cp-wc90.per01.ds.network
Open in
urlscan Pro
2404:8280:a111:101::46
Malicious Activity!
Public Scan
Effective URL: https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/
Submission: On July 23 via manual from IL
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 23rd 2019. Valid for: a year.
This is the only time cp-wc90.per01.ds.network was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 3 | 108.167.181.161 108.167.181.161 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
2 3 | 66.186.19.4 66.186.19.4 | 7296 (ALCHEMYNET) (ALCHEMYNET - Alchemy Communications) | |
4 8 | 2404:8280:a11... 2404:8280:a111:101::46 | 38719 (DREAMSCAP...) (DREAMSCAPE-AS-AP Dreamscape Networks Limited) | |
12 | 4 |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
enora.fund |
ASN7296 (ALCHEMYNET - Alchemy Communications, Inc., US)
bioselectaint.com |
ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)
cp-wc90.per01.ds.network |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
ds.network
4 redirects
cp-wc90.per01.ds.network |
33 KB |
3 |
bioselectaint.com
2 redirects
bioselectaint.com |
958 B |
3 |
enora.fund
2 redirects
enora.fund |
848 B |
12 | 3 |
Domain | Requested by | |
---|---|---|
8 | cp-wc90.per01.ds.network |
4 redirects
cp-wc90.per01.ds.network
|
3 | bioselectaint.com | 2 redirects |
3 | enora.fund | 2 redirects |
12 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.per01.ds.network Sectigo RSA Domain Validation Secure Server CA |
2019-04-23 - 2020-04-22 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/
Frame ID: 415BD6BC57F9133BA47A52BABBFF94E7
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://enora.fund/
HTTP 302
http://enora.fund/0692f556548996da5772edc80a2dfb73 HTTP 301
http://enora.fund/0692f556548996da5772edc80a2dfb73/ Page URL
-
http://bioselectaint.com/revolution/lnc/
HTTP 302
http://bioselectaint.com/revolution/lnc/7fd62ba77fabbe4509a4b2bc179108d4 HTTP 301
http://bioselectaint.com/revolution/lnc/7fd62ba77fabbe4509a4b2bc179108d4/ Page URL
-
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/
HTTP 302
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef HTTP 301
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/ HTTP 302
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69... HTTP 301
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://enora.fund/
HTTP 302
http://enora.fund/0692f556548996da5772edc80a2dfb73 HTTP 301
http://enora.fund/0692f556548996da5772edc80a2dfb73/ Page URL
-
http://bioselectaint.com/revolution/lnc/
HTTP 302
http://bioselectaint.com/revolution/lnc/7fd62ba77fabbe4509a4b2bc179108d4 HTTP 301
http://bioselectaint.com/revolution/lnc/7fd62ba77fabbe4509a4b2bc179108d4/ Page URL
-
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/
HTTP 302
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef HTTP 301
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/ HTTP 302
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702 HTTP 301
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://enora.fund/ HTTP 302
- http://enora.fund/0692f556548996da5772edc80a2dfb73 HTTP 301
- http://enora.fund/0692f556548996da5772edc80a2dfb73/
- http://bioselectaint.com/revolution/lnc/ HTTP 302
- http://bioselectaint.com/revolution/lnc/7fd62ba77fabbe4509a4b2bc179108d4 HTTP 301
- http://bioselectaint.com/revolution/lnc/7fd62ba77fabbe4509a4b2bc179108d4/
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
enora.fund/0692f556548996da5772edc80a2dfb73/ Redirect Chain
|
84 B 321 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
bioselectaint.com/revolution/lnc/7fd62ba77fabbe4509a4b2bc179108d4/ Redirect Chain
|
106 B 375 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
/
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/ Redirect Chain
|
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/css/ |
7 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon.ico
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/ |
17 KB 17 KB |
Stylesheet
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/js/ |
5 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
background-medium.jpg
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
logo.png
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
check.png
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
fb.png
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
globe.png
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
down.png
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cp-wc90.per01.ds.network
- URL
- https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/background-medium.jpg
- Domain
- cp-wc90.per01.ds.network
- URL
- https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/logo.png
- Domain
- cp-wc90.per01.ds.network
- URL
- https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/check.png?s
- Domain
- cp-wc90.per01.ds.network
- URL
- https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/fb.png
- Domain
- cp-wc90.per01.ds.network
- URL
- https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/globe.png?s
- Domain
- cp-wc90.per01.ds.network
- URL
- https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/down.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bioselectaint.com
cp-wc90.per01.ds.network
enora.fund
cp-wc90.per01.ds.network
108.167.181.161
2404:8280:a111:101::46
66.186.19.4
49ecd3152c0f0464b5f7b0adce0cd32635577f0c260470f21277f7d0fcb6198e
b60c0b97a53d4f781c853a6bdc687069dbffd966d40b7107bc7bdcf88c4a6eff
c69a818f75b13a1a14452fea83d4c25b1e8606ea34095b32dabdfa0dce255eae
c8d904d2bb3904ebc2e3e6dfe37872553e2b5b41642111b9c97906b0c8b82386
e0c09760fd0d9ca8c45a7e2e348fe5cf61a1c18dea59e49366e1c22971e7ff8c
f940ec3ed8c80227019e6a43361a8963e8c398f57ea5f4e8e238c21bf42ec319