eu.visitorletterword.xyz Open in urlscan Pro
2606:4700:3034::ac43:d22f Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQ...
Submission: On August 15 via manual (August 15th 2020, 10:36:03 am UTC) from IL

Summary HTTP 15 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 5 domains to perform 15 HTTP transactions. The main IP is 2606:4700:3034::ac43:d22f, located in United States and belongs to CLOUDFLARENET, US. The main domain is eu.visitorletterword.xyz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 27th 2020. Valid for: a year.

This is the only time eu.visitorletterword.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
14	2606:4700:303... 2606:4700:3034::ac43:d22f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	54.194.14.156 54.194.14.156	16509 (AMAZON-02) (AMAZON-02)
1 1	2606:4700:303... 2606:4700:3034::ac43:c3d4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:303... 2606:4700:3031::681c:908	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3035::6812:37d3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	2

14 2606:4700:3034::ac43:d22f (United States)

ASN13335 (CLOUDFLARENET, US)

eu.visitorletterword.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.14.156 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-14-156.eu-west-1.compute.amazonaws.com

metatep.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3034::ac43:c3d4 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

starforallgenerations.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::681c:908 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

hitthattarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6812:37d3 (United States)

ASN13335 (CLOUDFLARENET, US)

mrng00.got2have8.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	visitorletterword.xyz eu.visitorletterword.xyz	120 KB
1	got2have8.com mrng00.got2have8.com
1	hitthattarget.com 1 redirects hitthattarget.com	766 B
1	starforallgenerations.com 1 redirects starforallgenerations.com	432 B
1	metatep.com 1 redirects metatep.com	748 B
15	5

	Domain	Requested by
14	eu.visitorletterword.xyz	eu.visitorletterword.xyz
1	mrng00.got2have8.com	eu.visitorletterword.xyz
1	hitthattarget.com	1 redirects
1	starforallgenerations.com	1 redirects
1	metatep.com	1 redirects
15	5

This site contains links to these domains. Also see Links.

Domain
www.lijits.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-27` - `2021-07-27`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0
Frame ID: 4F43C31C4896DCF38AACCF8754448B8A
Requests: 14 HTTP requests in this frame

Frame: https://mrng00.got2have8.com/il/?o=2016&r=ewb164700983gk6e&a=23&sa=7869
Frame ID: 3DDDE81F8C2072FC7C595CF892C7A533
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

15
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

2
IPs

2
Countries

120 kB
Transfer

228 kB
Size

5
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.lijits.com/offer?trackid=202008151029233584
Title: קבל/י כעת

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://metatep.com/?a=7869&c=26354&s2=202008151029233584 HTTP 302
https://starforallgenerations.com/?a=23&c=2006&s1=7869&s2=25421-548496127&s4= HTTP 302
https://hitthattarget.com/?a=23&c=2006&s1=7869&s2=25421-548496127&s4=&ckmguid=bd0f11da-c93c-4998-a1a3-0ab8a32b0c5b HTTP 302
https://mrng00.got2have8.com/il/?o=2016&r=ewb164700983gk6e&a=23&sa=7869

