www.sleepyhollowrenfaire.com Open in urlscan Pro
132.148.236.168 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.sleepyhollowrenfaire.com/OptusNet/login/login.php
Submission: On January 17 via api (January 17th 2023, 5:15:33 am UTC) from FR — Scanned from AU

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 16 HTTP transactions. The main IP is 132.148.236.168, located in United States and belongs to GO-DADDY-COM-LLC, US. The main domain is www.sleepyhollowrenfaire.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 6th 2023. Valid for: 3 months.

This is the only time www.sleepyhollowrenfaire.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Optus (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
10	132.148.236.168 132.148.236.168	398101 (GO-DADDY-...) (GO-DADDY-COM-LLC)
1	69.16.175.42 69.16.175.42	20446 (STACKPATH...) (STACKPATH-CDN)
2	104.16.87.20 104.16.87.20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	23.67.57.9 23.67.57.9	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	104.70.235.49 104.70.235.49	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
16	6

10 132.148.236.168 (United States)

ASN398101 (GO-DADDY-COM-LLC, US)
PTR: 168.236.148.132.host.secureserver.net

www.sleepyhollowrenfaire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: tlb.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.87.20 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.67.57.9 (Central, Hong Kong) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-67-57-9.deploy.static.akamaitechnologies.com

img1.wsimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img6.wsimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.70.235.49 (Central, Hong Kong)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-70-235-49.deploy.static.akamaitechnologies.com

events.api.secureserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	sleepyhollowrenfaire.com www.sleepyhollowrenfaire.com	540 KB
2	secureserver.net events.api.secureserver.net — Cisco Umbrella Rank: 12951	600 B
2	wsimg.com 1 redirects img1.wsimg.com — Cisco Umbrella Rank: 8965 img6.wsimg.com — Cisco Umbrella Rank: 11247	12 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 357	14 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 672	33 KB
16	5

	Domain	Requested by
10	www.sleepyhollowrenfaire.com	www.sleepyhollowrenfaire.com
2	events.api.secureserver.net	img1.wsimg.com
2	cdn.jsdelivr.net	www.sleepyhollowrenfaire.com
1	img6.wsimg.com	www.sleepyhollowrenfaire.com
1	img1.wsimg.com	1 redirects
1	code.jquery.com	www.sleepyhollowrenfaire.com
16	6

This site contains no links.

Subject Issuer	Validity	Valid
sleepyhollowrenfaire.com cPanel, Inc. Certification Authority	`2023-01-06` - `2023-04-06`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
*.api.secureserver.net Starfield Secure Certificate Authority - G2	`2022-08-05` - `2023-09-06`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.sleepyhollowrenfaire.com/OptusNet/login/login.php
Frame ID: 225C34EBAEE05F15DD707C73A1A035A9
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

My Account Login - Optus

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

16
Requests

94 %
HTTPS

0 %
IPv6

5
Domains

6
Subdomains

6
IPs

3
Countries

599 kB
Transfer

4423 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 302
https://img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js

16 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request login.php Show response
www.sleepyhollowrenfaire.com/OptusNet/login/ 53 KB
8 KB 745ms
251ms Document
text/html 132.148.236.168
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 132.148.236.168 , United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS: 168.236.148.132.host.secureserver.net
Software: Apache / PHP/7.4.33
Resource Hash: b5e25e2f7678b54373d0c5bc706653074a3384095cfcb185daf314505f7e2916

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

content-encoding: br
content-length: 7712
content-type: text/html; charset=UTF-8
date: Tue, 17 Jan 2023 05:15:26 GMT
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

GET
H2 200 lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
www.sleepyhollowrenfaire.com/OptusNet/login/files/ 493 KB
45 KB 741ms
740ms Stylesheet
text/css 132.148.236.168
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
Requested by: Host: www.sleepyhollowrenfaire.com
URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 132.148.236.168 , United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS: 168.236.148.132.host.secureserver.net
Software: Apache /
Resource Hash: bb56cea5f5f48414b5504b157a9420e6f159896a168ea9e6ff5e4ee9547de77a

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.sleepyhollowrenfaire.com/OptusNet/login/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 05:15:26 GMT
content-encoding: br
last-modified: Mon, 22 Aug 2022 05:42:22 GMT
server: Apache
etag: "1a84aa0-7b441-5e6cde965cb80-br"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 45556

