trezor-service-activation.com Open in urlscan Pro
45.82.13.65 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://kingdomsermons.com/tx
Effective URL:
https://trezor-service-activation.com/
Submission: On December 03 via api (December 3rd 2024, 6:27:51 am UTC) from US — Scanned from CH

Summary HTTP 17 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 17 HTTP transactions. The main IP is 45.82.13.65, located in Stockholm, Sweden and belongs to GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB. The main domain is trezor-service-activation.com.
TLS certificate: Issued by R10 on December 2nd 2024. Valid for: 3 months.

This is the only time trezor-service-activation.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
4 7	172.67.135.101 172.67.135.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1 1	172.67.183.67 172.67.183.67	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	45.82.13.65 45.82.13.65	215540 (GCS-AS GL...) (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
17	5

7 172.67.135.101 (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

kingdomsermons.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.183.67 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

request-new-update.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 45.82.13.65 (Stockholm, Sweden)

ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB)
PTR: 46501.ip-ptr.tech

trezor-service-activation.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	trezor-service-activation.com trezor-service-activation.com	859 KB
7	kingdomsermons.com 4 redirects kingdomsermons.com	10 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 847	30 KB
1	request-new-update.com 1 redirects request-new-update.com	728 B
1	wp.com i0.wp.com — Cisco Umbrella Rank: 4317	1 KB
17	5

	Domain	Requested by
12	trezor-service-activation.com	trezor-service-activation.com code.jquery.com
7	kingdomsermons.com	4 redirects kingdomsermons.com
1	code.jquery.com	trezor-service-activation.com
1	request-new-update.com	1 redirects
1	i0.wp.com
17	5

This site contains links to these domains. Also see Links.

Domain
trezor.io
docs.trezor.io
data.trezor.io

Subject Issuer	Validity	Valid
kingdomsermons.com WE1	`2024-10-23` - `2025-01-21`	3 months	crt.sh
trezor-service-activation.com R10	`2024-12-02` - `2025-03-02`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://trezor-service-activation.com/
Frame ID: 41C01B36CB180201EE31B84519EB54F1
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Trezor Suite

Page URL History Show full URLs

https://kingdomsermons.com/tx Page URL
https://kingdomsermons.com/cdn-cgi/phish-bypass?atok=s_0qYFE315nurC41DNb6nSUxaebmCp31Zk6kY.PQ4to-173320... HTTP 301
https://kingdomsermons.com/tx HTTP 301
https://kingdomsermons.com/tx/ HTTP 302
https://request-new-update.com/ HTTP 302
https://trezor-service-activation.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

94 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

897 kB
Transfer

1086 kB
Size

2
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://trezor.io/trezor-suite
Title: Download desktop app

Search URL Search Domain Scan URL

URL: https://trezor.io/
Title: trezor.io

Search URL Search Domain Scan URL

URL: https://docs.trezor.io/trezor-suite/analytics/
Title: technical documentation

Search URL Search Domain Scan URL

URL: https://data.trezor.io/legal/wallet-terms.pdf
Title: Terms & Conditions

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://kingdomsermons.com/tx Page URL
https://kingdomsermons.com/cdn-cgi/phish-bypass?atok=s_0qYFE315nurC41DNb6nSUxaebmCp31Zk6kY.PQ4to-1733207261-0.0.1.1-%2Ftx HTTP 301
https://kingdomsermons.com/tx HTTP 301
https://kingdomsermons.com/tx/ HTTP 302
https://request-new-update.com/ HTTP 302
https://trezor-service-activation.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://kingdomsermons.com/favicon.ico HTTP 302
https://i0.wp.com/kingdomsermons.com/wp-content/uploads/2021/01/cropped-logo-sit.jpg?fit=32%2C32&ssl=1

17 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 403 tx Show response
kingdomsermons.com/ 4 KB
2 KB 64ms
25ms Document
text/html 172.67.135.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kingdomsermons.com/tx