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.html Show response eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/	37 KB 7 KB	55ms 40ms	Document text/html	2606:4700:3034::ac43:d22f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:d22f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4b96f26f732b54324036f91f1c47093a2fccc694bb9f3d6ec9f522e452e6caf7` Request headers :method GET :authority eu.visitorletterword.xyz :scheme https :path /b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Sat, 15 Aug 2020 10:35:47 GMT content-type text/html set-cookie __cfduid=d4a42b5297322b3386c7626005d2bffdc1597487747; expires=Mon, 14-Sep-20 10:35:47 GMT; path=/; domain=.visitorletterword.xyz; HttpOnly; SameSite=Lax cache-control no-cache cf-cache-status DYNAMIC cf-request-id 049349a80c000096aa7cbb3200000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 5c3245534d0596aa-FRA content-encoding br
GET H2	200	css.css eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/css/	2 KB 429 B	35ms 34ms	Stylesheet text/css	2606:4700:3034::ac43:d22f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/css/css.css Requested by Host: eu.visitorletterword.xyz URL: https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:d22f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ed7da92a1bd3ca33ff7eb510a906749463c22ef746b49417d0dfa920c5ca4ea4` Request headers Referer https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 15 Aug 2020 10:35:47 GMT content-encoding br cf-cache-status MISS last-modified 1588840036 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control max-age=14400 cf-ray 5c3245539d3b96aa-FRA cf-request-id 049349a83a000096aa7cbbc200000001
GET H2	200	style.css eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/css/	9 KB 2 KB	32ms 31ms	Stylesheet text/css	2606:4700:3034::ac43:d22f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/css/style.css Requested by Host: eu.visitorletterword.xyz URL: https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:d22f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0e1738656188750583af6e1b25b451e6e2754db7f55b540e62a6fea5cd2b7a33` Request headers Referer https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 15 Aug 2020 10:35:47 GMT content-encoding br cf-cache-status MISS last-modified 1588840058 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control max-age=14400 cf-ray 5c3245539d3c96aa-FRA cf-request-id 049349a83a000096aa7cbbd200000001
GET H2	200	logo.png eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/img/	10 KB 10 KB	45ms 44ms	Image image/png	2606:4700:3034::ac43:d22f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/img/logo.png Requested by Host: eu.visitorletterword.xyz URL: https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:d22f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `99f22131449ebb5d2f18422e1488e91f27e228c55aec7092da80a5db8ce8ad13` Request headers Referer https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 15 Aug 2020 10:35:47 GMT cf-cache-status MISS last-modified 1588840049 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control max-age=14400 accept-ranges bytes cf-ray 5c3245539d4896aa-FRA content-length 10334 cf-request-id 049349a83e000096aa7cbc2200000001
GET H2	200	iphone-11pro.png eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/img/	20 KB 20 KB	41ms 39ms	Image image/png	2606:4700:3034::ac43:d22f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/img/iphone-11pro.png Requested by Host: eu.visitorletterword.xyz URL: https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:d22f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a8623ba93a525f8a6502568774bb9b4962a9f4f503e858f9fcd3d39471b5929d` Request headers Referer https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 15 Aug 2020 10:35:47 GMT cf-cache-status MISS last-modified 1588840036 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control max-age=14400 accept-ranges bytes cf-ray 5c3245539d4a96aa-FRA content-length 20865 cf-request-id 049349a83e000096aa7cbc3200000001
GET H2	200	samsung_s10.jpg eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/img/	20 KB 20 KB	42ms 40ms	Image image/jpeg	2606:4700:3034::ac43:d22f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/img/samsung_s10.jpg Requested by Host: eu.visitorletterword.xyz URL: https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:d22f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4908ade959c9401b33e00569c3ce722cb2411651b535d58e336550638b428cfc` Request headers Referer https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 15 Aug 2020 10:35:47 GMT cf-cache-status MISS last-modified 1588840036 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control max-age=14400 accept-ranges bytes cf-ray 5c3245539d4c96aa-FRA content-length 20796 cf-request-id 049349a83e000096aa7cbc4200000001
GET H2	200	apple_watch.jpg eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/img/	25 KB 25 KB	48ms 47ms	Image image/jpeg	2606:4700:3034::ac43:d22f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/img/apple_watch.jpg Requested by Host: eu.visitorletterword.xyz URL: https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:d22f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `63494675287bb7496664c7f3c63c2f58111cef845d10231afef53f824f76b5e6` Request headers Referer https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 15 Aug 2020 10:35:47 GMT cf-cache-status MISS last-modified 1588840036 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control max-age=14400 accept-ranges bytes cf-ray 5c3245539d4d96aa-FRA content-length 25212 cf-request-id 049349a840000096aa7cbc5200000001
GET H2	200	disqus_hr.gif eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/img/	90 B 187 B	39ms 38ms	Image image/gif	2606:4700:3034::ac43:d22f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/img/disqus_hr.gif Requested by Host: eu.visitorletterword.xyz URL: https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:d22f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `afe0c709cf4b479c6c621957b265236e04898760fde3bb29939db4afef4d13c0` Request headers Referer https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 15 Aug 2020 10:35:47 GMT cf-cache-status MISS last-modified 1588840036 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/gif status 200 cache-control max-age=14400 accept-ranges bytes cf-ray 5c3245539d4f96aa-FRA content-length 90 cf-request-id 049349a840000096aa7cbc6200000001
GET H2	200	loader2.gif eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/img/	2 KB 2 KB	45ms 44ms	Image image/gif	2606:4700:3034::ac43:d22f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/img/loader2.gif Requested by Host: eu.visitorletterword.xyz URL: https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:d22f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `81f8c055e3b99087883460c942b82d796fe5d2512101511e85d395b7a1690738` Request headers Referer https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 15 Aug 2020 10:35:47 GMT cf-cache-status MISS last-modified 1588840036 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/gif status 200 cache-control max-age=14400 accept-ranges bytes cf-ray 5c3245539d5096aa-FRA content-length 1818 cf-request-id 049349a840000096aa7cbc7200000001
GET H2	200	sweet-alert.css eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/css/	9 KB 2 KB	41ms 39ms	Stylesheet text/css	2606:4700:3034::ac43:d22f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/css/sweet-alert.css Requested by Host: eu.visitorletterword.xyz URL: https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:d22f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `57255e0e66ff61d16f7cd191f5669d68a4b8a90eef93a76ad1de809b02156cae` Request headers Referer https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 15 Aug 2020 10:35:47 GMT content-encoding br cf-cache-status MISS last-modified 1588840059 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control max-age=14400 cf-ray 5c3245539d4496aa-FRA cf-request-id 049349a83e000096aa7cbbf200000001
GET H2	200	jquery.min.js Show response eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/js/	82 KB 28 KB	59ms 57ms	Script application/javascript	2606:4700:3034::ac43:d22f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/js/jquery.min.js Requested by Host: eu.visitorletterword.xyz URL: https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:d22f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5` Request headers Referer https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 15 Aug 2020 10:35:47 GMT content-encoding br cf-cache-status MISS last-modified 1588840036 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript status 200 cache-control max-age=14400 cf-ray 5c3245539d4596aa-FRA cf-request-id 049349a83e000096aa7cbc0200000001
GET H2	200	script.js Show response eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/js/	2 KB 583 B	42ms 40ms	Script application/javascript	2606:4700:3034::ac43:d22f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/js/script.js Requested by Host: eu.visitorletterword.xyz URL: https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:d22f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9929bee8ade1b7b02b60ad8de00af9af969c7c4aaa61dcc51c216c30e07dcfe2` Request headers Referer https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 15 Aug 2020 10:35:47 GMT content-encoding br cf-cache-status MISS last-modified 1588840036 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript status 200 cache-control max-age=14400 cf-ray 5c3245539d4796aa-FRA cf-request-id 049349a83e000096aa7cbc1200000001
GET H2	200	style.css eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/css/	9 KB 2 KB	16ms 16ms	Font text/css	2606:4700:3034::ac43:d22f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/css/style.css Requested by Host: eu.visitorletterword.xyz URL: https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/css/style.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:d22f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0e1738656188750583af6e1b25b451e6e2754db7f55b540e62a6fea5cd2b7a33` Request headers Origin https://eu.visitorletterword.xyz Referer https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/css/style.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 15 Aug 2020 10:35:47 GMT content-encoding br cf-cache-status MISS last-modified 1588840058 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control max-age=14400 cf-ray 5c324553dd7396aa-FRA cf-request-id 049349a863000096aa7cbc8200000001
GET H2	200	css.css eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/css/	2 KB 420 B	19ms 19ms	Font text/css	2606:4700:3034::ac43:d22f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/css/css.css Requested by Host: eu.visitorletterword.xyz URL: https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/css/css.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:d22f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ed7da92a1bd3ca33ff7eb510a906749463c22ef746b49417d0dfa920c5ca4ea4` Request headers Origin https://eu.visitorletterword.xyz Referer https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/css/css.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 15 Aug 2020 10:35:47 GMT content-encoding br cf-cache-status MISS last-modified 1588840036 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control max-age=14400 cf-ray 5c324553dd7596aa-FRA cf-request-id 049349a864000096aa7cbc9200000001
GET H2	200	/ mrng00.got2have8.com/il/ Frame 3DDD Redirect Chain https://metatep.com/?a=7869&c=26354&s2=202008151029233584 https://starforallgenerations.com/?a=23&c=2006&s1=7869&s2=25421-548496127&s4= https://hitthattarget.com/?a=23&c=2006&s1=7869&s2=25421-548496127&s4=&ckmguid=bd0f11da-c93c-4998-a1a3-0ab8a32b0c5b https://mrng00.got2have8.com/il/?o=2016&r=ewb164700983gk6e&a=23&sa=7869	0 0	118ms 79ms	Document text/html	2606:4700:3035::6812:37d3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://mrng00.got2have8.com/il/?o=2016&r=ewb164700983gk6e&a=23&sa=7869 Requested by Host: eu.visitorletterword.xyz URL: https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6812:37d3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers :method GET :authority mrng00.got2have8.com :scheme https :path /il/?o=2016&r=ewb164700983gk6e&a=23&sa=7869 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://eu.visitorletterword.xyz/b3ccf64558dc569d91e6d57b2e1c9dda/index.html?siteid=YjY0MTg1OTQwMDc0MTg1NzY4OTM1OCMxNTk3NDg3MzUyQDU4MzdAXzlmZTE4NGJhNTA5NmQyNDI0ZmJhYzJhMzJhMDNjYjY5&trackid=202008151029233584&ourl64_=aHR0cHM6Ly9tZXRhdGVwLmNvbS8_YT03ODY5JmM9MjYzNTQmczI9MjAyMDA4MTUxMDI5MjMzNTg0 Response headers status 200 date Sat, 15 Aug 2020 10:35:48 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=db541a35d2bc58f51429ae34d55d3a5631597487747; expires=Mon, 14-Sep-20 10:35:47 GMT; path=/; domain=.got2have8.com; HttpOnly; SameSite=Lax; Secure PHPSESSID_MS=fr913gr9lpce9nvfpvump4e513; expires=Mon, 17-Aug-2020 10:35:47 GMT; Max-Age=172800; path=/ expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache cf-cache-status DYNAMIC cf-request-id 049349ab74000005b3273d5200000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 5c324558b9a305b3-FRA content-encoding br Redirect headers status 302 date Sat, 15 Aug 2020 10:35:47 GMT content-type text/html; charset=utf-8 set-cookie __cfduid=d406f6d4f454f26a91a0a605c19ae5eb21597487747; expires=Mon, 14-Sep-20 10:35:47 GMT; path=/; domain=.hitthattarget.com; HttpOnly; SameSite=Lax; Secure st=DiYid1S7oD66PB5E/sb0cFIb2P2Mg9Ef6XmpPgBkBnqQ8ksFZe9BdQ==; domain=.hitthattarget.com; path=/; HttpOnly tfl=uuyN8JoBkvC6PB5E/sb0cFIb2P2Mg9Ef6XmpPgBkBnqQ8ksFZe9BdQ==; domain=.hitthattarget.com; expires=Fri, 15-Aug-2025 10:35:48 GMT; path=/; HttpOnly c2016=DiYid1S7oD7txQEGEAn9ap8GqvfPbxtQKnmPebuZv7jz7rqBSvVRyQ==; domain=.hitthattarget.com; expires=Mon, 14-Sep-2020 10:35:48 GMT; path=/; HttpOnly cache-control private location https://mrng00.got2have8.com/il/?o=2016&r=ewb164700983gk6e&a=23&sa=7869 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" cf-cache-status DYNAMIC cf-request-id 049349aaae0000dfa9711e1200000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 5c3245577fd9dfa9-FRA