GET
H2 200 lux.49c32e08060172d8b8758ebe235b7642.css
www.sleepyhollowrenfaire.com/OptusNet/login/files/ 3 MB
231 KB 268ms
266ms Stylesheet
text/css 132.148.236.168
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/lux.49c32e08060172d8b8758ebe235b7642.css
Requested by: Host: www.sleepyhollowrenfaire.com
URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 132.148.236.168 , United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS: 168.236.148.132.host.secureserver.net
Software: Apache /
Resource Hash: 682892b4c0711d6936022fe0f066d42e909e3824f60c2e47eaef7a92c451e321

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.sleepyhollowrenfaire.com/OptusNet/login/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 05:15:26 GMT
content-encoding: br
last-modified: Mon, 22 Aug 2022 05:42:22 GMT
server: Apache
etag: "1a84aa1-35cc4c-5e6cde965cb80-br"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes

GET
H2 200 jquery-1.11.1.min.js Show response
code.jquery.com/ 94 KB
33 KB 881ms
400ms Script
application/javascript 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.11.1.min.js
Requested by: Host: www.sleepyhollowrenfaire.com
URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/login.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: tlb.hwcdn.net
Software: nginx /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.sleepyhollowrenfaire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 05:15:27 GMT
content-encoding: gzip
x-sp-metadata: HS256.CP/5mJ4GEooBCiQ2MTBkNWZjYy0yZDNhLTQ3YTktYWYwNi01MWZiMGE0ZTJlNjUQ+OiCoKvU+wIaBgjv3ZieBiIPMTAzLjIwOS4yNTQuMTM3KPa7AjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGiwIARIkNzBkOGQyN2QtZWY5MC00NjA1LThhY2MtMzdlMGMyMzMyODE3GLKDAiIYCAISFGNkczIzMS5sYTMuaHdjZG4ubmV0.9RAL3FSgtfJmdbiz+gciGuit26K4BlrCAwXV3cNN/O8=
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
server: nginx
etag: W/"620cd6ff-1762a"
vary: Accept-Encoding
x-hw: 1673932527.dop008.la3.t,1673932527.cds262.la3.hn,1673932527.cds231.la3.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 33202

GET
H2 200 jquery.validate.min.js Show response
cdn.jsdelivr.net/jquery.validation/1.16.0/ 23 KB
8 KB 279ms
98ms Script
application/javascript 104.16.87.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/jquery.validation/1.16.0/jquery.validate.min.js

Requested by

Host: www.sleepyhollowrenfaire.com
URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.87.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50e497b00818378dcffe856b994f89947b620c66163768879c9b8a63d583f898

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.sleepyhollowrenfaire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 05:15:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 26077673
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19121-FRA, cache-mel11235-MEL
server: cloudflare
etag: W/"5a1e-IUhhlLqiLrEVX+mL969jFOd3PMc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c99QaWPQJJJFfaxgo0CnxUtrPw6uSx4ziOtA7K0PzprBRiPd1nrcagGZefn7CwB2ub3nuuYidO8Q5vMwoxiQB%2BPViU9F340ik2J8cFepqM%2FhXNHj5T385YLd3ahRwUOK8%2Bw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 78ac9cf5cedf5aa4-MEL

GET
H2 200 additional-methods.min.js Show response
cdn.jsdelivr.net/jquery.validation/1.16.0/ 17 KB
6 KB 290ms
109ms Script
application/javascript 104.16.87.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/jquery.validation/1.16.0/additional-methods.min.js

Requested by

Host: www.sleepyhollowrenfaire.com
URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.87.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b1554032d2cfbf0e858518df6460b2b4336be2cfb1f188dfd1108a3ae50b2e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.sleepyhollowrenfaire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 05:15:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 26077673
content-encoding: br
x-cache: MISS, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19152-FRA, cache-mel11246-MEL
server: cloudflare
etag: W/"4587-uIBUYLV1S+ixaiI99zfZV32kwYI"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cDeNQRCvHxQs0jS9X6T6jvVVYB83n3ur%2B37f7kcsxoqCdxfNDTBrAH3PriZzNw7BSpLvixMHzTreOUT65%2B7Jsi%2B23qZig%2BBsa2lQlBhOkv4uqxyqY59Fzv3BvZ6IO2xNEPE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 78ac9cf5cee65aa4-MEL

GET
H2 200 login.js Show response
www.sleepyhollowrenfaire.com/OptusNet/login/files/ 545 B
330 B 238ms
237ms Script
application/javascript 132.148.236.168
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/login.js
Requested by: Host: www.sleepyhollowrenfaire.com
URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 132.148.236.168 , United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS: 168.236.148.132.host.secureserver.net
Software: Apache /
Resource Hash: 37fa54090471f5b10ee622d15acf84bbda09b286defce156ec3952e399be0794

