cycletowpros.com Open in urlscan Pro
208.109.28.118  Malicious Activity! Public Scan

Submitted URL: https://docsend.com/view/wcsmyip95xzj5r7f
Effective URL: https://cycletowpros.com/wp-content/ed/index%20(3).html
Submission: On July 23 via manual from IN — Scanned from DE

Summary

This website contacted 8 IPs in 2 countries across 7 domains to perform 13 HTTP transactions. The main IP is 208.109.28.118, located in United States and belongs to GO-DADDY-COM-LLC, US. The main domain is cycletowpros.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on May 2nd 2024. Valid for: a year.
This is the only time cycletowpros.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 18.245.199.87 16509 (AMAZON-02)
1 3 208.109.28.118 398101 (GO-DADDY-...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2 23.38.98.78 20940 (AKAMAI-ASN1)
1 2606:4700:303... 13335 (CLOUDFLAR...)
2 2a02:26f0:350... 20940 (AKAMAI-ASN1)
4 2a02:26f0:480... 20940 (AKAMAI-ASN1)
1 2a04:4e42::649 54113 (FASTLY)
13 8
Apex Domain
Subdomains
Transfer
6 secureserver.net
events.api.secureserver.net — Cisco Umbrella Rank: 20700
csp.secureserver.net — Cisco Umbrella Rank: 20670
566 B
3 cycletowpros.com
cycletowpros.com
6 KB
2 wsimg.com
img1.wsimg.com — Cisco Umbrella Rank: 15358
21 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 1211
31 KB
1 spb.ru
micronroveqls.spb.ru
127 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 336
14 KB
1 docsend.com
docsend.com — Cisco Umbrella Rank: 131136
6 KB
13 7
Domain Requested by
4 csp.secureserver.net img1.wsimg.com
3 cycletowpros.com 1 redirects cycletowpros.com
2 events.api.secureserver.net img1.wsimg.com
2 img1.wsimg.com 1 redirects cycletowpros.com
1 code.jquery.com cycletowpros.com
1 micronroveqls.spb.ru cycletowpros.com
1 cdnjs.cloudflare.com cycletowpros.com
1 docsend.com 1 redirects
13 8

This site contains no links.

Subject Issuer Validity Valid
cycletowpros.com
Go Daddy Secure Certificate Authority - G2
2024-05-02 -
2025-05-02
a year crt.sh
cdnjs.cloudflare.com
E1
2024-06-02 -
2024-08-31
3 months crt.sh
micronroveqls.spb.ru
WE1
2024-07-07 -
2024-10-05
3 months crt.sh
*.api.secureserver.net
Starfield Secure Certificate Authority - G2
2024-07-15 -
2025-08-16
a year crt.sh
*.secureserver.net
Starfield Secure Certificate Authority - G2
2023-10-10 -
2024-11-10
a year crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA
2024-06-25 -
2025-06-25
a year crt.sh

This page contains 1 frames:

Primary Page: https://cycletowpros.com/wp-content/ed/index%20(3).html
Frame ID: 3BFDABA9E9C6F6840547B2EF6DD40A54
Requests: 18 HTTP requests in this frame

Screenshot

Page Title

jazzy

Page URL History Show full URLs

  1. https://docsend.com/view/wcsmyip95xzj5r7f HTTP 302
    https://cycletowpros.com/wp-content/ed/index%20(3).html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

77 %
HTTPS

63 %
IPv6

7
Domains

8
Subdomains

8
IPs

2
Countries

200 kB
Transfer

432 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://docsend.com/view/wcsmyip95xzj5r7f HTTP 302
    https://cycletowpros.com/wp-content/ed/index%20(3).html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 301
  • https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
Request Chain 5
  • https://cycletowpros.com/favicon.ico HTTP 302
  • https://cycletowpros.com/wp-content/uploads/2021/01/favicon.jpg

