www.ethosenerji.com - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 94.73.147.169, located in Turkey and belongs to CIZGI, TR. The main domain is www.ethosenerji.com.

This is the only time www.ethosenerji.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	94.73.147.169 94.73.147.169	34619 (CIZGI) (CIZGI)
5	208.75.151.48 208.75.151.48	19066 (WIREDTREE) (WIREDTREE - Cogswell Enterprises Inc.)
7	3

1 94.73.147.169 (Turkey)

ASN34619 (CIZGI, TR)
PTR: 94-73-147-169.cizgi.net.tr

www.ethosenerji.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 208.75.151.48 (Lansing, United States)

ASN19066 (WIREDTREE - Cogswell Enterprises Inc., US)

fullcortinas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	fullcortinas.com fullcortinas.com Failed	833 KB
1	ethosenerji.com www.ethosenerji.com	131 B
7	2

	Domain	Requested by
5	fullcortinas.com	fullcortinas.com
1	www.ethosenerji.com
7	2

This site contains no links.

Subject Issuer	Validity	Valid
fullcortinas.com cPanel, Inc. Certification Authority	`2017-07-24` - `2017-10-22`	3 months	crt.sh

This page contains 2 frames:

Frame: https://fullcortinas.com/wp-includes/images/Office365/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=48&id=3305204192
Frame ID: 22074.1
Requests: 2 HTTP requests in this frame

Frame: https://fullcortinas.com/wp-includes/images/Office365/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=48&id=3305204192
Frame ID: 22097.1
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

7
Requests

71 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

833 kB
Transfer

836 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request 0

https://fullcortinas.com/wp-includes/images/Office365/?email=
https://fullcortinas.com/wp-includes/images/Office365/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=48&id=3305204192

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response www.ethosenerji.com/images/thumbs/	129 B 131 B	228ms 140ms	Document text/html	94.73.147.169 CIZGI
General Check archive.org Show headers Download Go to Full URL http://www.ethosenerji.com/images/thumbs/ Protocol HTTP/1.1 Server 94.73.147.169 , Turkey, ASN34619 (CIZGI, TR), Reverse DNS 94-73-147-169.cizgi.net.tr Software Apache / PHP/5.5.38 Resource Hash `6f4b0b1e8b031d390fb176c30c22a4542b44fcd87a618ad60bd62cbdc272990d` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Thu, 10 Aug 2017 14:58:51 GMT Content-Encoding gzip Server Apache X-Powered-By PHP/5.5.38 Vary Accept-Encoding Content-Type text/html Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 131
GET		Login.php fullcortinas.com/wp-includes/images/Office365/ Redirect Chain https://fullcortinas.com/wp-includes/images/Office365/?email= https://fullcortinas.com/wp-includes/images/Office365/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=48&id=3305204192	0 0