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.sleepyhollowrenfaire.com/OptusNet/login/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 05:15:26 GMT
content-encoding: br
last-modified: Mon, 22 Aug 2022 05:42:22 GMT
server: Apache
etag: "1a84a9b-221-5e6cde965cb80-br"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 228

GET
H2

200

tccl.min.js Show response
img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/
Redirect Chain

https://img1.wsimg.com/traffic-assets/js/tccl.min.js
https://img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js

45 KB
12 KB

209ms
204ms

Script
application/javascript

23.67.57.9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js
Requested by: Host: www.sleepyhollowrenfaire.com
URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/login.php
Protocol: H2
Server: 23.67.57.9 Central, Hong Kong, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-67-57-9.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d10c120206d25caa3deafc45a0ed90f2a6ce5290402c4502a68d95bcaeaa898b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.sleepyhollowrenfaire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-amz-version-id: sTnOEJpl_Bn63xNm3Yru0HbQaHbS55CR
content-encoding: br
date: Tue, 17 Jan 2023 05:15:27 GMT
x-amz-request-id: SW42RCTKTQJH3SB5
x-amz-server-side-encryption: AES256
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 11347
x-amz-id-2: SOgzPYjoNVqHmzSUdDQxjVjpOcgl04n3arSWjBq/s2doz6LRg79tFfSvSDtud9Y0icsa8uPNWH0=
last-modified: Tue, 29 Nov 2022 21:30:05 GMT
etag: "5c3e20ad749ddb088afc84b1b7ff009e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

Redirect headers

location: https://img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js
access-control-allow-origin: *
date: Tue, 17 Jan 2023 05:15:27 GMT
cache-control: max-age=1800
timing-allow-origin: *
content-length: 0
expires: Tue, 17 Jan 2023 05:45:27 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eea41981c12ea68bbb642bc6fccdcfce8ce0c6ac21f998c6621a486db6f8e004

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ee10f7196c1b125a3b8222341465bf5e.woff
www.sleepyhollowrenfaire.com/OptusNet/login/files/ 65 KB
66 KB 240ms
240ms Font
font/woff 132.148.236.168
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/ee10f7196c1b125a3b8222341465bf5e.woff
Requested by: Host: www.sleepyhollowrenfaire.com
URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 132.148.236.168 , United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS: 168.236.148.132.host.secureserver.net
Software: Apache /
Resource Hash: 7b1443ccd9f5702ad832d5f8f58cd7955da80b6be466208e37900863097dbb12

Request headers

Referer: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
Origin: https://www.sleepyhollowrenfaire.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 05:15:28 GMT
content-encoding: br
last-modified: Mon, 22 Aug 2022 05:42:22 GMT
server: Apache
etag: "1a84a9c-103f8-5e6cde965cb80-br"
vary: Accept-Encoding
content-type: font/woff
accept-ranges: bytes
content-length: 66557

GET
H2 200 507b76aa0351c57ece90f02239b62ba3.woff
www.sleepyhollowrenfaire.com/OptusNet/login/files/ 66 KB
67 KB 241ms
241ms Font
font/woff 132.148.236.168
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/507b76aa0351c57ece90f02239b62ba3.woff
Requested by: Host: www.sleepyhollowrenfaire.com
URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 132.148.236.168 , United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS: 168.236.148.132.host.secureserver.net
Software: Apache /
Resource Hash: 06e6ac46fef95be90de802cbf8f07aefa9d2c9416ea8e32bccef5d526bb96e5f

Request headers

Referer: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
Origin: https://www.sleepyhollowrenfaire.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 05:15:28 GMT
content-encoding: br
last-modified: Mon, 22 Aug 2022 05:42:22 GMT
server: Apache
etag: "1a84aa3-108f0-5e6cde965cb80-br"
vary: Accept-Encoding
content-type: font/woff
accept-ranges: bytes
content-length: 67829

GET
H2 200 b7b268c962e2855acf62186c96a55466.woff
www.sleepyhollowrenfaire.com/OptusNet/login/files/ 66 KB
67 KB 241ms
240ms Font
font/woff 132.148.236.168
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/b7b268c962e2855acf62186c96a55466.woff
Requested by: Host: www.sleepyhollowrenfaire.com
URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 132.148.236.168 , United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS: 168.236.148.132.host.secureserver.net
Software: Apache /
Resource Hash: 4447d75f8502cc1989762d2281eb12cf991055b71f94215ad2b3d6aca6295ab7