13 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index%20(3).html
cycletowpros.com/wp-content/ed/
Redirect Chain
  • https://docsend.com/view/wcsmyip95xzj5r7f
  • https://cycletowpros.com/wp-content/ed/index%20(3).html
6 KB
2 KB
Document
General
Full URL
https://cycletowpros.com/wp-content/ed/index%20(3).html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.109.28.118 , United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS
118.28.109.208.host.secureserver.net
Software
Apache /
Resource Hash
5ecda9d42e7261aa13ab56de683506aa5a0235ca36ea61afa62436b9d037d43a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-encoding
br
content-length
2401
content-type
text/html
date
Tue, 23 Jul 2024 13:55:43 GMT
etag
"5c4b542-15b9-61cd06485a2fa-br"
last-modified
Tue, 09 Jul 2024 13:20:25 GMT
server
Apache
vary
Accept-Encoding

Redirect headers

Cache-Control
no-cache
Connection
keep-alive
Content-Encoding
gzip
Content-Security-Policy
connect-src 'self' blob: https://assets.docsend.com https://d2qvtfnm75xrxf.cloudfront.net https://*.previews.dropboxusercontent.com/*/p.m3u8 https://*.dropboxusercontent.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.intercomcdn.com https://uploads.intercomusercontent.com https://sessions.bugsnag.com https://notify.bugsnag.com https://featuregates.org https://events.statsigapi.net https://browser-intake-datadoghq.com https://browser-intake-us3-datadoghq.com https://browser-intake-us5-datadoghq.com https://*.kissmetrics.com https://*.kissmetrics.io https://api.segment.io https://cdn.segment.com https://events.statsigapi.net/v1/rgstr https://statsigapi.net/v1/sdk_exception https://*.id.opendns.com https://www.google-analytics.com https://analytics.google.com https://*.g.doubleclick.net https://www.facebook.com https://api.autopilothq.com https://*.filestackapi.com https://cdn.filestackcontent.com https://s3.amazonaws.com https://*.dropbox.com https://*.dropboxapi.com https://*.dropboxstatic.com https://browser.pipe.aria.microsoft.com https://checkout.stripe.com https://forms.hubspot.com https://*.pubnub.com https://docsend-prod.s3.amazonaws.com; frame-src 'self' https://assets.docsend.com https://*.previews.dropboxusercontent.com/ https://marketing.docsend.com https://js.stripe.com https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com https://td.doubleclick.net/ https://*.g.doubleclick.net https://tpc.googlesyndication.com https://www.facebook.com https://telemetryservice.firstpartyapps.oaspapps.com https://www.dropbox.com https://ifttt.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https://assets.docsend.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.google-analytics.com https://cdn.segment.com https://scripts.kissmetrics.com https://*.id.opendns.com https://www.youtube.com https://*.ytimg.com https://vimeo.com https://www.vimeo.com https://www.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://connect.facebook.net https://*.quora.com https://*.bing.com https://api.autopilothq.com https://*.capterra.com https://*.g.doubleclick.net https://js.hs-analytics.net https://js.hs-scripts.com https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://js.hsleadflows.net https://js.stripe.com https://checkout.stripe.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://maps.googleapis.com https://static.filestackapi.com https://zapier.com https://d2wy8f7a9ursnm.cloudfront.net 'nonce-SWxnffuc1xD4lkaDKRX43g=='; report-uri https://www.dropbox.com/csp_log?policy_name=docsend; default-src 'self'; base-uri 'self'; child-src 'self' blob:; font-src 'self' https: data: chrome-extension:; form-action 'self' https://docsend.com https://*.docsend.com https://intercom.help https://api-iam.intercom.io https://accounts.google.com https://www.linkedin.com https://*.salesforce.com https://www.dropbox.com https://accounts.logme.in https://secure.join.me https://*.okta.com https://*.oktapreview.com https://*.jumpcloud.com https://*.onelogin.com https://zapier.com https://ifttt.com https://www.facebook.com; img-src 'self' https: data: blob: chrome-extension:; media-src 'self' blob: data: https://d2qvtfnm75xrxf.cloudfront.net https://js.intercomcdn.com https://*.dropboxusercontent.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://assets.docsend.com https://fonts.googleapis.com https://tagmanager.google.com https://static.filestackapi.com https://use.fontawesome.com https://vjs.zencdn.net; worker-src 'self' blob:
Content-Type
text/html; charset=utf-8
Date
Tue, 23 Jul 2024 13:55:42 GMT
Location
https://cycletowpros.com/wp-content/ed/index%20(3).html
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1721742942&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=CIwo%2BHEbIdsRbN%2BGAqaz3ct6aITr6gQt06OuMOnRMdE%3D"}]}
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1721742942&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=CIwo%2BHEbIdsRbN%2BGAqaz3ct6aITr6gQt06OuMOnRMdE%3D
Server
Cowboy
Strict-Transport-Security
max-age=31556952; includeSubDomains; preload
Transfer-Encoding
chunked
Vary
Accept-Encoding, Origin
Via
1.1 vegur, 1.1 7b75efd20bebcd4fee78c75f0b1a9fa8.cloudfront.net (CloudFront)
X-Amz-Cf-Id
fugChadwJ-xepi34ORZv4lUxeoB8nh5nC9vPv4DCCZvthXibgQI24g==
X-Amz-Cf-Pop
CDG55-P2
X-Cache
Miss from cloudfront
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-Request-Id
ecc38d17-f19d-4aa3-99ce-be244c095853
X-Runtime
0.067765
crypto-js.min.js
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/
47 KB
14 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
Requested by
Host: cycletowpros.com
URL: https://cycletowpros.com/wp-content/ed/index%20(3).html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eab5d90a71736f267af39fdf32caa8c71673fd06703279b01e0f92b0d7be0bfc
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cycletowpros.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 13:55:43 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1152016
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
14107
last-modified
Mon, 04 May 2020 16:09:17 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e2d-bb78"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RzSDR4y9qjpTjEJkdUrZuV%2BqYVkynnz2%2FdJ8b7lZAQtNsibXzsCKugbO7%2Bfx7qTTPSihji3ygeVrleInSHKs%2BFL65nWeqEW9SYQh5cxaDYxSg%2FNNzhk7Td4ih0jBQfzp6YkTy76cNyvlnO879ArLQ%2Bix"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8a7c2b773c9418db-FRA
expires
Sun, 13 Jul 2025 13:55:43 GMT
scc-c2.min.js
img1.wsimg.com/signals/js/clients/scc-c2/
Redirect Chain
  • https://img1.wsimg.com/traffic-assets/js/tccl.min.js
  • https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
105 KB
21 KB
Script
General
Full URL
https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
Requested by
Host: cycletowpros.com
URL: https://cycletowpros.com/wp-content/ed/index%20(3).html
Protocol
H2
Server
23.38.98.78 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-38-98-78.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8f7092c94ef904c57584706cdb5f1fd9fe1efce52ce3105e99b9a7def487f09f