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.135.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8bed231f63f9a7ff29810efe58a463a780fa1b118118c625a36d85a9d7e3f20d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

cf-ray: 8ec17e059da8b3a3-MUC
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 03 Dec 2024 06:27:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BUil415A4Ym2nnNG17vg4SaDvRjIOHuhL%2BiSjD%2F12DwejzdUVkyc2mIJpGeoIOd8G9spKgPhndxQipLnnT%2FRXrThT1HkKCuZGWacyO1wZuXGcrS8bGgwN%2BngKeQpZnAYrlLCFag%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H3 200 cf.errors.css
kingdomsermons.com/cdn-cgi/styles/ 23 KB
5 KB 23ms
23ms Stylesheet
text/css 172.67.135.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kingdomsermons.com/cdn-cgi/styles/cf.errors.css

Requested by

Host: kingdomsermons.com
URL: https://kingdomsermons.com/tx

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.135.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://kingdomsermons.com/tx

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"6740aa36-5df3"
x-content-type-options: nosniff
cf-ray: 8ec17e05cdbab3a3-MUC
expires: Tue, 03 Dec 2024 08:27:41 GMT
date: Tue, 03 Dec 2024 06:27:41 GMT
content-type: text/css
last-modified: Fri, 22 Nov 2024 15:58:46 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 icon-exclamation.png
kingdomsermons.com/cdn-cgi/images/ 452 B
634 B 23ms
23ms Image
image/png 172.67.135.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kingdomsermons.com/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: kingdomsermons.com
URL: https://kingdomsermons.com/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.135.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://kingdomsermons.com/cdn-cgi/styles/cf.errors.css

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
etag: "6740aa36-1c4"
x-content-type-options: nosniff
cf-ray: 8ec17e05edc9b3a3-MUC
expires: Tue, 03 Dec 2024 08:27:41 GMT
accept-ranges: bytes
content-length: 452
date: Tue, 03 Dec 2024 06:27:41 GMT
content-type: image/png
last-modified: Fri, 22 Nov 2024 15:58:46 GMT
server: cloudflare
x-frame-options: DENY

GET
H2

200

cropped-logo-sit.jpg
i0.wp.com/kingdomsermons.com/wp-content/uploads/2021/01/
Redirect Chain

https://kingdomsermons.com/favicon.ico
https://i0.wp.com/kingdomsermons.com/wp-content/uploads/2021/01/cropped-logo-sit.jpg?fit=32%2C32&ssl=1

654 B
1 KB

75ms
22ms

Other
image/webp

192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://i0.wp.com/kingdomsermons.com/wp-content/uploads/2021/01/cropped-logo-sit.jpg?fit=32%2C32&ssl=1

Protocol

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

68d4cc9524d2ba9b0590a37bffc63f8a002beda392d73ee8e1631d28620d631b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://kingdomsermons.com/

Response headers

etag: "c8d1060bd3117703"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Thu, 22 Oct 2026 22:08:39 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 03 Dec 2024 06:27:44 GMT
content-type: image/webp
last-modified: Tue, 22 Oct 2024 10:08:39 GMT
vary: Accept
link: <https://kingdomsermons.com/wp-content/uploads/2021/01/cropped-logo-sit.jpg>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT hhn 2
access-control-allow-origin: *
content-length: 654
server: nginx

Redirect headers

cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6AUiw7p8sWH7J7IkafizsNflqtd2%2Fd2uLS4jO%2Bw600ifn2k48g8ocUWU%2Bhf24MiTrO07CY3gyrnskadDbB7q8J2XjAEIoA35q3fgJR82pw60cnjRBKVTCiLsep3AsshApzcsoPU%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=23997&min_rtt=20197&rtt_var=6130&sent=22&recv=15&lost=0&retrans=0&sent_bytes=11967&recv_bytes=5746&delivery_rate=25711&cwnd=12000&unsent_bytes=0&cid=7e10cba05c7f0670&ts=3148&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 03 Dec 2024 06:27:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
priority: u=1,i
x-redirect-by: WordPress
strict-transport-security: max-age=31536000
link: <https://kingdomsermons.com/wp-json/>; rel="https://api.w.org/"
cache-control: no-cache
location: https://i0.wp.com/kingdomsermons.com/wp-content/uploads/2021/01/cropped-logo-sit.jpg?fit=32%2C32&ssl=1
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ec17e061dddb3a3-MUC
server: cloudflare

