urlscan.io logo urlscan.io
SecurityTrails logo

psicomatter.com Open in urlscan Pro
173.212.242.20  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
Submission: On April 26 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 173.212.242.20, located in Nuremberg, Germany and belongs to CONTABO, DE. The main domain is psicomatter.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 3rd 2020. Valid for: 3 months.
This is the only time psicomatter.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

IP Address AS Autonomous System
1 8 173.212.242.20 51167 (CONTABO)
2 2606:4700::68... 13335 (CLOUDFLAR...)
10 3
Apex Domain
Subdomains		 Transfer
8 psicomatter.com
psicomatter.com
www.psicomatter.com
258 KB
2 cloudflare.com
cdnjs.cloudflare.com
78 KB
10 2
Domain Requested by
7 psicomatter.com 1 redirects psicomatter.com
2 cdnjs.cloudflare.com psicomatter.com
1 www.psicomatter.com psicomatter.com
10 3

This site contains no links.

Subject Issuer Validity Valid
psicomatter.com
cPanel, Inc. Certification Authority		 2020-03-03 -
2020-06-01		 3 months crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2		 2020-01-07 -
2020-10-09		 9 months crt.sh

This page contains 1 frames:

Primary Page: https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
Frame ID: 22D35EF416C6F8AEB818A5B2CC534B3E
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

10
Requests

90 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

352 kB
Transfer

549 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://psicomatter.com/css/jquery.mobile.css?v=19.12.00 HTTP 301
  • https://www.psicomatter.com/css/jquery.mobile.css?v=19.12.00
Request Chain 8
  • https://psicomatter.com/wp-includes/js/us/regrodc/javascript/myriad.woff2 HTTP 301
  • https://www.psicomatter.com/wp-includes/js/us/regrodc/javascript/myriad.woff2

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request indexs.php
psicomatter.com/wp-includes/js/us/regrodc/ 		9 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
173.212.242.20 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
vmi221974.contaboserver.net
Software
Apache /
Resource Hash
426e86512578fc1b75a3f91d3e3afaeaf85fe9111a3deda76c5bbaa4b8ae58dc

Request headers

Host
psicomatter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 12:28:30 GMT
Server
Apache
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
style.css
psicomatter.com/wp-includes/js/us/regrodc/css/ 		4 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://psicomatter.com/wp-includes/js/us/regrodc/css/style.css
Requested by
Host: psicomatter.com
URL: https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
173.212.242.20 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
vmi221974.contaboserver.net
Software
Apache /
Resource Hash
86faeab09e16d426a818bb33e89eb231d3c005905ecfa88e11365e50768e3b1c

Request headers

Referer
https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 12:28:30 GMT
Last-Modified
Mon, 28 Oct 2019 19:13:22 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
3625
jquery.mobile.css
www.psicomatter.com/css/
Redirect Chain
  • https://psicomatter.com/css/jquery.mobile.css?v=19.12.00
  • https://www.psicomatter.com/css/jquery.mobile.css?v=19.12.00
0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.psicomatter.com/css/jquery.mobile.css?v=19.12.00
Requested by
Host: psicomatter.com
URL: https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
173.212.242.20 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
vmi221974.contaboserver.net
Software
/
Resource Hash

Request headers

Referer
https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

Date
Sun, 26 Apr 2020 12:28:30 GMT
Server
Apache
Content-Type
text/html; charset=UTF-8
Location
https://www.psicomatter.com/css/jquery.mobile.css?v=19.12.00
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
0
Expires
Wed, 11 Jan 1984 05:00:00 GMT
desktop-tablet.combined.css
psicomatter.com/wp-includes/js/us/regrodc/css/ 		192 KB
193 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://psicomatter.com/wp-includes/js/us/regrodc/css/desktop-tablet.combined.css
Requested by
Host: psicomatter.com
URL: https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
173.212.242.20 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
vmi221974.contaboserver.net
Software
Apache /
Resource Hash
1f3fd405c64b807d88a6f32a0b972c38e9ca66f3380ca051d7c8038c5b96b880

