calzados32.webcindario.com Open in urlscan Pro
5.57.226.202 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://calzados32.webcindario.com/app/facebook.com/?lang=de&key=w20P9efQ7iL49PFyZn0JJDMAgyLJZZTaUSnm7ZfME4WAJWk9N1ZFtekOiL2yIORsT6...
Submission: On February 09 via automatic, source phishtank (February 9th 2017, 1:05:51 am UTC)

Summary HTTP 52 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 21 IPs in 6 countries across 17 domains to perform 52 HTTP transactions. The main IP is 5.57.226.202, located in Madrid, Spain and belongs to SERVIHOSTING-AS AireNetworks - StackScale, ES. The main domain is calzados32.webcindario.com.

This is the only time calzados32.webcindario.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
23	5.57.226.202 5.57.226.202	29119 (SERVIHOST...) (SERVIHOSTING-AS AireNetworks - StackScale)
1	2a00:1450:400... 2a00:1450:400e:805::2008	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	2a00:1450:400... 2a00:1450:400e:805::200a	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	2400:cb00:204... 2400:cb00:2048:1::6819:ce08	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
1	2600:9000:201... 2600:9000:2019:bc00:18:2c76:d40:21	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2600:9000:201... 2600:9000:2019:a200:13:3582:d580:21	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:400e:805::200e	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	2a03:2880:f01... 2a03:2880:f01c:6:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	46.105.201.240 46.105.201.240	16276 (OVH ) (OVH )
1	2a00:1450:401... 2a00:1450:4013:c04::9a	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	184.173.167.98 184.173.167.98	36351 (SOFTLAYER) (SOFTLAYER - SoftLayer Technologies Inc.)
1	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	107.182.231.45 107.182.231.45	32780 (HOSTINGSE...) (HOSTINGSERVICES-INC - Hosting Services)
2	52.200.93.218 52.200.93.218	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	54.165.244.197 54.165.244.197	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
6	52.28.14.242 52.28.14.242	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	52.85.107.206 52.85.107.206	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	52.18.151.138 52.18.151.138	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	169.47.30.64 169.47.30.64	36351 (SOFTLAYER) (SOFTLAYER - SoftLayer Technologies Inc.)
1	54.192.11.178 54.192.11.178	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
52	21

23 5.57.226.202 (Madrid, Spain)

ASN29119 (SERVIHOSTING-AS AireNetworks - StackScale, ES)

calzados32.webcindario.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:805::2008 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:805::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6819:ce08 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

hosting.miarroba.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2019:bc00:18:2c76:d40:21 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

d5em5plenp2k5.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2019:a200:13:3582:d580:21 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

d3qyjzkrkuj7me.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:805::200e (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:6:face:b00c:0:1 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.201.240 (France)

ASN16276 (OVH , FR)

s10.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4013:c04::9a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.173.167.98 (Chantilly, United States)

ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: 62.a7.adb8.ip4.static.sl-reverse.com

s4.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8083:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.182.231.45 (New York, United States)

ASN32780 (HOSTINGSERVICES-INC - Hosting Services, Inc., US)
PTR: 6bb6e72d.setaptr.net

e.dtscout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.200.93.218 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-200-93-218.compute-1.amazonaws.com

educing.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.165.244.197 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-165-244-197.compute-1.amazonaws.com

educing.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.28.14.242 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-28-14-242.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.107.206 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-107-206.jax1.r.cloudfront.net

n-cdn.areyouahuman.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.18.151.138 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-18-151-138.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.47.30.64 (Netherlands)

ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: 40.1e.2fa9.ip4.static.sl-reverse.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.11.178 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-192-11-178.lhr3.r.cloudfront.net

onderlea.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	webcindario.com calzados32.webcindario.com	51 KB
6	eyeota.net ps.eyeota.net	1 KB
4	educing.info educing.info	140 B
3	cloudfront.net d5em5plenp2k5.cloudfront.net d3qyjzkrkuj7me.cloudfront.net	71 KB
2	histats.com s10.histats.com s4.histats.com	4 KB
1	onderlea.info onderlea.info	15 B
1	bluekai.com tags.bluekai.com	62 B
1	crwdcntrl.net bcp.crwdcntrl.net	49 B
1	areyouahuman.com n-cdn.areyouahuman.com	45 KB
1	dtscout.com e.dtscout.com	2 KB
1	facebook.com www.facebook.com staticxx.facebook.com Failed	66 B
1	doubleclick.net stats.g.doubleclick.net	44 B
1	facebook.net connect.facebook.net	60 KB
1	google-analytics.com www.google-analytics.com	11 KB
1	miarroba.info hosting.miarroba.info
1	googleapis.com ajax.googleapis.com	33 KB
1	googletagmanager.com www.googletagmanager.com	16 KB
52	17