GET
H2

200

Primary Request / Show response
trezor-service-activation.com/
Redirect Chain

https://kingdomsermons.com/cdn-cgi/phish-bypass?atok=s_0qYFE315nurC41DNb6nSUxaebmCp31Zk6kY.PQ4to-1733207261-0.0.1.1-%2Ftx
https://kingdomsermons.com/tx
https://kingdomsermons.com/tx/
https://request-new-update.com/
https://trezor-service-activation.com/

53 KB
11 KB

185ms
71ms

Document
text/html

45.82.13.65
GCS-AS GLOBAL CON...

General

Check archive.org

Show headers Download Go to

Full URL: https://trezor-service-activation.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.13.65 Stockholm, Sweden, ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB),
Reverse DNS: 46501.ip-ptr.tech
Software: nginx / PHP/8.3.14 PleskLin
Resource Hash: c320db2083ba8369ae3414a55b6d6ff0ee0ea355dea8a71df8bcd914d984bc91

Request headers

Referer: https://kingdomsermons.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

content-encoding: gzip
content-length: 11453
content-type: text/html; charset=UTF-8
date: Tue, 03 Dec 2024 06:27:46 GMT
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.3.14 PleskLin

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8ec17e271b00ba8c-MXP
content-type: text/html; charset=UTF-8
date: Tue, 03 Dec 2024 06:27:46 GMT
location: https://trezor-service-activation.com/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XFVXOpUrJL8cpmp1r%2BuBKPAA8yOyzyBzvkrumqW9kOfL4JR8t4b0JzgSK%2BjlhjSmDY7aA%2FtbDFkvr8rpshC8O75q3thAW9Vj%2BJKplp%2Fj7ZqAdt0RJTiFQIvGC4u0i%2BpbpGGzrXSakoUe"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=19522&min_rtt=19447&rtt_var=3139&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4154&recv_bytes=4528&delivery_rate=629&cwnd=12000&unsent_bytes=0&cid=0a5e80aedef1fb64&ts=217&x=1" cfExtPri cfHdrFlush;dur=0
x-powered-by: PHP/8.3.14 PleskLin

GET
H2 200 fonts.css
trezor-service-activation.com/assets/css/ 615 B
409 B 95ms
95ms Stylesheet
text/css 45.82.13.65
GCS-AS GLOBAL CON...

General

Check archive.org

Show headers Download Go to

Full URL: https://trezor-service-activation.com/assets/css/fonts.css
Requested by: Host: trezor-service-activation.com
URL: https://trezor-service-activation.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.13.65 Stockholm, Sweden, ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB),
Reverse DNS: 46501.ip-ptr.tech
Software: nginx / PleskLin
Resource Hash: b853530af844d5ca7e8af27205367704f8942f4eec3c91fd52d27ac9ac14f656

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://trezor-service-activation.com/

Response headers

x-powered-by: PleskLin
content-encoding: gzip
etag: "267-627db6fd7d200-gzip"
x-accel-version: 0.01
accept-ranges: bytes
content-length: 202
date: Tue, 03 Dec 2024 06:27:46 GMT
content-type: text/css
last-modified: Wed, 27 Nov 2024 02:08:08 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 theme.css
trezor-service-activation.com/assets/css/ 41 KB
8 KB 151ms
150ms Stylesheet
text/css 45.82.13.65
GCS-AS GLOBAL CON...