Request headers

Referer
https://cycletowpros.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
VDVeY4oO8ClQrknn.k4OgPWK0heF1LAr
content-encoding
gzip
date
Tue, 23 Jul 2024 13:55:43 GMT
x-amz-request-id
BMQPM02RWX51NDAS
x-amz-server-side-encryption
AES256
x-amz-meta-version
0.4.0
content-length
20848
x-amz-id-2
OeC0I10yEfcTT3bHDkHJZaehUNt2NvrqLhCTMbgF3LncIq7ZOF7K9s9AHyjSEdheAilyBHHKYoo=
last-modified
Fri, 17 May 2024 22:31:26 GMT
etag
"ace51bdb3b35a6b66c74fa115d4caa3f"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=1800
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 23 Jul 2024 14:25:43 GMT

Redirect headers

location
https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
access-control-allow-origin
*
date
Tue, 23 Jul 2024 13:55:43 GMT
cache-control
max-age=31536000
timing-allow-origin
*
content-length
0
expires
Wed, 23 Jul 2025 13:55:43 GMT
/
micronroveqls.spb.ru//
168 KB
127 KB
Fetch
General
Full URL
https://micronroveqls.spb.ru//
Requested by
Host: cycletowpros.com
URL: https://cycletowpros.com/wp-content/ed/index%20(3).html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:b59d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0d693760ce487847610e5c271ad3c0ed2b224b8c412937919e23fd662d8b903

Request headers

Referer
https://cycletowpros.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 23 Jul 2024 13:55:45 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GAAhLzwcZ5zOMRSHnsT6aIUXpg95S5VkCsUreA8dOHshXpfOXC99GmsHtQ0K5Vff5dgO9CWWUVB0aMBqUrChYB66dYFoCDKrojtoyDs%2BTxVbA5KM6AU06KdAX%2BdbfR4CRwuSehzBpFvfFPfWZqQDfDlcjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cf-ray
8a7c2b78eea53aa4-FRA
alt-svc
h3=":443"; ma=86400
content-length
129983
event
events.api.secureserver.net/t/1/tl/
43 B
283 B
Fetch
General
Full URL
https://events.api.secureserver.net/t/1/tl/event?dh=cycletowpros.com&dr=&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F126.0.0.0%20Safari%2F537.36&client_name=scc-c2&cv=0.4.0&vg=b5dfe7bc-bf23-4ff9-b881-3fc657f1b2b4&vtg=b5dfe7bc-bf23-4ff9-b881-3fc657f1b2b4&dp=%2Fwp-content%2Fed%2Findex%2520(3).html&trace_id=b2d4bc85e23940208d4f48396c4eec3a&cts=2024-07-23T13%3A55%3A44.037Z&hit_id=81c4c21c-e509-4eb1-b283-cd3f98156e22&ht=pageview&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22p3plzcpnl446375%22%2C%22dcenter%22%3A%22p3%22%2C%22cp_id%22%3A%227521827%22%2C%22cp_cache%22%3A%22%22%2C%22cp_cl%22%3A%228%22%7D&ap=cpsh-oh&vci=2051529986&z=6448077
Requested by
Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3500:18::1724:a292 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cycletowpros.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
date
Tue, 23 Jul 2024 13:55:44 GMT
x-content-type-options
nosniff
x-frame-options
DENY
content-type
image/gif
access-control-allow-origin
https://cycletowpros.com
cache-control
private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
content-length
43
x-xss-protection
1; mode=block
event
events.api.secureserver.net/t/1/tl/
43 B
283 B
Fetch
General
Full URL
https://events.api.secureserver.net/t/1/tl/event?dh=cycletowpros.com&dr=&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F126.0.0.0%20Safari%2F537.36&client_name=scc-c2&cv=0.4.0&vg=b5dfe7bc-bf23-4ff9-b881-3fc657f1b2b4&vtg=b5dfe7bc-bf23-4ff9-b881-3fc657f1b2b4&dp=%2Fwp-content%2Fed%2Findex%2520(3).html&trace_id=b2d4bc85e23940208d4f48396c4eec3a&cts=2024-07-23T13%3A55%3A44.040Z&hit_id=577357ee-3f6a-46c9-aec9-b9c69a72ef8c&ea=pageperf&ht=perf&eid=traffic.tcc.instrumentation.navigation.timing&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22p3plzcpnl446375%22%2C%22dcenter%22%3A%22p3%22%2C%22cp_id%22%3A%227521827%22%2C%22cp_cache%22%3A%22%22%2C%22cp_cl%22%3A%228%22%7D&ap=cpsh-oh&vci=2051529986&z=42676977&tce=1721742943645&tcs=1721742943291&tdc=1721742944039&tdclee=1721742944038&tdcles=1721742944038&tdi=1721742944038&tdl=1721742943836&tdle=1721742943291&tdls=1721742943291&tfs=1721742943117&tns=1721742942839&trqs=1721742943645&tre=1721742943821&trps=1721742943819&tles=1721742944039&tlee=0&nt=navigate&nav_type=hard
Requested by
Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3500:18::1724:a292 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cycletowpros.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
date
Tue, 23 Jul 2024 13:55:44 GMT
x-content-type-options
nosniff
x-frame-options
DENY
content-type
image/gif
access-control-allow-origin
https://cycletowpros.com
cache-control
private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
content-length
43
x-xss-protection
1; mode=block
favicon.jpg
cycletowpros.com/wp-content/uploads/2021/01/
Redirect Chain
  • https://cycletowpros.com/favicon.ico
  • https://cycletowpros.com/wp-content/uploads/2021/01/favicon.jpg
3 KB
3 KB
Other
General
Full URL
https://cycletowpros.com/wp-content/uploads/2021/01/favicon.jpg
Protocol
H2
Server
208.109.28.118 , United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS
118.28.109.208.host.secureserver.net
Software
Apache /
Resource Hash
100109994ca2ce87b3484f8f79ea841ea4f72dd948c447d86deb89a2b2c7ce8b

