![](/screenshots/de49c138-ddf9-436c-939f-5d78d849eeda.png)
holdmembershipntfx.aulaseidec.com
Open in
urlscan Pro
142.44.230.78
Malicious Activity!
Public Scan
Submission: On January 11 via api from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 30th 2020. Valid for: 3 months.
This is the only time holdmembershipntfx.aulaseidec.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 142.44.230.78 142.44.230.78 | 16276 (OVH) (OVH) | |
11 | 1 |
ASN16276 (OVH, FR)
PTR: us01.server.plus
holdmembershipntfx.aulaseidec.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
aulaseidec.com
holdmembershipntfx.aulaseidec.com |
50 KB |
11 | 1 |
Domain | Requested by | |
---|---|---|
11 | holdmembershipntfx.aulaseidec.com |
holdmembershipntfx.aulaseidec.com
|
11 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
holdmembershipntfx.aulaseidec.com cPanel, Inc. Certification Authority |
2020-12-30 - 2021-03-30 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://holdmembershipntfx.aulaseidec.com/
Frame ID: FE045F4EE4267BB371AF328FD4AA2E7C
Requests: 11 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
holdmembershipntfx.aulaseidec.com/ |
762 B 370 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.ffaf2ed2.css
holdmembershipntfx.aulaseidec.com/css/ |
25 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.af6379c6.js
holdmembershipntfx.aulaseidec.com/js/ |
43 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.a5f5a32e.js
holdmembershipntfx.aulaseidec.com/js/ |
97 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get.php
holdmembershipntfx.aulaseidec.com/ |
47 B 213 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-1.svg
holdmembershipntfx.aulaseidec.com/ |
1 KB 628 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-2.svg
holdmembershipntfx.aulaseidec.com/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-3.svg
holdmembershipntfx.aulaseidec.com/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get.php
holdmembershipntfx.aulaseidec.com/ |
0 56 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get.php
holdmembershipntfx.aulaseidec.com/ |
0 212 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get.php
holdmembershipntfx.aulaseidec.com/ |
0 212 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| webpackJsonp0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
holdmembershipntfx.aulaseidec.com
142.44.230.78
4d17a6206985b930729533fd8a70b4729311ed9973490a4ebc665bc423989fd0
5069c31661d5f292883bf46fcf480947d2ed3aac5a777afadc3833c5e9861f24
531649053fba37f0653f37fa4a1ed8651c270afaa0aa9daa267200d119c3b8de
68216cfb9dec81a34b3a41754bf01a52d65a74072c59a5dee290c1126898ac03
7601455c0af7c3e0d8e64a288249c254b8fc1b257350613a6cdd1e1aaca9a3e4
9a4620a32974adc5764f26a8070cd432aa32ba8be3167320fd32bcd9cdcaed08
a8ff0eef5f3721c939c5ffadf5a15d78127fb9f80d3a1269e12bb65942571db6
c0a1cdae86fbd11f591df72b77317af6e48fb3e613121df9b0cf023a99386e4d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855