titanboxwear.com - urlscan.io

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 3 HTTP transactions. The main IP is 185.129.251.225, located in Spain and belongs to CUBENODE, ES. The main domain is titanboxwear.com.
TLS certificate: Issued by R3 on February 3rd 2021. Valid for: 3 months.

This is the only time titanboxwear.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online) Yahoo (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	209.250.233.142 209.250.233.142	20473 (AS-CHOOPA) (AS-CHOOPA)
2	185.129.251.225 185.129.251.225	203178 (CUBENODE) (CUBENODE)
1 1	2600:9000:211... 2600:9000:211e:ac00:10:7abf:f800:93a1	16509 (AMAZON-02) (AMAZON-02)
1	185.199.111.153 185.199.111.153	54113 (FASTLY) (FASTLY)
3	2

1 209.250.233.142 (Frankfurt am Main, Germany) 1 redirects

ASN20473 (AS-CHOOPA, US)
PTR: haproxyfe1.production.fra.vultr.georiot.com

geni.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.129.251.225 (Spain)

ASN203178 (CUBENODE, ES)
PTR: hola.mkparadise.com

titanboxwear.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:ac00:10:7abf:f800:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

www.sitepoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.199.111.153 (United States)

ASN54113 (FASTLY, US)
PTR: cdn-185-199-111-153.github.com

i2.sitepoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	sitepoint.com 1 redirects www.sitepoint.com i2.sitepoint.com	6 KB
2	titanboxwear.com titanboxwear.com	14 KB
1	geni.us 1 redirects geni.us	380 B
3	3

	Domain	Requested by
2	titanboxwear.com	titanboxwear.com
1	i2.sitepoint.com	titanboxwear.com
1	www.sitepoint.com	1 redirects
1	geni.us	1 redirects
3	4

This site contains no links.

Subject Issuer	Validity	Valid
www.titanboxwear.com R3	`2021-02-03` - `2021-05-04`	3 months	crt.sh
i2.sitepoint.com R3	`2021-01-02` - `2021-04-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://titanboxwear.com/wp-admins/attLogin_Yah00/attLogin_Yah00/YY.html
Frame ID: 6A4596FB658187F5C153AF8C84507043
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://geni.us/pySRR HTTP 302
https://titanboxwear.com/wp-admins/attLogin_Yah00/attLogin_Yah00/YY.html Page URL

