urlscan.io logo urlscan.io
SecurityTrails logo

wickedletters.com Open in urlscan Pro
2a02:4780:27:1614:0:103c:762c:5  Public Scan

Go To Rescan Add Verdict Report
URL: https://wickedletters.com/
Submission Tags: phishingrod
Submission: On July 25 via api from DE — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 2a02:4780:27:1614:0:103c:762c:5, located in Paris, France and belongs to AS-HOSTINGER, CY. The main domain is wickedletters.com.
TLS certificate: Issued by WR1 on July 25th 2024. Valid for: 3 months.
This is the only time wickedletters.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 2a02:4780:27:... 47583 (AS-HOSTINGER)
3 2400:52e0:1e0... 60068 (CDN77 _)
2 194.164.74.56 47583 (AS-HOSTINGER)
8 4
Apex Domain
Subdomains		 Transfer
5 wickedletters.com
wickedletters.com
82 KB
3 bunny.net
fonts.bunny.net — Cisco Umbrella Rank: 15346
31 KB
8 2
Domain Requested by
5 wickedletters.com wickedletters.com
3 fonts.bunny.net wickedletters.com
fonts.bunny.net
8 2

This site contains links to these domains. Also see Links.

Domain
www.typotheque.com
rosettatype.com
www.instagram.com
Subject Issuer Validity Valid
wickedletters.com
WR1		 2024-07-25 -
2024-10-23		 3 months crt.sh
fonts.bunny.net
R11		 2024-07-06 -
2024-10-04		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://wickedletters.com/
Frame ID: FC96AAA44B8FC7D28D7B80CE2A548E2E
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Wicked Letters

Detected technologies

Overall confidence: 75%
Detected patterns
  • <[^>]+[^\w-]x-data[^\w-][^<]+

Page Statistics

8
Requests

100 %
HTTPS

67 %
IPv6

2
Domains

2
Subdomains

4
IPs

2
Countries

113 kB
Transfer

223 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
wickedletters.com/ 		18 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wickedletters.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:27:1614:0:103c:762c:5 Paris, France, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
f4fd2ae29a091ddb409ab9f3dde792e264d980fe2050d2ecb417605a0264fc52
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-length
3696
content-security-policy
upgrade-insecure-requests
content-type
text/html
date
Thu, 25 Jul 2024 08:41:54 GMT
etag
"48cf-66a20e8b-1ff36ccd0ed89b3c;br"
last-modified
Thu, 25 Jul 2024 08:36:27 GMT
platform
hostinger
server
LiteSpeed
vary
Accept-Encoding
index-C74azAxa.js
wickedletters.com/assets/ 		44 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wickedletters.com/assets/index-C74azAxa.js
Requested by
Host: wickedletters.com
URL: https://wickedletters.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:27:1614:0:103c:762c:5 Paris, France, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
173f548d991aa146e9d3563a46478dd3f29f78314736999c6fc937e23643447e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Referer
https://wickedletters.com/
Origin
https://wickedletters.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 08:41:54 GMT
content-encoding
br
content-security-policy
upgrade-insecure-requests
last-modified
Thu, 25 Jul 2024 08:36:27 GMT
server
LiteSpeed
etag
"af76-66a20e8b-c4c98e9dcfccf5a1;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
15730
expires
Thu, 01 Aug 2024 08:41:54 GMT
index-D6jsvaBf.css
wickedletters.com/assets/ 		10 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wickedletters.com/assets/index-D6jsvaBf.css
Requested by
Host: wickedletters.com
URL: https://wickedletters.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:27:1614:0:103c:762c:5 Paris, France, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
64039f6b7689cc4ae132d6fedae067976aabe56ee346cc2148548f1b209c6bd6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Referer
https://wickedletters.com/
Origin
https://wickedletters.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 08:41:54 GMT
content-encoding
br
content-security-policy
upgrade-insecure-requests
last-modified
Thu, 25 Jul 2024 08:36:27 GMT
server
LiteSpeed
etag
"2680-66a20e8b-878eb0140212c9e9;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
2689
expires
Thu, 01 Aug 2024 08:41:54 GMT
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c12684fb2807281e86e69c3462de707b415b08f6f5f6cfeb58e3fd64478663ff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
css
fonts.bunny.net/ 		61 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.bunny.net/css?family=noto-sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Requested by
Host: wickedletters.com
URL: https://wickedletters.com/assets/index-D6jsvaBf.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 /
Resource Hash
e55dd35ae5bd20e27d3af390f6cf2849bc2ad94e712c210c4bd1c8c7568d7704