Request headers

Referer: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
Origin: https://www.sleepyhollowrenfaire.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 05:15:28 GMT
content-encoding: br
last-modified: Mon, 22 Aug 2022 05:42:22 GMT
server: Apache
etag: "1a84a9e-108e0-5e6cde965cb80-br"
vary: Accept-Encoding
content-type: font/woff
accept-ranges: bytes
content-length: 67813

GET
H2 404 cdf06c294d7cc3d6664b0dc9edf2c7ea.woff
www.sleepyhollowrenfaire.com/OptusNet/login/files/assets/fonts/lux-icons/ 0
0 238ms
238ms Font
text/html 132.148.236.168
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/assets/fonts/lux-icons/cdf06c294d7cc3d6664b0dc9edf2c7ea.woff
Requested by: Host: www.sleepyhollowrenfaire.com
URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/lux.49c32e08060172d8b8758ebe235b7642.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 132.148.236.168 , United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS: 168.236.148.132.host.secureserver.net
Software: Apache /
Resource Hash

Request headers

Referer: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/lux.49c32e08060172d8b8758ebe235b7642.css
Origin: https://www.sleepyhollowrenfaire.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 05:15:28 GMT
server: Apache
content-length: 315
content-type: text/html; charset=iso-8859-1

GET
H2 404 e1055008ac141ccf27da8fbe95009134.ttf
www.sleepyhollowrenfaire.com/OptusNet/login/files/assets/fonts/lux-icons/ 0
0 239ms
237ms Font
text/html 132.148.236.168
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/assets/fonts/lux-icons/e1055008ac141ccf27da8fbe95009134.ttf
Requested by: Host: www.sleepyhollowrenfaire.com
URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 132.148.236.168 , United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS: 168.236.148.132.host.secureserver.net
Software: Apache /
Resource Hash

Request headers

Referer: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
Origin: https://www.sleepyhollowrenfaire.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 05:15:28 GMT
server: Apache
content-length: 315
content-type: text/html; charset=iso-8859-1

GET
H2 200 event Show response
events.api.secureserver.net/t/1/tl/ 43 B
300 B 1276ms
644ms XHR
image/gif 104.70.235.49
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://events.api.secureserver.net/t/1/tl/event?cts=1673932528701&dh=www.sleepyhollowrenfaire.com&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F109.0.5414.74%20Safari%2F537.36&vci=728485955&cv=2.0.1&z=1544112483&vg=9347e4b8-87ab-5eda-a6ee-d81c69e96ced&vtg=9347e4b8-87ab-5eda-a6ee-d81c69e96ced&dp=%2FOptusNet%2Flogin%2Flogin.php&ap=cpbh-mt&trfd=%7B%22ap%22%3A%22cpbh-mt%22%2C%22server%22%3A%22p3plmcpnl497201%22%2C%22dcenter%22%3A%22p3%22%2C%22cp_id%22%3A%222776882%22%7D&hit_id=933c0cff-de5b-5f5a-b550-d22e265fca94&ht=pageview

Requested by

Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.70.235.49 Central, Hong Kong, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a104-70-235-49.deploy.static.akamaitechnologies.com

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.sleepyhollowrenfaire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
date: Tue, 17 Jan 2023 05:15:30 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/gif
access-control-allow-origin: https://www.sleepyhollowrenfaire.com
cache-control: private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 43
x-xss-protection: 1; mode=block

GET
H2 200 cdf06c294d7cc3d6664b0dc9edf2c7ea.woff
www.sleepyhollowrenfaire.com/OptusNet/login/files/ 56 KB
57 KB 239ms
239ms Font
font/woff 132.148.236.168
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/cdf06c294d7cc3d6664b0dc9edf2c7ea.woff
Requested by: Host: www.sleepyhollowrenfaire.com
URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 132.148.236.168 , United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS: 168.236.148.132.host.secureserver.net
Software: Apache /
Resource Hash: abb2805631568056488332283a9cde15bb8fe0c2100d41963f673dba10d0fd8f

Request headers

Referer: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
Origin: https://www.sleepyhollowrenfaire.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 05:15:29 GMT
content-encoding: br
last-modified: Mon, 22 Aug 2022 05:42:22 GMT
server: Apache
etag: "1a84aa6-e0d4-5e6cde965cb80-br"
vary: Accept-Encoding
content-type: font/woff
accept-ranges: bytes
content-length: 57560