Request headers

Referer
https://cycletowpros.com/wp-content/ed/index%20(3).html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 13:55:44 GMT
last-modified
Tue, 26 Jan 2021 07:33:23 GMT
server
Apache
accept-ranges
bytes
etag
"5cc2465-ceb-5b9c8ab630f16"
content-length
3307
content-type
image/jpeg

Redirect headers

date
Tue, 23 Jul 2024 13:55:44 GMT
content-encoding
br
last-modified
Tue, 23 Jul 2024 13:55:44 GMT
server
Apache
x-powered-by
PHP/7.3.33
x-redirect-by
WordPress
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
location
https://cycletowpros.com/wp-content/uploads/2021/01/favicon.jpg
cache-control
must-revalidate
x-nitro-cache
MISS
link
<https://cycletowpros.com/wp-json/>; rel="https://api.w.org/"
content-length
1
eventbus
csp.secureserver.net/
0
0
Preflight
General
Full URL
https://csp.secureserver.net/eventbus
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:480:58c::228b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains ; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://cycletowpros.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type,authorization
Access-Control-Allow-Methods
OPTIONS,POST
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
Content-Type
application/json
Date
Tue, 23 Jul 2024 13:55:44 GMT
Expires
Tue, 23 Jul 2024 13:55:44 GMT
Pragma
no-cache
Strict-Transport-Security
max-age=86400 ; includeSubDomains ; preload
x-amz-apigw-id
bXlvHFcyIAMEvdA=
x-amzn-requestid
1b1cbdd2-15f7-47d5-bf15-098879affd21
x-amzn-trace-id
Root=1-669fb660-72da61bf4d29ce35521693f6
x-envoy-upstream-service-time
5
eventbus
csp.secureserver.net/
0
0
Fetch
General
Full URL
https://csp.secureserver.net/eventbus
Requested by
Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:480:58c::228b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains ; preload

Request headers

Referer
https://cycletowpros.com/
Authorization
api-key b18ef4f046435b64a469b32c3c1c20a3
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

Pragma
no-cache
Date
Tue, 23 Jul 2024 13:55:44 GMT
Strict-Transport-Security
max-age=86400 ; includeSubDomains ; preload
x-amzn-trace-id
Root=1-669fb660-4c73771c6e5b226f26308422
x-amzn-requestid
437c68f4-4169-438e-9e59-1ff3ada20557
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
x-envoy-upstream-service-time
109
Connection
keep-alive
x-amz-apigw-id
bXlvIF5YoAMEqxA=
Content-Length
0
Expires
Tue, 23 Jul 2024 13:55:44 GMT
eventbus
csp.secureserver.net/
0
0
Fetch
General
Full URL
https://csp.secureserver.net/eventbus
Requested by
Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:480:58c::228b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains ; preload

Request headers

Referer
https://cycletowpros.com/
Authorization
api-key 8da2217409854bee82e12dc4ca0b39fb
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

