urlscan.io logo urlscan.io
SecurityTrails logo

u7uk1hri.dreamwp.com Open in urlscan Pro
2a00:fd80:a222:bbbb:bba5:a1:ffff:ffff  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://u7uk1hri.dreamwp.com/sugar/home/medical.php?cmd=7961972f6981a266486bfed508a75065
Submission: On April 26 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 2a00:fd80:a222:bbbb:bba5:a1:ffff:ffff, located in United Arab Emirates and belongs to DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU. The main domain is u7uk1hri.dreamwp.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 4th 2023. Valid for: a year.
This is the only time u7uk1hri.dreamwp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Coinbase (Crypto Exchange)

Domain & IP information

IP Address AS Autonomous System
9 2a00:fd80:a22... 38719 (DREAMSCAP...)
9 1
Apex Domain
Subdomains		 Transfer
9 dreamwp.com
u7uk1hri.dreamwp.com
345 KB
9 1
Domain Requested by
9 u7uk1hri.dreamwp.com u7uk1hri.dreamwp.com
9 1

This site contains no links.

Subject Issuer Validity Valid
*.dreamwp.com
Sectigo RSA Domain Validation Secure Server CA		 2023-01-04 -
2024-01-15		 a year crt.sh

This page contains 1 frames:

Primary Page: https://u7uk1hri.dreamwp.com/sugar/home/medical.php?cmd=7961972f6981a266486bfed508a75065
Frame ID: 7051345FE61653857D4993FDD3C59E81
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Coinbase

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • <[^>]+data-controller
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

345 kB
Transfer

1337 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request medical.php
u7uk1hri.dreamwp.com/sugar/home/ 		17 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://u7uk1hri.dreamwp.com/sugar/home/medical.php?cmd=7961972f6981a266486bfed508a75065
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:fd80:a222:bbbb:bba5:a1:ffff:ffff , United Arab Emirates, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU),
Reverse DNS
Software
nginx / PHP/7.3.33
Resource Hash
47172e395fcecfd28f388b15c8a5670d272ed21f11267fb286ba47d1b19975bd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
7037
content-type
text/html; charset=UTF-8
date
Wed, 26 Apr 2023 15:14:02 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/7.3.33
core-63e737142547145b29093fe91f0056e653a0fab2cb9cb1049bbda4158c991e40.css
u7uk1hri.dreamwp.com/sugar/home/files/ 		332 KB
63 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://u7uk1hri.dreamwp.com/sugar/home/files/core-63e737142547145b29093fe91f0056e653a0fab2cb9cb1049bbda4158c991e40.css
Requested by
Host: u7uk1hri.dreamwp.com
URL: https://u7uk1hri.dreamwp.com/sugar/home/medical.php?cmd=7961972f6981a266486bfed508a75065
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:fd80:a222:bbbb:bba5:a1:ffff:ffff , United Arab Emirates, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU),
Reverse DNS
Software
nginx /
Resource Hash
e416288aef157f4d2d9957090f3fdf2462b330d7f49d9b85b22f3e8c9c701951

Request headers

accept-language
en-US,en;q=0.9
Referer
https://u7uk1hri.dreamwp.com/sugar/home/medical.php?cmd=7961972f6981a266486bfed508a75065
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 15:14:02 GMT
content-encoding
gzip
last-modified
Fri, 24 Mar 2023 19:15:54 GMT
server
nginx
etag
W/"641df6ea-52e79"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
expires
Fri, 26 May 2023 15:14:02 GMT
application-351b7dc0d6dbf18a49e6d410a2e1900b5db113e6504f64b58eec19e35d9b1030.css
u7uk1hri.dreamwp.com/sugar/home/files/ 		304 KB
52 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://u7uk1hri.dreamwp.com/sugar/home/files/application-351b7dc0d6dbf18a49e6d410a2e1900b5db113e6504f64b58eec19e35d9b1030.css
Requested by
Host: u7uk1hri.dreamwp.com
URL: https://u7uk1hri.dreamwp.com/sugar/home/medical.php?cmd=7961972f6981a266486bfed508a75065
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:fd80:a222:bbbb:bba5:a1:ffff:ffff , United Arab Emirates, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU),
Reverse DNS
Software
nginx /
Resource Hash
5963c099e03a33df7ad2ae9ed0ff77f1c134012f00d89a6ad6cdbdba44839452

Request headers

accept-language
en-US,en;q=0.9
Referer
https://u7uk1hri.dreamwp.com/sugar/home/medical.php?cmd=7961972f6981a266486bfed508a75065
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 15:14:02 GMT
content-encoding
gzip
last-modified
Fri, 24 Mar 2023 19:16:18 GMT
server
nginx
etag
W/"641df702-4bf00"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
expires
Fri, 26 May 2023 15:14:02 GMT
cds.de3ee9bfa7f8cd381471.css
u7uk1hri.dreamwp.com/sugar/home/files/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://u7uk1hri.dreamwp.com/sugar/home/files/cds.de3ee9bfa7f8cd381471.css
Requested by
Host: u7uk1hri.dreamwp.com
URL: https://u7uk1hri.dreamwp.com/sugar/home/medical.php?cmd=7961972f6981a266486bfed508a75065
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:fd80:a222:bbbb:bba5:a1:ffff:ffff , United Arab Emirates, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU),
Reverse DNS
Software
nginx / PHP/7.3.33
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://u7uk1hri.dreamwp.com/sugar/home/medical.php?cmd=7961972f6981a266486bfed508a75065
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 15:14:06 GMT
content-encoding
gzip
server
nginx
x-powered-by
PHP/7.3.33
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cache-control
no-cache, must-revalidate, max-age=0
link
<https://u7uk1hri.dreamwp.com/wp-json/>; rel="https://api.w.org/"
content-length
10967
expires
Wed, 11 Jan 1984 05:00:00 GMT
jquery-cb0decd18b4b0abbece3cfc180d9adc8e11dfa693cf34c2ff1ffcda86e725301.js
u7uk1hri.dreamwp.com/sugar/home/files/ 		96 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://u7uk1hri.dreamwp.com/sugar/home/files/jquery-cb0decd18b4b0abbece3cfc180d9adc8e11dfa693cf34c2ff1ffcda86e725301.js
Requested by
Host: u7uk1hri.dreamwp.com
URL: https://u7uk1hri.dreamwp.com/sugar/home/medical.php?cmd=7961972f6981a266486bfed508a75065
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:fd80:a222:bbbb:bba5:a1:ffff:ffff , United Arab Emirates, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU),
Reverse DNS
Software
nginx /
Resource Hash
465af1e16966f18866fe01296d1d44c211cea6dd584790562e1d3bedc03374d9

Request headers

accept-language
en-US,en;q=0.9
Referer
https://u7uk1hri.dreamwp.com/sugar/home/medical.php?cmd=7961972f6981a266486bfed508a75065
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 15:14:02 GMT
content-encoding
gzip
last-modified
Fri, 24 Mar 2023 19:16:48 GMT
server
nginx
etag
W/"641df720-17e46"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
expires
Fri, 26 May 2023 15:14:02 GMT
application-77f549ec32b2c1c63d20e3c4cf24c1fc2a6bd2a93bdd76558283286fdb88ca91.js
u7uk1hri.dreamwp.com/sugar/home/files/ 		548 KB
149 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://u7uk1hri.dreamwp.com/sugar/home/files/application-77f549ec32b2c1c63d20e3c4cf24c1fc2a6bd2a93bdd76558283286fdb88ca91.js
Requested by
Host: u7uk1hri.dreamwp.com
URL: https://u7uk1hri.dreamwp.com/sugar/home/medical.php?cmd=7961972f6981a266486bfed508a75065
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:fd80:a222:bbbb:bba5:a1:ffff:ffff , United Arab Emirates, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU),
Reverse DNS
Software
nginx /
Resource Hash
6538ed6f66ab214d887a8764b9d97a988cf1e555f0693fe5395546919b20e239

Request headers

accept-language
en-US,en;q=0.9
Referer
https://u7uk1hri.dreamwp.com/sugar/home/medical.php?cmd=7961972f6981a266486bfed508a75065
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 15:14:02 GMT
content-encoding
gzip
last-modified
Fri, 24 Mar 2023 19:16:58 GMT
server
nginx
etag
W/"641df72a-89107"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
expires
Fri, 26 May 2023 15:14:02 GMT
icon-visible-active-402d81fd99fe281230bdf39a8bf63c1d3012f790fb521b1c1f0624296eac4be7.svg
u7uk1hri.dreamwp.com/assets/app/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u7uk1hri.dreamwp.com/assets/app/icon-visible-active-402d81fd99fe281230bdf39a8bf63c1d3012f790fb521b1c1f0624296eac4be7.svg
Requested by
Host: u7uk1hri.dreamwp.com
URL: https://u7uk1hri.dreamwp.com/sugar/home/files/application-351b7dc0d6dbf18a49e6d410a2e1900b5db113e6504f64b58eec19e35d9b1030.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:fd80:a222:bbbb:bba5:a1:ffff:ffff , United Arab Emirates, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU),
Reverse DNS
Software
nginx / PHP/7.3.33
Resource Hash
3e24fd84d86a0e3e300ebf6bf92408df8d0fbf45b9dc2661e0384f5547c5fe4f

Request headers

accept-language
en-US,en;q=0.9
Referer
https://u7uk1hri.dreamwp.com/sugar/home/files/application-351b7dc0d6dbf18a49e6d410a2e1900b5db113e6504f64b58eec19e35d9b1030.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 15:14:06 GMT
content-encoding
gzip
server
nginx
x-powered-by
PHP/7.3.33
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cache-control
no-cache, must-revalidate, max-age=0
link
<https://u7uk1hri.dreamwp.com/wp-json/>; rel="https://api.w.org/"
content-length
10967
expires
Wed, 11 Jan 1984 05:00:00 GMT
Graphik-Regular-Web-aeabadfcbec89b7a55d9a65893d93f275b406984811f8236b60bc9d9a7653360.woff2
u7uk1hri.dreamwp.com/assets/graphik/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://u7uk1hri.dreamwp.com/assets/graphik/Graphik-Regular-Web-aeabadfcbec89b7a55d9a65893d93f275b406984811f8236b60bc9d9a7653360.woff2
Requested by
Host: u7uk1hri.dreamwp.com
URL: https://u7uk1hri.dreamwp.com/sugar/home/files/core-63e737142547145b29093fe91f0056e653a0fab2cb9cb1049bbda4158c991e40.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:fd80:a222:bbbb:bba5:a1:ffff:ffff , United Arab Emirates, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU),
Reverse DNS
Software
nginx / PHP/7.3.33
Resource Hash

Request headers

Referer
https://u7uk1hri.dreamwp.com/sugar/home/files/core-63e737142547145b29093fe91f0056e653a0fab2cb9cb1049bbda4158c991e40.css
Origin
https://u7uk1hri.dreamwp.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 15:14:06 GMT
content-encoding
gzip
server
nginx
x-powered-by
PHP/7.3.33
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cache-control
no-cache, must-revalidate, max-age=0
link
<https://u7uk1hri.dreamwp.com/wp-json/>; rel="https://api.w.org/"
content-length
10967
expires
Wed, 11 Jan 1984 05:00:00 GMT
Graphik-Regular-Web-7dfd8a5140355bdddf118fb75ad563f47fd8d4fd85d4f185c8bd894cf821069b.woff
u7uk1hri.dreamwp.com/assets/graphik/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://u7uk1hri.dreamwp.com/assets/graphik/Graphik-Regular-Web-7dfd8a5140355bdddf118fb75ad563f47fd8d4fd85d4f185c8bd894cf821069b.woff
Requested by
Host: u7uk1hri.dreamwp.com
URL: https://u7uk1hri.dreamwp.com/sugar/home/files/core-63e737142547145b29093fe91f0056e653a0fab2cb9cb1049bbda4158c991e40.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:fd80:a222:bbbb:bba5:a1:ffff:ffff , United Arab Emirates, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU),
Reverse DNS
Software
nginx / PHP/7.3.33
Resource Hash

Request headers

Referer
https://u7uk1hri.dreamwp.com/sugar/home/files/core-63e737142547145b29093fe91f0056e653a0fab2cb9cb1049bbda4158c991e40.css
Origin
https://u7uk1hri.dreamwp.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 15:14:06 GMT
content-encoding
gzip
server
nginx
x-powered-by
PHP/7.3.33
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cache-control
no-cache, must-revalidate, max-age=0
link
<https://u7uk1hri.dreamwp.com/wp-json/>; rel="https://api.w.org/"
content-length
10967
expires
Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Coinbase (Crypto Exchange)

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery function| _classCallCheck function| _inherits function| downloadDeferedImg function| ECB function| ECBlocks function| Version function| buildVersions function| PerspectiveTransform function| DetectorResult function| Detector function| FormatInformation function| ErrorCorrectionLevel function| BitMatrix function| DataBlock function| BitMatrixParser function| DataMask000 function| DataMask001 function| DataMask010 function| DataMask011 function| DataMask100 function| DataMask101 function| DataMask110 function| DataMask111 function| ReedSolomonDecoder function| GF256Poly function| GF256 function| URShift function| FinderPattern function| FinderPatternInfo function| FinderPatternFinder function| AlignmentPattern function| AlignmentPatternFinder function| QRCodeDataBlockReader undefined| swfobject undefined| _createClass undefined| _get undefined| JumioMobileUploadsIndex undefined| stateInfo undefined| FORMAT_INFO_MASK_QR undefined| FORMAT_INFO_DECODE_LOOKUP undefined| BITS_SET_IN_HALF_BYTE undefined| L undefined| M undefined| Q undefined| H undefined| FOR_BITS undefined| MIN_SKIP undefined| MAX_MODULES undefined| INTEGER_MATH_SHIFT undefined| CENTER_QUORUM undefined| f undefined| g undefined| h undefined| k undefined| m undefined| n undefined| q undefined| PUBLIC_PAGEVIEW_EVENT_WHITE_LIST object| Bugsnag undefined| request string| csrf_token string| csrf_param

1 Cookies

Domain/Path Name / Value
u7uk1hri.dreamwp.com/ Name: PHPSESSID
Value: d701452018343664f24101d24810122a

4 Console Messages

Source Level URL
Text
network error URL: https://u7uk1hri.dreamwp.com/sugar/home/files/cds.de3ee9bfa7f8cd381471.css
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://u7uk1hri.dreamwp.com/assets/app/icon-visible-active-402d81fd99fe281230bdf39a8bf63c1d3012f790fb521b1c1f0624296eac4be7.svg
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://u7uk1hri.dreamwp.com/assets/graphik/Graphik-Regular-Web-aeabadfcbec89b7a55d9a65893d93f275b406984811f8236b60bc9d9a7653360.woff2
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://u7uk1hri.dreamwp.com/assets/graphik/Graphik-Regular-Web-7dfd8a5140355bdddf118fb75ad563f47fd8d4fd85d4f185c8bd894cf821069b.woff
Message:
Failed to load resource: the server responded with a status of 404 ()