GET
H2 200 event Show response
events.api.secureserver.net/t/1/tl/ 43 B
300 B 980ms
354ms XHR
image/gif 104.70.235.49
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://events.api.secureserver.net/t/1/tl/event?cts=1673932529066&dh=www.sleepyhollowrenfaire.com&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F109.0.5414.74%20Safari%2F537.36&vci=728485955&cv=2.0.1&z=1149644814&vg=9347e4b8-87ab-5eda-a6ee-d81c69e96ced&vtg=9347e4b8-87ab-5eda-a6ee-d81c69e96ced&dp=%2FOptusNet%2Flogin%2Flogin.php&ap=cpbh-mt&trfd=%7B%22ap%22%3A%22cpbh-mt%22%2C%22server%22%3A%22p3plmcpnl497201%22%2C%22dcenter%22%3A%22p3%22%2C%22cp_id%22%3A%222776882%22%7D&hit_id=bd49645b-0f1b-5d66-b044-e0e3a8ebd79a&ht=perf&tce=1673932526527&tcs=1673932526050&tdc=1673932529059&tdclee=1673932528715&tdcles=1673932528713&tdi=1673932528713&tdl=1673932526781&tdle=1673932526050&tdls=1673932526033&tfs=1673932526032&tns=1673932526032&trqs=1673932526527&tre=1673932526779&trps=1673932526778&tles=1673932529059&tlee=0&nt=navigate&lcp=2653&nav_type=hard

Requested by

Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.70.235.49 Central, Hong Kong, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a104-70-235-49.deploy.static.akamaitechnologies.com

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.sleepyhollowrenfaire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
date: Tue, 17 Jan 2023 05:15:29 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/gif
access-control-allow-origin: https://www.sleepyhollowrenfaire.com
cache-control: private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 43
x-xss-protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Optus (Telecommunication)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.sleepyhollowrenfaire.com/	1970-01-20 17:44:28	Name: _tccl_visitor Value: 9347e4b8-87ab-5eda-a6ee-d81c69e96ced
			.sleepyhollowrenfaire.com/	1970-01-20 08:58:54	Name: _tccl_visit Value: 9347e4b8-87ab-5eda-a6ee-d81c69e96ced

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/assets/fonts/lux-icons/cdf06c294d7cc3d6664b0dc9edf2c7ea.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.sleepyhollowrenfaire.com/OptusNet/login/files/assets/fonts/lux-icons/e1055008ac141ccf27da8fbe95009134.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
code.jquery.com
events.api.secureserver.net
img1.wsimg.com
img6.wsimg.com
www.sleepyhollowrenfaire.com
104.16.87.20
104.70.235.49
132.148.236.168
23.67.57.9
69.16.175.42
06e6ac46fef95be90de802cbf8f07aefa9d2c9416ea8e32bccef5d526bb96e5f
37fa54090471f5b10ee622d15acf84bbda09b286defce156ec3952e399be0794
4447d75f8502cc1989762d2281eb12cf991055b71f94215ad2b3d6aca6295ab7
50e497b00818378dcffe856b994f89947b620c66163768879c9b8a63d583f898
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
682892b4c0711d6936022fe0f066d42e909e3824f60c2e47eaef7a92c451e321
7b1443ccd9f5702ad832d5f8f58cd7955da80b6be466208e37900863097dbb12
8b1554032d2cfbf0e858518df6460b2b4336be2cfb1f188dfd1108a3ae50b2e8
abb2805631568056488332283a9cde15bb8fe0c2100d41963f673dba10d0fd8f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b5e25e2f7678b54373d0c5bc706653074a3384095cfcb185daf314505f7e2916
bb56cea5f5f48414b5504b157a9420e6f159896a168ea9e6ff5e4ee9547de77a
d10c120206d25caa3deafc45a0ed90f2a6ce5290402c4502a68d95bcaeaa898b
eea41981c12ea68bbb642bc6fccdcfce8ce0c6ac21f998c6621a486db6f8e004

www.sleepyhollowrenfaire.com Open in urlscan Pro 132.148.236.168 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

94 %HTTPS

0 %IPv6

5 Domains

6 Subdomains

6 IPs

3 Countries

599 kBTransfer

4423 kBSize

2 Cookies

0 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

2 Cookies

2 Console Messages

Indicators

www.sleepyhollowrenfaire.com Open in urlscan Pro
132.148.236.168 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

94 %
HTTPS

0 %
IPv6

5
Domains

6
Subdomains

6
IPs

3
Countries

599 kB
Transfer

4423 kB
Size

2
Cookies

16 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!