Pragma
no-cache
Date
Tue, 23 Jul 2024 13:55:44 GMT
Strict-Transport-Security
max-age=86400 ; includeSubDomains ; preload
x-amzn-trace-id
Root=1-669fb660-58afc2354dde25a3112966eb
x-amzn-requestid
1f499b1c-5ddf-425f-bad2-b4dcece8b713
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
x-envoy-upstream-service-time
110
Connection
keep-alive
x-amz-apigw-id
bXlvIHBLoAMEZ2A=
Content-Length
0
Expires
Tue, 23 Jul 2024 13:55:44 GMT
eventbus
csp.secureserver.net/
0
0
Preflight
General
Full URL
https://csp.secureserver.net/eventbus
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:480:58c::228b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains ; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://cycletowpros.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type,authorization
Access-Control-Allow-Methods
OPTIONS,POST
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
Content-Type
application/json
Date
Tue, 23 Jul 2024 13:55:44 GMT
Expires
Tue, 23 Jul 2024 13:55:44 GMT
Pragma
no-cache
Strict-Transport-Security
max-age=86400 ; includeSubDomains ; preload
x-amz-apigw-id
bXlvHH2sIAMEdyg=
x-amzn-requestid
80ae6c1a-de0d-42fc-a575-609720b4fdaa
x-amzn-trace-id
Root=1-669fb660-39a9b8f02f55fd006fad56b9
x-envoy-upstream-service-time
5
jquery-3.6.0.min.js
code.jquery.com/
87 KB
31 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: cycletowpros.com
URL: https://cycletowpros.com/wp-content/ed/index%20(3).html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer
https://cycletowpros.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 23 Jul 2024 13:55:46 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
170686
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
content-length
30875
x-served-by
cache-lga21931-LGA, cache-fra-etou8220084-FRA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1721742946.096185,VS0,VE0
etag
W/"28feccc0-15d9d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
8, 74106
,
cycletowpros.com/wp-content/ed/
0
0

truncated
/
496 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4623ca999744624a837f54806a96901fb05352c84addb1208c382e12733bbe6f

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
7 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e9e7b808d5f429a2f704eeb999d572fe2884ce9f763823c021723d7b3ac90fbc

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4d88618abd8d28ca19625380b7ae28a1e1086063ce7c66fc3257464f5f5b4c71

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
231 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
906f71d6d2948b4ac632811cce156c73e0d73a9045ee83a42822824de2b0bb3f

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
18fb69e74d40c9203eb732e5ba423b45fcf1d2b48f6d38efe87a08bb686fd94e

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fe4c1d8917b395d0f058f165778769d4dd7a214f2b3d226c50b992d593f602e7

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cycletowpros.com
URL
https://cycletowpros.com/wp-content/ed/,

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| CryptoJS function| peach object| _trfd object| _tcclInternal object| _expDataLayer object| _signalsDataLayer object| scc-c2 object| _trfq function| $ function| jQuery function| gB string| gambit function| kennel function| uF function| keyboard function| zucchini function| damned function| backhanded function| b

6 Cookies

Domain/Path Name / Value
.docsend.com/ Name: _v_
Value: YOjWlW87Z6IjS%2FyYRJ%2FG14Iv%2FXrYxq3HRM1mpJySRsAgfyKtS1KhMeodZFI6rxj55w54VNq44GNvwEXOi2aFgHOc%2B78HxTgXugrW7JhhzHksBFBesw%3D%3D--bxQG7aMHmiQiROq6--muCme9FyVe%2Fx3SwmbFBJeQ%3D%3D
.docsend.com/ Name: _us_
Value: eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaEpJZzkyYVdWM1pXUWdaRzlqQmpvR1JWUT0iLCJleHAiOm51bGwsInB1ciI6ImNvb2tpZS5fdXNfIn19--0a19c6dc51d459746e8b01d901655a78795a6225
.docsend.com/ Name: _dss_
Value: 318cf28a52f105e7d7b3c832d54109cc
.cycletowpros.com/ Name: _tccl_visitor
Value: b5dfe7bc-bf23-4ff9-b881-3fc657f1b2b4
.cycletowpros.com/ Name: _tccl_visit
Value: b5dfe7bc-bf23-4ff9-b881-3fc657f1b2b4
.cycletowpros.com/ Name: _scc_session
Value: pc=1&C_TOUCH=2024-07-23T13:55:44.037Z

2 Console Messages

Source Level URL
Text
javascript warning URL: https://cycletowpros.com/wp-content/ed/index%20(3).html(Line 18)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.0.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://cycletowpros.com/wp-content/ed/index%20(3).html(Line 18)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.0.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.