wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz
Open in
urlscan Pro
139.59.255.208
Malicious Activity!
Public Scan
Effective URL: https://wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/PS-614091399e18b
Submission: On September 14 via manual from SG — Scanned from DE
Summary
TLS certificate: Issued by R3 on September 2nd 2021. Valid for: 3 months.
This is the only time wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.233.248.0 54.233.248.0 | 16509 (AMAZON-02) (AMAZON-02) | |
1 11 | 139.59.255.208 139.59.255.208 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
10 | 1 |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-233-248-0.sa-east-1.compute.amazonaws.com
nt.embluemail.com |
ASN14061 (DIGITALOCEAN-ASN, US)
vulvet.effectivestuffs.com | |
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
cloudns.nz
1 redirects
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz |
367 KB |
1 |
effectivestuffs.com
vulvet.effectivestuffs.com |
23 KB |
1 |
embluemail.com
1 redirects
nt.embluemail.com |
223 B |
10 | 3 |
Domain | Requested by | |
---|---|---|
10 | wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz |
1 redirects
vulvet.effectivestuffs.com
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz |
1 | vulvet.effectivestuffs.com | |
1 | nt.embluemail.com | 1 redirects |
10 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
vulvet.effectivestuffs.com R3 |
2021-09-02 - 2021-12-01 |
3 months | crt.sh |
www.wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz R3 |
2021-09-02 - 2021-12-01 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/PS-614091399e18b
Frame ID: 9693A91AA31920CD7FE098BBFCBAF91A
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
41C6295C772A406E448A48DC168F994561409139D2D62Page URL History Show full URLs
-
https://nt.embluemail.com/p/cl?data=8d9cg%2BSyaNP%2FaRwH0uUoq0p%2FUOMcKb%2FlnNafQmcO2U7h7k790gBhUSpjU2...
HTTP 302
https://vulvet.effectivestuffs.com/ZGVlcGFrLmt1bWFyMkBzZ3MuY29t Page URL
-
https://wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/$&XrwGc8Z4GmsoX26cbbCUCAw...
HTTP 302
https://wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/PS-614091399e18b Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://nt.embluemail.com/p/cl?data=8d9cg%2BSyaNP%2FaRwH0uUoq0p%2FUOMcKb%2FlnNafQmcO2U7h7k790gBhUSpjU2Cc5aJ%2BJL%2F8Q9Qe0SwNUiD20GnvLai5u9vMEKGwxhAyvrDtC4s%3D%21-%217j6gn%3A%21-%21https%3A%2F%2Fvulvet.effectivestuffs.com%2FZGVlcGFrLmt1bWFyMkBzZ3MuY29t
HTTP 302
https://vulvet.effectivestuffs.com/ZGVlcGFrLmt1bWFyMkBzZ3MuY29t Page URL
-
https://wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/$&XrwGc8Z4GmsoX26cbbCUCAwUfMQyBTWrBEBBcoGgW9ocmOxxdDkyOU4LkMJ1jU7jQDNjPk8ADTcLNz5IIOVuqowrUi2GvMEXpItCmUcowDSlHyoekFufT9Xuoh4bqRZUZdGeRHxMLJklZmFDds162N9nYKbxmojdNaRHKG86qBMjuQ3y3bDZ7crT3SqHaNXFboKodrKN?client=ZGVlcGFrLmt1bWFyMkBzZ3MuY29t
HTTP 302
https://wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/PS-614091399e18b Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://nt.embluemail.com/p/cl?data=8d9cg%2BSyaNP%2FaRwH0uUoq0p%2FUOMcKb%2FlnNafQmcO2U7h7k790gBhUSpjU2Cc5aJ%2BJL%2F8Q9Qe0SwNUiD20GnvLai5u9vMEKGwxhAyvrDtC4s%3D%21-%217j6gn%3A%21-%21https%3A%2F%2Fvulvet.effectivestuffs.com%2FZGVlcGFrLmt1bWFyMkBzZ3MuY29t HTTP 302
- https://vulvet.effectivestuffs.com/ZGVlcGFrLmt1bWFyMkBzZ3MuY29t
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
ZGVlcGFrLmt1bWFyMkBzZ3MuY29t
vulvet.effectivestuffs.com/ Redirect Chain
|
23 KB 23 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
PS-614091399e18b
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/ Redirect Chain
|
37 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3f1546ea28769a944c84d52024620179dd164c8c99416
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/APP-T3ZVOR/ |
103 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
56d12944782235c4e91c097a91d82864c661f4d0a6944
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/o/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
461147e6c46285082c1d19346a746944c829ad9290d5f
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/e/ |
513 B 635 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dc26f64568e0a769919d12248d58441449a2431c9067c
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/jq/ |
84 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
44e4acd0d1995604842719f166826297641adc23958c4
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/boot/ |
50 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
249816cddc4296298e3594ada471056618471496f40c2
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/jm/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
api-3e882104229f844cd4d59596672ca10446949dc61761a
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/ |
8 KB 7 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
api-a089cca6e31d62429128d441d5f908974562469c67441
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/ |
299 KB 290 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery object| bootstrap string| email string| url function| sleep1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/ | Name: PHPSESSID Value: ehk27q9kurhn5t6871oime6vcj |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
nt.embluemail.com
vulvet.effectivestuffs.com
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz
139.59.255.208
54.233.248.0
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
23833ebdc0e989aec847a2a01f79115c3b264f2aedc32dc64358eff6f907cef1
345f500582fb5cfc20df5426c6b54bb0bcaa62eb0249a4a661dc9716a9edc006
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
a7057bebfff43e7281ca31da00d40bd88c8d02d1576b9c45891dd56a3853269a
ceccdbf7b12e3a55b3540ad4f243f65cdd24d4c8b078570a8b5a08d6386eb484
fb23209dbc5709c625b8103fdbc6914f5cb8df714c88e4dbc99f22cd18ebcde7