GET S	200	Login.php Show response fullcortinas.com/wp-includes/images/Office365/ Frame 2209	1 KB 689 B	126ms 126ms	Document text/html	208.75.151.48 Cogswell Enterpri...
General Check archive.org Show headers Download Go to Full URL https://fullcortinas.com/wp-includes/images/Office365/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=48&id=3305204192 Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 208.75.151.48 Lansing, United States, ASN19066 (WIREDTREE - Cogswell Enterprises Inc., US), Reverse DNS Software LiteSpeed / PHP/5.6.31 Resource Hash `1262d762816fa7e227c26c34d488d9be1aa772d0c9bdc16e8d2cb4f35d16e3c4` Request headers Upgrade-Insecure-Requests 1 Referer http://www.ethosenerji.com/images/thumbs/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers date Thu, 10 Aug 2017 14:58:55 GMT content-encoding gzip server LiteSpeed x-powered-by PHP/5.6.31 vary Accept-Encoding content-type text/html; charset=UTF-8 status 200 accept-ranges bytes content-length 671
GET S	200	main_css.css fullcortinas.com/wp-includes/images/Office365/images/ Frame 2209	2 KB 358 B	124ms 123ms	Stylesheet text/css	208.75.151.48 Cogswell Enterpri...
General Check archive.org Show headers Download Go to Full URL https://fullcortinas.com/wp-includes/images/Office365/images/main_css.css Requested by Host: fullcortinas.com URL: https://fullcortinas.com/wp-includes/images/Office365/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=48&id=3305204192 Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 208.75.151.48 Lansing, United States, ASN19066 (WIREDTREE - Cogswell Enterprises Inc., US), Reverse DNS Software LiteSpeed / Resource Hash `4dbf2e4f3fa2fd8ac6e90c25c45cd0140f4909a3949311de51cdbebea4e98ef2` Request headers Referer https://fullcortinas.com/wp-includes/images/Office365/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=48&id=3305204192 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers date Thu, 10 Aug 2017 14:58:55 GMT content-encoding gzip last-modified Tue, 08 Aug 2017 13:21:06 GMT server LiteSpeed vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 340 expires Thu, 17 Aug 2017 14:58:55 GMT
GET S	200	index.css fullcortinas.com/wp-includes/images/Office365/images/ Frame 2209	2 KB 454 B	124ms 123ms	Stylesheet text/css	208.75.151.48 Cogswell Enterpri...
General Check archive.org Show headers Download Go to Full URL https://fullcortinas.com/wp-includes/images/Office365/images/index.css Requested by Host: fullcortinas.com URL: https://fullcortinas.com/wp-includes/images/Office365/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=48&id=3305204192 Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 208.75.151.48 Lansing, United States, ASN19066 (WIREDTREE - Cogswell Enterprises Inc., US), Reverse DNS Software LiteSpeed / Resource Hash `432477ad5a346fe74c9e22e6b2da7f7a7c63dfe3b44359ffe47734dc29e81f5c` Request headers Referer https://fullcortinas.com/wp-includes/images/Office365/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=48&id=3305204192 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers date Thu, 10 Aug 2017 14:58:55 GMT content-encoding gzip last-modified Tue, 08 Aug 2017 13:21:06 GMT server LiteSpeed vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 436 expires Thu, 17 Aug 2017 14:58:55 GMT
GET S	200	1.png fullcortinas.com/wp-includes/images/Office365/images/ Frame 2209	804 KB 805 KB	123ms 123ms	Image image/png	208.75.151.48 Cogswell Enterpri...
General Check archive.org Show headers Download Go to Show image Full URL https://fullcortinas.com/wp-includes/images/Office365/images/1.png Requested by Host: fullcortinas.com URL: https://fullcortinas.com/wp-includes/images/Office365/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=48&id=3305204192 Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 208.75.151.48 Lansing, United States, ASN19066 (WIREDTREE - Cogswell Enterprises Inc., US), Reverse DNS Software LiteSpeed / Resource Hash `ba05bef2d7327f4c6daa4bf96117d01c3cec21568a9a9769063c43cb32e97dc6` Request headers Referer https://fullcortinas.com/wp-includes/images/Office365/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=48&id=3305204192 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers date Thu, 10 Aug 2017 14:58:55 GMT last-modified Tue, 08 Aug 2017 13:21:06 GMT server LiteSpeed content-type image/png status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 822800 expires Thu, 17 Aug 2017 14:58:55 GMT
GET S	200	2.jpg fullcortinas.com/wp-includes/images/Office365/images/ Frame 2209	27 KB 27 KB	123ms 123ms	Image image/jpeg	208.75.151.48 Cogswell Enterpri...
General Check archive.org Show headers Download Go to Show image Full URL https://fullcortinas.com/wp-includes/images/Office365/images/2.jpg Requested by Host: fullcortinas.com URL: https://fullcortinas.com/wp-includes/images/Office365/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=48&id=3305204192 Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 208.75.151.48 Lansing, United States, ASN19066 (WIREDTREE - Cogswell Enterprises Inc., US), Reverse DNS Software LiteSpeed / Resource Hash `852edd9ae20bf6cb70153b96301c460c18f8b5545528afda394dd73c6ae34b51` Request headers Referer https://fullcortinas.com/wp-includes/images/Office365/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=48&id=3305204192 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers date Thu, 10 Aug 2017 14:58:55 GMT last-modified Tue, 08 Aug 2017 13:21:06 GMT server LiteSpeed content-type image/jpeg status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 27723 expires Thu, 17 Aug 2017 14:58:55 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fullcortinas.com
URL: https://fullcortinas.com/wp-includes/images/Office365/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=48&id=3305204192

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fullcortinas.com
www.ethosenerji.com
fullcortinas.com
208.75.151.48
94.73.147.169
1262d762816fa7e227c26c34d488d9be1aa772d0c9bdc16e8d2cb4f35d16e3c4
432477ad5a346fe74c9e22e6b2da7f7a7c63dfe3b44359ffe47734dc29e81f5c
4dbf2e4f3fa2fd8ac6e90c25c45cd0140f4909a3949311de51cdbebea4e98ef2
6f4b0b1e8b031d390fb176c30c22a4542b44fcd87a618ad60bd62cbdc272990d
852edd9ae20bf6cb70153b96301c460c18f8b5545528afda394dd73c6ae34b51
ba05bef2d7327f4c6daa4bf96117d01c3cec21568a9a9769063c43cb32e97dc6

www.ethosenerji.com Open in urlscan Pro 94.73.147.169 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

7 Requests

71 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

833 kBTransfer

836 kBSize

0 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

www.ethosenerji.com Open in urlscan Pro
94.73.147.169 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

71 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

833 kB
Transfer

836 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!