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.got2have8.com/	1970-01-19 11:44:47	Name: _gat Value: 1
.got2have8.com/	1970-01-19 11:46:14	Name: _gid Value: GA1.2.417105529.1597487748
.got2have8.com/	1970-01-20 05:15:59	Name: _ga Value: GA1.2.454699909.1597487748
mrng00.got2have8.com/	1970-01-19 11:47:40	Name: PHPSESSID_MS Value: fr913gr9lpce9nvfpvump4e513
.visitorletterword.xyz/	1970-01-19 12:27:59	Name: __cfduid Value: d4a42b5297322b3386c7626005d2bffdc1597487747

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

eu.visitorletterword.xyz
hitthattarget.com
metatep.com
mrng00.got2have8.com
starforallgenerations.com
2606:4700:3031::681c:908
2606:4700:3034::ac43:c3d4
2606:4700:3034::ac43:d22f
2606:4700:3035::6812:37d3
54.194.14.156
0e1738656188750583af6e1b25b451e6e2754db7f55b540e62a6fea5cd2b7a33
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
4908ade959c9401b33e00569c3ce722cb2411651b535d58e336550638b428cfc
4b96f26f732b54324036f91f1c47093a2fccc694bb9f3d6ec9f522e452e6caf7
57255e0e66ff61d16f7cd191f5669d68a4b8a90eef93a76ad1de809b02156cae
63494675287bb7496664c7f3c63c2f58111cef845d10231afef53f824f76b5e6
81f8c055e3b99087883460c942b82d796fe5d2512101511e85d395b7a1690738
9929bee8ade1b7b02b60ad8de00af9af969c7c4aaa61dcc51c216c30e07dcfe2
99f22131449ebb5d2f18422e1488e91f27e228c55aec7092da80a5db8ce8ad13
a8623ba93a525f8a6502568774bb9b4962a9f4f503e858f9fcd3d39471b5929d
afe0c709cf4b479c6c621957b265236e04898760fde3bb29939db4afef4d13c0
ed7da92a1bd3ca33ff7eb510a906749463c22ef746b49417d0dfa920c5ca4ea4

eu.visitorletterword.xyz Open in urlscan Pro 2606:4700:3034::ac43:d22f Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

80 %IPv6

5 Domains

5 Subdomains

2 IPs

2 Countries

120 kBTransfer

228 kBSize

5 Cookies

1 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

5 Cookies

Indicators

eu.visitorletterword.xyz Open in urlscan Pro
2606:4700:3034::ac43:d22f Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

2
IPs

2
Countries

120 kB
Transfer

228 kB
Size

5
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!