Request headers

Referer
https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 12:28:30 GMT
Last-Modified
Mon, 28 Oct 2019 19:13:22 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
196954
archer.css
psicomatter.com/wp-includes/js/us/regrodc/css/ 		21 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://psicomatter.com/wp-includes/js/us/regrodc/css/archer.css
Requested by
Host: psicomatter.com
URL: https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
173.212.242.20 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
vmi221974.contaboserver.net
Software
Apache /
Resource Hash
addf96fe07895d750d00834b2cf4e66bd6cfb25364a40bde81c8464e00698947

Request headers

Referer
https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 12:28:30 GMT
Last-Modified
Mon, 28 Oct 2019 19:13:22 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
21839
masthead-img-logo.svg
psicomatter.com/wp-includes/js/us/regrodc/images/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://psicomatter.com/wp-includes/js/us/regrodc/images/masthead-img-logo.svg
Requested by
Host: psicomatter.com
URL: https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
173.212.242.20 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
vmi221974.contaboserver.net
Software
Apache /
Resource Hash
5f7d5fb148b72d2c8c3a459d94eb65d1c927da54c1ecb43f9bddfe6449730cfe

Request headers

Referer
https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 12:28:30 GMT
Last-Modified
Wed, 27 Nov 2019 22:29:36 GMT
Server
Apache
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
5740
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/ 		256 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/jquery.js
Requested by
Host: psicomatter.com
URL: https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78f27c3d7cb5d766466703adc7f7ad7706b7fb05514eec39be0aa253449bd0f8
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 26 Apr 2020 12:28:30 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
202177
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
02580ef8220000175a672d5200000001
served-in-seconds
0.003
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:21:00 GMT
server
cloudflare
etag
W/"5afd497c-40023"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
58a04dd36bfa175a-FRA
expires
Fri, 16 Apr 2021 12:28:30 GMT
jquery.mask.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ 		20 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js
Requested by
Host: psicomatter.com
URL: https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 26 Apr 2020 12:28:30 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
15485449
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
02580ef8220000175a672d6200000001
served-in-seconds
0.001
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:20:59 GMT
server
cloudflare
etag
W/"5afd497b-4e98"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
58a04dd36bfb175a-FRA
expires
Fri, 16 Apr 2021 12:28:30 GMT
truncated
/ 		428 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
03de4b9cf46dd5570223a4f4b3f57a02b609fc53430d95c2f265e8b6368713a3

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
myriad.woff2
www.psicomatter.com/wp-includes/js/us/regrodc/javascript/
Redirect Chain
  • https://psicomatter.com/wp-includes/js/us/regrodc/javascript/myriad.woff2
  • https://www.psicomatter.com/wp-includes/js/us/regrodc/javascript/myriad.woff2
0
0
truncated
/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e96b46a59ee68d66d600ccd8ce06ac4144a225e5125a8ad23ddaf024e09d71eb

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
Origin
https://psicomatter.com

Response headers

Content-Type
application/x-font-woff
awe.woff
psicomatter.com/wp-includes/js/us/regrodc/javascript/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://psicomatter.com/wp-includes/js/us/regrodc/javascript/awe.woff
Requested by
Host: psicomatter.com
URL: https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
173.212.242.20 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
vmi221974.contaboserver.net
Software
Apache /
Resource Hash
8bb7974183ff975132235b0da28f9eb00d607ce863ed24ae71219ec96a38b5ef

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://psicomatter.com/wp-includes/js/us/regrodc/indexs.php
Origin
https://psicomatter.com

Response headers

Date
Sun, 26 Apr 2020 12:28:34 GMT
Last-Modified
Mon, 09 Dec 2019 22:37:20 GMT
Server
Apache
Content-Type
font/woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
25244

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.psicomatter.com
URL
https://www.psicomatter.com/wp-includes/js/us/regrodc/javascript/myriad.woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate string| message undefined| NOclickIE function| NOclickNN function| checkform string| a string| b string| c string| d string| e string| code function| ValidCaptcha function| removeSpaces function| $ function| jQuery

0 Cookies