General

Check archive.org

Show headers Download Go to

Full URL: https://trezor-service-activation.com/assets/css/theme.css
Requested by: Host: trezor-service-activation.com
URL: https://trezor-service-activation.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.13.65 Stockholm, Sweden, ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB),
Reverse DNS: 46501.ip-ptr.tech
Software: nginx / PleskLin
Resource Hash: 43b2ecd2326fabc070f671490ad5babb7c4b3685d99c144d2cb55aeaeff4f0e8

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://trezor-service-activation.com/

Response headers

content-encoding: br
date: Tue, 03 Dec 2024 06:27:46 GMT
etag: W/"6746a2c6-a2fc"
content-type: text/css
last-modified: Wed, 27 Nov 2024 04:40:38 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 png-4.png
trezor-service-activation.com/assets/img/ 75 KB
75 KB 131ms
130ms Image
image/png 45.82.13.65
GCS-AS GLOBAL CON...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trezor-service-activation.com/assets/img/png-4.png
Requested by: Host: trezor-service-activation.com
URL: https://trezor-service-activation.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.13.65 Stockholm, Sweden, ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB),
Reverse DNS: 46501.ip-ptr.tech
Software: nginx / PleskLin
Resource Hash: dd401bf655e08186f32c04b30a48aa8c6154c2bd31e077d4b0a5e07c2f45f2e9

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer

Response headers

etag: "67468748-12abe"
accept-ranges: bytes
content-length: 76478
date: Tue, 03 Dec 2024 06:27:46 GMT
content-type: image/png
last-modified: Wed, 27 Nov 2024 02:43:20 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 png-3.png
trezor-service-activation.com/assets/img/ 25 KB
26 KB 140ms
139ms Image
image/png 45.82.13.65
GCS-AS GLOBAL CON...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trezor-service-activation.com/assets/img/png-3.png
Requested by: Host: trezor-service-activation.com
URL: https://trezor-service-activation.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.13.65 Stockholm, Sweden, ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB),
Reverse DNS: 46501.ip-ptr.tech
Software: nginx / PleskLin
Resource Hash: c6ee1abbe2c377ea2bc27b7adb34b9731cbac4fd0bd54309cdc12f0e00860280

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer

Response headers

etag: "67468738-65be"
accept-ranges: bytes
content-length: 26046
date: Tue, 03 Dec 2024 06:27:46 GMT
content-type: image/png
last-modified: Wed, 27 Nov 2024 02:43:04 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 png-2.png
trezor-service-activation.com/assets/img/ 25 KB
26 KB 140ms
139ms Image
image/png 45.82.13.65
GCS-AS GLOBAL CON...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trezor-service-activation.com/assets/img/png-2.png
Requested by: Host: trezor-service-activation.com
URL: https://trezor-service-activation.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.13.65 Stockholm, Sweden, ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB),
Reverse DNS: 46501.ip-ptr.tech
Software: nginx / PleskLin
Resource Hash: c6ee1abbe2c377ea2bc27b7adb34b9731cbac4fd0bd54309cdc12f0e00860280

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer

Response headers

etag: "67468716-65be"
accept-ranges: bytes
content-length: 26046
date: Tue, 03 Dec 2024 06:27:46 GMT
content-type: image/png
last-modified: Wed, 27 Nov 2024 02:42:30 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 png-1.png
trezor-service-activation.com/assets/img/ 75 KB
75 KB 140ms
139ms Image
image/png 45.82.13.65
GCS-AS GLOBAL CON...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trezor-service-activation.com/assets/img/png-1.png
Requested by: Host: trezor-service-activation.com
URL: https://trezor-service-activation.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.13.65 Stockholm, Sweden, ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB),
Reverse DNS: 46501.ip-ptr.tech
Software: nginx / PleskLin
Resource Hash: dd401bf655e08186f32c04b30a48aa8c6154c2bd31e077d4b0a5e07c2f45f2e9

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer

Response headers

etag: "67468708-12abe"
accept-ranges: bytes
content-length: 76478
date: Tue, 03 Dec 2024 06:27:46 GMT
content-type: image/png
last-modified: Wed, 27 Nov 2024 02:42:16 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 warningSmall.png
trezor-service-activation.com/assets/img/ 12 KB
12 KB 93ms
92ms Image
image/png 45.82.13.65
GCS-AS GLOBAL CON...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trezor-service-activation.com/assets/img/warningSmall.png
Requested by: Host: trezor-service-activation.com
URL: https://trezor-service-activation.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.13.65 Stockholm, Sweden, ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB),
Reverse DNS: 46501.ip-ptr.tech
Software: nginx / PleskLin
Resource Hash: 7acec745d8a64ee063601a3f3704dfcbf651732cbf21480f19d7772799774429