Request headers

Referer
https://wickedletters.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 08:41:54 GMT
content-encoding
br
cdn-edgestorageid
1079
cdn-cachedat
07/19/2024 12:20:28
cdn-pullzone
781720
last-modified
Fri, 19 Jul 2024 12:20:28 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=2592000
cdn-requestid
ef38d197dc6a6cac1282176a0f568115
cdn-requestcountrycode
GB
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
Persepolis2-Regular-7gG2jxam.otf
wickedletters.com/assets/ 		59 KB
60 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://wickedletters.com/assets/Persepolis2-Regular-7gG2jxam.otf
Requested by
Host: wickedletters.com
URL: https://wickedletters.com/assets/index-D6jsvaBf.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
194.164.74.56 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
b48183bfd99b57ec0d1b1d55068def243862b25a8f3d5500eeef58b37f84e413
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Referer
https://wickedletters.com/assets/index-D6jsvaBf.css
Origin
https://wickedletters.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 08:41:54 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Thu, 25 Jul 2024 08:36:27 GMT
server
LiteSpeed
etag
"ed04-66a20e8b-ec45d8b67f2f057a;;;"
content-type
application/x-font-woff
accept-ranges
bytes
platform
hostinger
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
60676
noto-sans-latin-600-normal.woff2
fonts.bunny.net/noto-sans/files/ 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.bunny.net/noto-sans/files/noto-sans-latin-600-normal.woff2
Requested by
Host: fonts.bunny.net
URL: https://fonts.bunny.net/css?family=noto-sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 /
Resource Hash
6470d1e84ba7ef11de10c4f6a43e9fb5681f654ee45b07ccd951241b353568eb

Request headers

Referer
https://fonts.bunny.net/css?family=noto-sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Origin
https://wickedletters.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 08:41:54 GMT
cdn-edgestorageid
1080
cdn-storageserver
DE-676
cdn-cachedat
06/25/2024 13:36:33
cdn-pullzone
781720
content-length
14424
last-modified
Thu, 06 Jul 2023 08:07:37 GMT
server
BunnyCDN-DE1-1082
cdn-fileserver
635
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
"64a67649-3858"
content-type
font/woff2
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=2592000
cdn-requestid
56820db2e44b985573d68a60d11ccfd3
accept-ranges
bytes
cdn-requestcountrycode
GB
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
noto-sans-latin-400-normal.woff2
fonts.bunny.net/noto-sans/files/ 		13 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.bunny.net/noto-sans/files/noto-sans-latin-400-normal.woff2
Requested by
Host: fonts.bunny.net
URL: https://fonts.bunny.net/css?family=noto-sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 /
Resource Hash
4c0aea6139bcfbb5d8295db45717b7dab4b1ea854564068c5cac0c2cefc679fd

Request headers

Referer
https://fonts.bunny.net/css?family=noto-sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Origin
https://wickedletters.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 08:41:54 GMT
cdn-edgestorageid
1082
cdn-storageserver
DE-676
cdn-cachedat
07/01/2024 15:57:18
cdn-pullzone
781720
content-length
13336
last-modified
Sun, 30 Jun 2024 18:03:16 GMT
server
BunnyCDN-DE1-1082
cdn-fileserver
656
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
"66819de4-3418"
content-type
font/woff2
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=2592000
cdn-requestid
50d2c4422e33b08d08ddb8b61715dd22
accept-ranges
bytes
cdn-requestcountrycode
GB
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
LOGO-CvB_fUlp.svg
wickedletters.com/assets/ 		2 KB
656 B 		Other
General
Check archive.org
Download Go to
Full URL
https://wickedletters.com/assets/LOGO-CvB_fUlp.svg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
194.164.74.56 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
c6494d651fed62dcf771564d978a0c660a4a174e0d7f16174a7d7023b8f22425
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Referer
https://wickedletters.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 08:41:55 GMT
content-encoding
br
content-security-policy
upgrade-insecure-requests
last-modified
Thu, 25 Jul 2024 08:36:27 GMT
server
LiteSpeed
etag
"851-66a20e8b-417af93224eb7b85;br"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
507
expires
Thu, 01 Aug 2024 08:41:55 GMT

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| stretchText function| specialEffects object| Alpine

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests