cycletowpros.com
Open in
urlscan Pro
208.109.28.118
Malicious Activity!
Public Scan
Effective URL: https://cycletowpros.com/wp-content/ed/index%20(3).html
Submission: On July 23 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on May 2nd 2024. Valid for: a year.
This is the only time cycletowpros.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 18.245.199.87 18.245.199.87 | 16509 (AMAZON-02) (AMAZON-02) | |
1 3 | 208.109.28.118 208.109.28.118 | 398101 (GO-DADDY-...) (GO-DADDY-COM-LLC) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 23.38.98.78 23.38.98.78 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2606:4700:303... 2606:4700:3036::ac43:b59d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a02:26f0:350... 2a02:26f0:3500:18::1724:a292 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
4 | 2a02:26f0:480... 2a02:26f0:480:58c::228b | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a04:4e42::649 2a04:4e42::649 | 54113 (FASTLY) (FASTLY) | |
13 | 8 |
ASN16509 (AMAZON-02, US)
PTR: server-18-245-199-87.cdg55.r.cloudfront.net
docsend.com |
ASN398101 (GO-DADDY-COM-LLC, US)
PTR: 118.28.109.208.host.secureserver.net
cycletowpros.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-38-98-78.deploy.static.akamaitechnologies.com
img1.wsimg.com |
ASN20940 (AKAMAI-ASN1, NL)
events.api.secureserver.net |
ASN20940 (AKAMAI-ASN1, NL)
csp.secureserver.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
secureserver.net
events.api.secureserver.net — Cisco Umbrella Rank: 20700 csp.secureserver.net — Cisco Umbrella Rank: 20670 |
566 B |
3 |
cycletowpros.com
1 redirects
cycletowpros.com |
6 KB |
2 |
wsimg.com
1 redirects
img1.wsimg.com — Cisco Umbrella Rank: 15358 |
21 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 1211 |
31 KB |
1 |
spb.ru
micronroveqls.spb.ru |
127 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 336 |
14 KB |
1 |
docsend.com
1 redirects
docsend.com — Cisco Umbrella Rank: 131136 |
6 KB |
13 | 7 |
Domain | Requested by | |
---|---|---|
4 | csp.secureserver.net |
img1.wsimg.com
|
3 | cycletowpros.com |
1 redirects
cycletowpros.com
|
2 | events.api.secureserver.net |
img1.wsimg.com
|
2 | img1.wsimg.com |
1 redirects
cycletowpros.com
|
1 | code.jquery.com |
cycletowpros.com
|
1 | micronroveqls.spb.ru |
cycletowpros.com
|
1 | cdnjs.cloudflare.com |
cycletowpros.com
|
1 | docsend.com | 1 redirects |
13 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cycletowpros.com Go Daddy Secure Certificate Authority - G2 |
2024-05-02 - 2025-05-02 |
a year | crt.sh |
cdnjs.cloudflare.com E1 |
2024-06-02 - 2024-08-31 |
3 months | crt.sh |
micronroveqls.spb.ru WE1 |
2024-07-07 - 2024-10-05 |
3 months | crt.sh |
*.api.secureserver.net Starfield Secure Certificate Authority - G2 |
2024-07-15 - 2025-08-16 |
a year | crt.sh |
*.secureserver.net Starfield Secure Certificate Authority - G2 |
2023-10-10 - 2024-11-10 |
a year | crt.sh |
*.jquery.com Sectigo ECC Domain Validation Secure Server CA |
2024-06-25 - 2025-06-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cycletowpros.com/wp-content/ed/index%20(3).html
Frame ID: 3BFDABA9E9C6F6840547B2EF6DD40A54
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
jazzyPage URL History Show full URLs
-
https://docsend.com/view/wcsmyip95xzj5r7f
HTTP 302
https://cycletowpros.com/wp-content/ed/index%20(3).html Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://docsend.com/view/wcsmyip95xzj5r7f
HTTP 302
https://cycletowpros.com/wp-content/ed/index%20(3).html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 301
- https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
- https://cycletowpros.com/favicon.ico HTTP 302
- https://cycletowpros.com/wp-content/uploads/2021/01/favicon.jpg
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index%20(3).html
cycletowpros.com/wp-content/ed/ Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