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer

Response headers

etag: "670d4640-315c"
accept-ranges: bytes
content-length: 12636
date: Tue, 03 Dec 2024 06:27:46 GMT
content-type: image/png
last-modified: Mon, 14 Oct 2024 16:26:40 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 jquery-3.7.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 82ms
20ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.7.1.min.js
Requested by: Host: trezor-service-activation.com
URL: https://trezor-service-activation.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Origin: https://trezor-service-activation.com
Referer

Response headers

content-encoding: gzip
etag: W/"28feccc0-155ed"
age: 3200695
x-cache: HIT, HIT
date: Tue, 03 Dec 2024 06:27:46 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
x-cache-hits: 44, 862748
x-served-by: cache-lga21978-LGA, cache-lin1730022-LIN
vary: Accept-Encoding
cache-control: public, max-age=31536000, stale-while-revalidate=604800
x-timer: S1733207267.892058,VS0,VE0
cross-origin-resource-policy: cross-origin
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30336
server: nginx

GET
H2 200 recover.js Show response
trezor-service-activation.com/assets/js/ 8 KB
2 KB 91ms
91ms Script
text/javascript 45.82.13.65
GCS-AS GLOBAL CON...

General

Check archive.org

Show headers Download Go to

Full URL: https://trezor-service-activation.com/assets/js/recover.js
Requested by: Host: trezor-service-activation.com
URL: https://trezor-service-activation.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.13.65 Stockholm, Sweden, ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB),
Reverse DNS: 46501.ip-ptr.tech
Software: nginx / PleskLin
Resource Hash: c123286d1543af097b375164510b5cbdf15b30156f66c192db6e0eb2f991d1f4

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer

Response headers

content-encoding: br
date: Tue, 03 Dec 2024 06:27:46 GMT
etag: W/"6746af40-1ee8"
content-type: text/javascript
last-modified: Wed, 27 Nov 2024 05:33:52 GMT
server: nginx
x-powered-by: PleskLin

GET
DATA 200
OK truncated
/ 12 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 88b38b74a9e3bb74c5f7e1ef5f856a24b5b1c69e9254f85a482a671f29c4c44d

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 TTSatoshi-Medium.otf
trezor-service-activation.com/assets/css/ 311 KB
312 KB 110ms
109ms Font
font/otf 45.82.13.65
GCS-AS GLOBAL CON...

General

Check archive.org

Show headers Download Go to

Full URL: https://trezor-service-activation.com/assets/css/TTSatoshi-Medium.otf
Requested by: Host: trezor-service-activation.com
URL: https://trezor-service-activation.com/assets/css/fonts.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.13.65 Stockholm, Sweden, ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB),
Reverse DNS: 46501.ip-ptr.tech
Software: nginx / PleskLin
Resource Hash: 7de6dae5dbfaa662ef8901ded1f49c04d216d77d798e2aa41b0e649590206e6e

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Origin: https://trezor-service-activation.com
Referer: https://trezor-service-activation.com/assets/css/fonts.css

Response headers

etag: "67467ebe-4dd28"
accept-ranges: bytes
content-length: 318760
date: Tue, 03 Dec 2024 06:27:47 GMT
content-type: font/otf
last-modified: Wed, 27 Nov 2024 02:06:54 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 TTSatoshi-DemiBold.otf
trezor-service-activation.com/assets/css/ 305 KB
305 KB 65ms
65ms Font
font/otf 45.82.13.65
GCS-AS GLOBAL CON...

