_magic_revision_1335428098/unprotected/cpanel/images/	315 B 315 B	218ms 218ms	Image text/html	2606:4700:3033::681b:ac3f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://walesnd.buzz/cPanel_magic_revision_1335428098/unprotected/cpanel/images/icon-username.png Requested by Host: walesnd.buzz URL: https://walesnd.buzz/adobeEstate/adobeEstate/adobeEstate/adobeEstate/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::681b:ac3f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Request headers Referer https://walesnd.buzz/adobeEstate/adobeEstate/adobeEstate/adobeEstate/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Fri, 27 Mar 2020 23:49:58 GMT content-encoding br cf-cache-status EXPIRED server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html; charset=iso-8859-1 status 404 cache-control max-age=14400 cf-ray 57ad02cdfb1bdfcf-FRA
GET H2	404	icon-password.png walesnd.buzz/cPanel_magic_revision_1335428098/unprotected/cpanel/images/	315 B 315 B	213ms 213ms	Image text/html	2606:4700:3033::681b:ac3f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://walesnd.buzz/cPanel_magic_revision_1335428098/unprotected/cpanel/images/icon-password.png Requested by Host: walesnd.buzz URL: https://walesnd.buzz/adobeEstate/adobeEstate/adobeEstate/adobeEstate/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::681b:ac3f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Request headers Referer https://walesnd.buzz/adobeEstate/adobeEstate/adobeEstate/adobeEstate/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Fri, 27 Mar 2020 23:49:58 GMT content-encoding br cf-cache-status MISS server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html; charset=iso-8859-1 status 404 cache-control max-age=14400 cf-ray 57ad02cdfb1cdfcf-FRA
GET H2	404	notice-info.png walesnd.buzz/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	315 B 315 B	213ms 212ms	Image text/html	2606:4700:3033::681b:ac3f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://walesnd.buzz/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-info.png Requested by Host: walesnd.buzz URL: https://walesnd.buzz/adobeEstate/adobeEstate/adobeEstate/adobeEstate/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::681b:ac3f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Request headers Referer https://walesnd.buzz/adobeEstate/adobeEstate/adobeEstate/adobeEstate/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Fri, 27 Mar 2020 23:49:58 GMT content-encoding br cf-cache-status MISS server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html; charset=iso-8859-1 status 404 cache-control max-age=14400 cf-ray 57ad02ce0b37dfcf-FRA
GET H2	404	notice-success.png walesnd.buzz/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	315 B 315 B	218ms 217ms	Image text/html	2606:4700:3033::681b:ac3f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://walesnd.buzz/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-success.png Requested by Host: walesnd.buzz URL: https://walesnd.buzz/adobeEstate/adobeEstate/adobeEstate/adobeEstate/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::681b:ac3f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Request headers Referer https://walesnd.buzz/adobeEstate/adobeEstate/adobeEstate/adobeEstate/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Fri, 27 Mar 2020 23:49:58 GMT content-encoding br cf-cache-status EXPIRED server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html; charset=iso-8859-1 status 404 cache-control max-age=14400 cf-ray 57ad02ce0b39dfcf-FRA
GET H2	404	warning.png walesnd.buzz/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	315 B 315 B	222ms 221ms	Image text/html	2606:4700:3033::681b:ac3f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://walesnd.buzz/cPanel_magic_revision_1352765682/unprotected/cpanel/images/warning.png Requested by Host: walesnd.buzz URL: https://walesnd.buzz/adobeEstate/adobeEstate/adobeEstate/adobeEstate/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::681b:ac3f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Request headers Referer https://walesnd.buzz/adobeEstate/adobeEstate/adobeEstate/adobeEstate/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Fri, 27 Mar 2020 23:49:58 GMT content-encoding br cf-cache-status EXPIRED server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html; charset=iso-8859-1 status 404 cache-control max-age=14400 cf-ray 57ad02ce0b3bdfcf-FRA
GET H2	404	cpanel-logo-tiny.png walesnd.buzz/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	315 B 315 B	215ms 214ms	Image text/html	2606:4700:3033::681b:ac3f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://walesnd.buzz/cPanel_magic_revision_1352765682/unprotected/cpanel/images/cpanel-logo-tiny.png Requested by Host: walesnd.buzz URL: https://walesnd.buzz/adobeEstate/adobeEstate/adobeEstate/adobeEstate/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::681b:ac3f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Request headers Referer https://walesnd.buzz/adobeEstate/adobeEstate/adobeEstate/adobeEstate/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Fri, 27 Mar 2020 23:49:58 GMT content-encoding br cf-cache-status EXPIRED server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html; charset=iso-8859-1 status 404 cache-control max-age=14400 cf-ray 57ad02ce0b3cdfcf-FRA

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Adobe (Consumer)

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| getParm object| DOM object| MESSAGES function| toggle_locales function| fade_in function| fade_out function| ajaxObject function| login_results function| show_status function| reset_status_timeout function| set_status_timeout function| do_login function| _set_links_style function| hide_links function| show_links number| FADE_DURATION number| FADE_DELAY number| AJAX_TIMEOUT object| LOCALE_FADES boolean| HAS_CSS_OPACITY object| login_form object| login_username_el object| login_password_el object| login_submit_el object| div_cache boolean| content_cell object| reset_form object| reset_username_el object| RESET_FADES function| show_reset function| hide_reset function| set_opacity undefined| filter_regex string| _text_content object| level_classes object| levels_regex string| lv object| STATUS_TIMEOUT boolean| LOGIN_SUBMIT_OK object| login_button undefined| new_script object| preload object| resJS boolean| IS_LOGOUT object| EmailField

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.walesnd.buzz/	1970-01-19 09:05:44	Name: __cfduid Value: dd5711f7eeb4c5119671e53831fb4e23d1585352997

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

walesnd.buzz
2606:4700:3033::681b:ac3f
4cf0818dd9010568437158677180d8aa461ec9c52770ee6cef771b5f6d01f3c1
5aca679bada4d3ad55ac43881a597f382f2fa499cd3f8a5989bcf168d2927f80
c93bdc3f6370a59c4f09094e0dae79b863809147f9ca8b6a6a15bfb2e4bdaa3a
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3