crypto-js.min.js
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/ |
47 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scc-c2.min.js
img1.wsimg.com/signals/js/clients/scc-c2/ Redirect Chain
|
105 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
/
micronroveqls.spb.ru// |
168 KB 127 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event
events.api.secureserver.net/t/1/tl/ |
43 B 283 B |
Fetch
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event
events.api.secureserver.net/t/1/tl/ |
43 B 283 B |
Fetch
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.jpg
cycletowpros.com/wp-content/uploads/2021/01/ Redirect Chain
|
3 KB 3 KB |
Other
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
eventbus
csp.secureserver.net/ |
0 0 |
Preflight
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
eventbus
csp.secureserver.net/ |
0 0 |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
eventbus
csp.secureserver.net/ |
0 0 |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
eventbus
csp.secureserver.net/ |
0 0 |
Preflight
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
,
cycletowpros.com/wp-content/ed/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
496 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
231 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cycletowpros.com
- URL
- https://cycletowpros.com/wp-content/ed/,
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| CryptoJS function| peach object| _trfd object| _tcclInternal object| _expDataLayer object| _signalsDataLayer object| scc-c2 object| _trfq function| $ function| jQuery function| gB string| gambit function| kennel function| uF function| keyboard function| zucchini function| damned function| backhanded function| b6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.docsend.com/ | Name: _v_ Value: YOjWlW87Z6IjS%2FyYRJ%2FG14Iv%2FXrYxq3HRM1mpJySRsAgfyKtS1KhMeodZFI6rxj55w54VNq44GNvwEXOi2aFgHOc%2B78HxTgXugrW7JhhzHksBFBesw%3D%3D--bxQG7aMHmiQiROq6--muCme9FyVe%2Fx3SwmbFBJeQ%3D%3D |
|
.docsend.com/ | Name: _us_ Value: eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaEpJZzkyYVdWM1pXUWdaRzlqQmpvR1JWUT0iLCJleHAiOm51bGwsInB1ciI6ImNvb2tpZS5fdXNfIn19--0a19c6dc51d459746e8b01d901655a78795a6225 |
|
.docsend.com/ | Name: _dss_ Value: 318cf28a52f105e7d7b3c832d54109cc |
|
.cycletowpros.com/ | Name: _tccl_visitor Value: b5dfe7bc-bf23-4ff9-b881-3fc657f1b2b4 |
|
.cycletowpros.com/ | Name: _tccl_visit Value: b5dfe7bc-bf23-4ff9-b881-3fc657f1b2b4 |
|
.cycletowpros.com/ | Name: _scc_session Value: pc=1&C_TOUCH=2024-07-23T13:55:44.037Z |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
code.jquery.com
csp.secureserver.net
cycletowpros.com
docsend.com
events.api.secureserver.net
img1.wsimg.com
micronroveqls.spb.ru
cycletowpros.com
18.245.199.87
208.109.28.118
23.38.98.78
2606:4700:3036::ac43:b59d
2606:4700::6811:180e
2a02:26f0:3500:18::1724:a292
2a02:26f0:480:58c::228b
2a04:4e42::649
100109994ca2ce87b3484f8f79ea841ea4f72dd948c447d86deb89a2b2c7ce8b
18fb69e74d40c9203eb732e5ba423b45fcf1d2b48f6d38efe87a08bb686fd94e
4623ca999744624a837f54806a96901fb05352c84addb1208c382e12733bbe6f
4d88618abd8d28ca19625380b7ae28a1e1086063ce7c66fc3257464f5f5b4c71
5ecda9d42e7261aa13ab56de683506aa5a0235ca36ea61afa62436b9d037d43a
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
8f7092c94ef904c57584706cdb5f1fd9fe1efce52ce3105e99b9a7def487f09f
906f71d6d2948b4ac632811cce156c73e0d73a9045ee83a42822824de2b0bb3f
b0d693760ce487847610e5c271ad3c0ed2b224b8c412937919e23fd662d8b903
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
e9e7b808d5f429a2f704eeb999d572fe2884ce9f763823c021723d7b3ac90fbc
eab5d90a71736f267af39fdf32caa8c71673fd06703279b01e0f92b0d7be0bfc
fe4c1d8917b395d0f058f165778769d4dd7a214f2b3d226c50b992d593f602e7
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e