	Domain	Requested by
23	calzados32.webcindario.com	calzados32.webcindario.com
6	ps.eyeota.net	calzados32.webcindario.com
4	educing.info	calzados32.webcindario.com
2	d3qyjzkrkuj7me.cloudfront.net	calzados32.webcindario.com d3qyjzkrkuj7me.cloudfront.net
1	onderlea.info	d5em5plenp2k5.cloudfront.net
1	tags.bluekai.com	calzados32.webcindario.com
1	bcp.crwdcntrl.net	calzados32.webcindario.com
1	n-cdn.areyouahuman.com	e.dtscout.com
1	e.dtscout.com	s4.histats.com
1	www.facebook.com	calzados32.webcindario.com
1	s4.histats.com	s10.histats.com
1	stats.g.doubleclick.net	calzados32.webcindario.com
1	s10.histats.com	calzados32.webcindario.com
1	connect.facebook.net	calzados32.webcindario.com
1	www.google-analytics.com	calzados32.webcindario.com
1	d5em5plenp2k5.cloudfront.net	calzados32.webcindario.com
1	hosting.miarroba.info	calzados32.webcindario.com
1	ajax.googleapis.com	calzados32.webcindario.com
1	www.googletagmanager.com	calzados32.webcindario.com
0	staticxx.facebook.com Failed	connect.facebook.net
52	20

This site contains links to these domains. Also see Links.

Domain
m.wefwfwefwf.com
m.facebook.com
www.histats.com

Subject Issuer	Validity	Valid
*.google-analytics.com Google Internet Authority G2	`2017-01-25` - `2017-04-19`	3 months	crt.sh
*.googleapis.com Google Internet Authority G2	`2017-01-25` - `2017-04-19`	3 months	crt.sh
*.g.doubleclick.net Google Internet Authority G2	`2017-01-25` - `2017-04-19`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2016-12-09` - `2018-01-25`	a year	crt.sh
*.areyouahuman.com Starfield Secure Certificate Authority - G2	`2016-05-31` - `2019-06-04`	3 years	crt.sh

This page contains 3 frames:

Primary Page: http://calzados32.webcindario.com/app/facebook.com/?lang=de&key=w20P9efQ7iL49PFyZn0JJDMAgyLJZZTaUSnm7ZfME4WAJWk9N1ZFtekOiL2yIORsT6YTRyECerGtBdf7LVNP6gkaGQulYRBZniSjLOcUuDFOksMtD9EQVMzyzl2HNRoueXQp7RAOIWUHl5oDlgBrzTYS32tnbPzvbvsJbFw6HlfDmyoe1JzPbFi4lVLG6uStT85Ri6d3
Frame ID: 13855.1
Requests: 50 HTTP requests in this frame

Frame: http://staticxx.facebook.com/connect/xd_arbiter/r/0eWevUAMuoH.js?version=42
Frame ID: 13855.2
Requests: 1 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter/r/0eWevUAMuoH.js?version=42
Frame ID: 13855.3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

52
Requests

12 %
HTTPS

45 %
IPv6

17
Domains

20
Subdomains

21
IPs

6
Countries

296 kB
Transfer

905 kB
Size

13
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://m.wefwfwefwf.com/login/?refid=8
Title: wefwfwefwf

Search URL Search Domain Scan URL

URL: https://m.facebook.com/click.php?redir_url=http%3A%2F%2Fitunes.apple.com%2Fapp%2Ffacebook%2Fid284882215&app_id=6628568379&cref=mb&no_fw=1&refid=8
Title: Facebook Video Anwendung (Free).

Search URL Search Domain Scan URL

URL: https://m.wefwfwefwf.com/r.php?loc=bottom&refid=8
Title: Create New Account

Search URL Search Domain Scan URL

URL: https://m.wefwfwefwf.com/recover/initiate/?c=https%3A%2F%2Fm.wefwfwefwf.com%2F&refid=8
Title: Forgot Password?

Search URL Search Domain Scan URL

URL: https://m.wefwfwefwf.com/help/?refid=8
Title: Help Center

Search URL Search Domain Scan URL

URL: https://m.wefwfwefwf.com/a/language.php?l=es_ES&lref=https%3A%2F%2Fm.wefwfwefwf.com%2F&index=1&gfid=AQClp5qkpKQ61hb1&refid=8
Title: Espanol (Espana)

Search URL Search Domain Scan URL

URL: https://m.wefwfwefwf.com/a/language.php?l=fr_FR&lref=https%3A%2F%2Fm.wefwfwefwf.com%2F&index=2&gfid=AQAXBX9wgTwO1uy0&refid=8
Title: Francais (France)

Search URL Search Domain Scan URL

URL: https://m.wefwfwefwf.com/language.php?n=https%3A%2F%2Fm.wefwfwefwf.com%2F&refid=8
Title: MoreâŠ

Search URL Search Domain Scan URL

URL: https://m.wefwfwefwf.com/
Title: Ã

Search URL Search Domain Scan URL

URL: https://m.wefwfwefwf.com/graphsearch/str//keywords_top?source=typeahead

Search URL Search Domain Scan URL

URL: http://www.histats.com/
Title: try {Histats.start(1,3205176,4,0,0,0,""); Histats.track_hits();} catch(err){};

