mass.report
Scan Intelligence Report0/100
low Risk
projectxcompetitions.com
https://projectxcompetitions.com/
IP
172.67.150.6 · Cloudflare, Inc.
Location
Toronto, Canada
Domain Age
290 days
HTTP
200 · 20.3s
SSL
Valid· E7, Let's Encrypt, US
Status
COMPLETED
Domain Intelligence: projectxcompetitions.com
Scanned 2 times since Mar 21, 2026, 10:15 AM UTC
ℹ Low (10)
KB/IOK Matches (0)—
No KB/IOK detections were recorded for this scan.
ProjectX Competitions
Unknownfinance | technology | ecommerce | cryptocurrency | education · 4/5/2026
Summary
The target page at projectxcompetitions.com presents branding for 'ProjectX - Exclusive Car Competitions' and visually imitates a licensed competition site. However, the domain is not the official brand domain for a known legitimate service and uses a SPA-driven interface with extensive external scripts and tracking. The page loads branding assets and a high number of third-party scripts, suggesting credential or data collection via dynamic UI. This constitutes impersonation/phishing through typosquatting-like appearance and SPA credential capture potential, with new SSL cert and Cloudflare protection.
Evidence Summary
▸Observed 1 capture stage(s); canonical stage is settled_render.
▸POST targets observed during capture: https://projectxcompetitions.com/.
▸Distinctive asset clues: script.min.js, gcm.min.js, global.e90f6d47.css, styles.css, Project-x-final-v34.jpg, IMG-2-PROJECTX.jpg.
Capture
Stages: 1
Canonical: Settled Render
Changed: No
Credential Signals
Forms: 0
Password fields: 0
Late-stage login UI: No
Resource Signals
Resources: 216
Hosts: 6
Domains: 5
Attack Techniques (2)
Brand impersonation via visually similar branding and page titleSingle-Page Application (SPA) with dynamic credential capture (forms rendered by JS)
Indicators of Compromise (3)
▸Domain: projectxcompetitions.com (suspected impersonation) – IOC
▸Page title and og:title: 'ProjectX - Exclusive Car Competitions' (brand impersonation)
▸SSL: Let's Encrypt certificate valid March–June 2026 (short-lived typical for phishing domains)
Risk AssessmentUsed in abuse reports
The site at projectxcompetitions.com is a high-risk impersonation attempt of ProjectX Competitions. The domain appears to clone the brand’s visual identity and uses a SPA architecture capable of rendering credential capture forms at runtime, evidenced by 0 static forms but extensive JS bundles and POST requests to the root. The SSL certificate is recent and issued by Let’s Encrypt, which is common in phishing deployments. The page loads multiple external scripts and tracking endpoints (including Facebook analytics), which obscures the credential capture logic and facilitates exfiltration. This combination indicates deliberate masquerading to harvest user credentials or other data; escalate to takedown and containment immediately.
Recommended Action
Monitor
Cross-Reference8
URL Intelligence
Domain Intelligence
IP Intelligence
Public threat feed available — JSON API