General

Check archive.org

Show headers Download Go to

Full URL: https://trezor-service-activation.com/assets/css/TTSatoshi-DemiBold.otf
Requested by: Host: trezor-service-activation.com
URL: https://trezor-service-activation.com/assets/css/fonts.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.13.65 Stockholm, Sweden, ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB),
Reverse DNS: 46501.ip-ptr.tech
Software: nginx / PleskLin
Resource Hash: fcefb74239de3b1e766c2bf57d257d7a5bdcb2502f5bb1e8e4205d12662b9113

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Origin: https://trezor-service-activation.com
Referer: https://trezor-service-activation.com/assets/css/fonts.css

Response headers

etag: "67467eba-4c2d8"
accept-ranges: bytes
content-length: 312024
date: Tue, 03 Dec 2024 06:27:46 GMT
content-type: font/otf
last-modified: Wed, 27 Nov 2024 02:06:50 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 wordlist.json Show response
trezor-service-activation.com/assets/js/ 29 KB
7 KB 104ms
103ms XHR
application/json 45.82.13.65
GCS-AS GLOBAL CON...

General

Check archive.org

Show headers Download Go to

Full URL: https://trezor-service-activation.com/assets/js/wordlist.json
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.7.1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.82.13.65 Stockholm, Sweden, ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB),
Reverse DNS: 46501.ip-ptr.tech
Software: nginx / PleskLin
Resource Hash: 7f621537a89864c29879b61d85d75271d830dd60e20eb33040fc472a13566833

Request headers

Referer
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Accept: application/json, text/javascript, */*; q=0.01

Response headers

content-encoding: br
date: Tue, 03 Dec 2024 06:27:46 GMT
etag: W/"67428086-733f"
content-type: application/json
last-modified: Sun, 24 Nov 2024 01:25:26 GMT
server: nginx
x-powered-by: PleskLin

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			kingdomsermons.com/	1970-01-21 11:02:47	Name: X_CACHE_KEY Value: e1ad9432ae6b3b93fc3340b1185f60d4
			.kingdomsermons.com/	1970-01-21 01:28:13	Name: __cf_mw_byp Value: s_0qYFE315nurC41DNb6nSUxaebmCp31Zk6kY.PQ4to-1733207261-0.0.1.1-/tx

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://kingdomsermons.com/tx Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
i0.wp.com
kingdomsermons.com
request-new-update.com
trezor-service-activation.com
172.67.135.101
172.67.183.67
192.0.77.2
2a04:4e42:200::649
45.82.13.65
43b2ecd2326fabc070f671490ad5babb7c4b3685d99c144d2cb55aeaeff4f0e8
68d4cc9524d2ba9b0590a37bffc63f8a002beda392d73ee8e1631d28620d631b
7acec745d8a64ee063601a3f3704dfcbf651732cbf21480f19d7772799774429
7de6dae5dbfaa662ef8901ded1f49c04d216d77d798e2aa41b0e649590206e6e
7f621537a89864c29879b61d85d75271d830dd60e20eb33040fc472a13566833
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
88b38b74a9e3bb74c5f7e1ef5f856a24b5b1c69e9254f85a482a671f29c4c44d
8bed231f63f9a7ff29810efe58a463a780fa1b118118c625a36d85a9d7e3f20d
b853530af844d5ca7e8af27205367704f8942f4eec3c91fd52d27ac9ac14f656
c123286d1543af097b375164510b5cbdf15b30156f66c192db6e0eb2f991d1f4
c320db2083ba8369ae3414a55b6d6ff0ee0ea355dea8a71df8bcd914d984bc91
c6ee1abbe2c377ea2bc27b7adb34b9731cbac4fd0bd54309cdc12f0e00860280
dd401bf655e08186f32c04b30a48aa8c6154c2bd31e077d4b0a5e07c2f45f2e9
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
fcefb74239de3b1e766c2bf57d257d7a5bdcb2502f5bb1e8e4205d12662b9113

trezor-service-activation.com Open in urlscan Pro 45.82.13.65 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

94 %HTTPS

20 %IPv6

5 Domains

5 Subdomains

5 IPs

2 Countries

897 kBTransfer

1086 kBSize

2 Cookies

4 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

2 Cookies

1 Console Messages

Security Headers

Indicators

trezor-service-activation.com Open in urlscan Pro
45.82.13.65 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

94 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

897 kB
Transfer

1086 kB
Size

2
Cookies

17 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!