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request 26

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

Request 29

https://www.google-analytics.com/r/collect?v=1&_v=j47&a=105330938&t=pageview&_s=1&dl=http%3A%2F%2Fcalzados32.webcindario.com%2Fapp%2Ffacebook.com%2F%3Flang%3Dde%26key%3Dw20P9efQ7iL49PFyZn0JJDMAgyLJ...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-597118-7&cid=147681740.1486602344&jid=912931951&_v=j47&z=1110500591

Request 38

http://ps.eyeota.net/pixel?pid=ml62m40&t=ajs&uid=2DE7B66B68C09B58E56262720282DF41
http://ps.eyeota.net/pixel/bounce/?pid=ml62m40&t=ajs&uid=2DE7B66B68C09B58E56262720282DF41

Request 40

http://bcp.crwdcntrl.net/map/c=3825/tp=DTSC/tpid=2DE7B66B68C09B58E56262720282DF41
http://bcp.crwdcntrl.net/map/ct=y/c=3825/tp=DTSC/tpid=2DE7B66B68C09B58E56262720282DF41

Request 41

http://tags.bluekai.com/site/27675?id=2DE7B66B68C09B58E56262720282DF41&ret=html&phint=__bk_t%3DFacebook-Anwendung&phint=__bk_l%3Dhttp%3A%2F%2Fcalzados32.webcindario.com%2Fapp%2Ffacebook.com%2F%3Fla...
http://tags.bluekai.com/site/27675?dt=0&r=1380011906&sig=2983048350&bkca=KJhBMWrwQM99CcXBl+j9Qx/ce0ODJuCw5KPiKOELDQgOLQHIdUnyL1kA1o7813Ez95FHn9Q+3m2ayNJNHTD99Qt/x9ztD3EBQw7rhPrbbPIWX5lpZE5wnLQt0Q3z...

Request 42

http://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm=&google_sc=&bid=gdo9o51&newuser=1&google_tc=
http://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESEI5rqiyGfH3Xb05EFjhAa04&google_cver=1

Request 43

http://ib.adnxs.com/bounce?%2Fgetuid%3Fhttp%253A%252F%252Fps.eyeota.net%252Fmatch%253Fuid%253D%2524UID%2526bid%253D2cr76e1
http://ps.eyeota.net/match?uid=8811688096493549532&bid=2cr76e1

Request 44

http://match.adsrvr.org/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1
http://ps.eyeota.net/match?uid=9c0da597-25a4-414f-824e-104fb1c239a9&bid=1e2n4ou

Request 45

http://rtd.tubemogul.com/upi/pid/lons7jax?puid=15a20679740-58db0000010f7c29&redir=http%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24%7BTM_USER_ID%7D%26bid%3D0rijhbu
http://ps.eyeota.net/match?uid=-4720474272971482513&bid=0rijhbu

Request 46

http://dmp.adform.net/serving/cookie/match/?CC=1&party=1009
http://ps.eyeota.net/match?uid=7667336734406260701&bid=9gdtmu1

52 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set / Show response
calzados32.webcindario.com/app/facebook.com/ 29 KB
9 KB 80ms
43ms Document
text/html 5.57.226.202
StackScale

General

Domain/Path	Expires	Name / Value
calzados32.webcindario.com/app/facebook.com	1970-01-01 00:00:00	Name: wd Value: 1600x1200
.calzados32.webcindario.com/	2019-02-09 01:05:43	Name: _ga Value: GA1.3.147681740.1486602344
calzados32.webcindario.com/	2018-02-09 01:05:43	Name: HstCns3205176 Value: 1
.webcindario.com/	2038-01-19 03:14:11	Name: __muid Value: e2fb517f5207be8903aca83e163ac12a41593c88
.calzados32.webcindario.com/	2017-02-09 01:15:43	Name: _gat_UA-597118-7 Value: 1
calzados32.webcindario.com/	2018-02-09 01:05:43	Name: HstCla3205176 Value: 1486602343729
calzados32.webcindario.com/	2018-02-09 01:05:43	Name: HstCnv3205176 Value: 1
calzados32.webcindario.com/	2018-02-09 01:05:43	Name: HstCfa3205176 Value: 1486602343729
calzados32.webcindario.com/app/facebook.com	1970-01-01 00:00:00	Name: m_pixel_ratio Value: 1
calzados32.webcindario.com/	2018-02-09 01:05:43	Name: HstPt3205176 Value: 1
calzados32.webcindario.com/	2018-02-09 01:05:43	Name: HstCmu3205176 Value: 1486602343729
calzados32.webcindario.com/	1970-01-01 00:00:00	Name: PHPSESSID Value: 21592c5e216508c9b6460f51df050814
calzados32.webcindario.com/	2018-02-09 01:05:43	Name: HstPn3205176 Value: 1

calzados32.webcindario.com Open in urlscan Pro 5.57.226.202 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

52 Requests

12 %HTTPS

45 %IPv6

17 Domains

20 Subdomains

21 IPs

6 Countries

296 kBTransfer

905 kBSize

13 Cookies

11 Outgoing links

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

calzados32.webcindario.com Open in urlscan Pro
5.57.226.202 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

12 %
HTTPS

45 %
IPv6

17
Domains

20
Subdomains

21
IPs

6
Countries

296 kB
Transfer

905 kB
Size

13
Cookies

52 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!