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

Page Statistics

3
Requests

100 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

2
IPs

3
Countries

20 kB
Transfer

31 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://geni.us/pySRR HTTP 302
https://titanboxwear.com/wp-admins/attLogin_Yah00/attLogin_Yah00/YY.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js HTTP 301
https://i2.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request YY.html Show response titanboxwear.com/wp-admins/attLogin_Yah00/attLogin_Yah00/ Redirect Chain https://geni.us/pySRR https://titanboxwear.com/wp-admins/attLogin_Yah00/attLogin_Yah00/YY.html	2 KB 1 KB	225ms 62ms	Document text/html	185.129.251.225 CUBENODE
General Check archive.org Show headers Download Go to Full URL https://titanboxwear.com/wp-admins/attLogin_Yah00/attLogin_Yah00/YY.html Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 185.129.251.225 , Spain, ASN203178 (CUBENODE, ES), Reverse DNS hola.mkparadise.com Software LiteSpeed / WP Rocket/3.4.2.2 Resource Hash `35b0368ee35a6d0c4bd8f30339e5e3301b01988f596e25600ad9b680b0df67ba` Request headers :method GET :authority titanboxwear.com :scheme https :path /wp-admins/attLogin_Yah00/attLogin_Yah00/YY.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1 Response headers cache-control public, max-age=0,public expires Mon, 01 Mar 2021 19:47:44 GMT content-type text/html; charset=UTF-8 accept-ranges bytes content-encoding br vary Accept-Encoding,User-Agent,Accept-Encoding content-length 720 date Mon, 01 Mar 2021 19:47:44 GMT server LiteSpeed x-powered-by WP Rocket/3.4.2.2 alt-svc quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000 Redirect headers server nginx date Mon, 01 Mar 2021 19:47:45 GMT content-type text/html content-length 187 location https://titanboxwear.com/wp-admins/attLogin_Yah00/attLogin_Yah00/YY.html expires Mon, 01 Jan 0001 00:00:00 GMT cache-control private, no-store x-robots-tag noindex x-frame-options SAMEORIGIN content-security-policy frame-ancestors 'self';
GET H2	200	MaskedPassword.js Show response i2.sitepoint.com/examples/password/MaskedPassword/ Redirect Chain https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js https://i2.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js	17 KB 6 KB	243ms 164ms	Script application/javascript	185.199.111.153 FASTLY
General Check archive.org Show headers Download Go to Full URL https://i2.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js Requested by Host: titanboxwear.com URL: https://titanboxwear.com/wp-admins/attLogin_Yah00/attLogin_Yah00/YY.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.199.111.153 , United States, ASN54113 (FASTLY, US), Reverse DNS cdn-185-199-111-153.github.com Software GitHub.com / Resource Hash `2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825` Request headers Referer https://titanboxwear.com/wp-admins/attLogin_Yah00/attLogin_Yah00/YY.html User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1 Response headers x-fastly-request-id 1e6899c9e7c99670c81ebfd018052698896ad340 date Mon, 01 Mar 2021 19:47:46 GMT content-encoding gzip age 0 x-cache MISS content-length 5816 x-served-by cache-cph20641-CPH access-control-allow-origin * last-modified Sun, 18 Oct 2020 23:08:24 GMT server GitHub.com x-github-request-id 268E:81B8:17966E:18B4FA:603D44E2 x-timer S1614628066.093782,VS0,VE140 etag W/"5f8ccae8-4208" vary Accept-Encoding content-type application/javascript; charset=utf-8 via 1.1 varnish expires Mon, 01 Mar 2021 19:57:46 GMT cache-control max-age=600 accept-ranges bytes x-proxy-cache MISS x-cache-hits 0 Redirect headers date Mon, 01 Mar 2021 18:19:36 GMT via 1.1 fd3cce3e0bafd8b312277d0ad9f4762f.cloudfront.net (CloudFront) server CloudFront age 5290 x-cache Hit from cloudfront location https://i2.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js x-amz-cf-pop FRA56-C2 content-length 0 x-amz-cf-id SA3c96_lOcOe4LHMk6S_QCFt8Im615J41wDp2ZWxuj0WwHlpHLvo-A==
GET H3-Q050	200	YY1.png titanboxwear.com/wp-admins/attLogin_Yah00/attLogin_Yah00/YY1.htm/	13 KB 13 KB	123ms 61ms	Image image/png	185.129.251.225 CUBENODE
General Check archive.org Show headers Download Go to Show image Full URL https://titanboxwear.com/wp-admins/attLogin_Yah00/attLogin_Yah00/YY1.htm/YY1.png Requested by Host: titanboxwear.com URL: https://titanboxwear.com/wp-admins/attLogin_Yah00/attLogin_Yah00/YY.html Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 185.129.251.225 , Spain, ASN203178 (CUBENODE, ES), Reverse DNS hola.mkparadise.com Software LiteSpeed / Resource Hash `5a8481b39019c6301a58f46a8aa7a14f2272c57bffa89d3f843ac6541121600a` Request headers Referer https://titanboxwear.com/wp-admins/attLogin_Yah00/attLogin_Yah00/YY.html User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1 Response headers date Mon, 01 Mar 2021 19:47:44 GMT last-modified Thu, 05 Oct 2017 16:07:10 GMT server LiteSpeed vary User-Agent,Accept-Encoding content-type image/png cache-control public, max-age=2592000,public accept-ranges bytes content-length 12947 expires Wed, 31 Mar 2021 19:47:44 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online) Yahoo (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

geni.us
i2.sitepoint.com
titanboxwear.com
www.sitepoint.com
185.129.251.225
185.199.111.153
209.250.233.142
2600:9000:211e:ac00:10:7abf:f800:93a1
2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825
35b0368ee35a6d0c4bd8f30339e5e3301b01988f596e25600ad9b680b0df67ba
5a8481b39019c6301a58f46a8aa7a14f2272c57bffa89d3f843ac6541121600a

titanboxwear.com Open in urlscan Pro 185.129.251.225 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

3 Requests

100 %HTTPS

25 %IPv6

3 Domains

4 Subdomains

2 IPs

3 Countries

20 kBTransfer

31 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

Indicators

titanboxwear.com Open in urlscan Pro
185.129.251.225 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

2
IPs

3
Countries

20 kB
Transfer

31 kB
Size

0
Cookies

3 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!