cp-wc90.per01.ds.network
Open in
urlscan Pro
2404:8280:a111:101::46
Malicious Activity!
Public Scan
Submitted URL: http://enora.fund/
Effective URL: https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/
Submission: On July 23 via manual from IL
Effective URL: https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/
Submission: On July 23 via manual from IL
Summary
This website contacted 4 IPs
in 2 countries
across 3 domains to perform 12 HTTP transactions.
The main IP is 2404:8280:a111:101::46, located in
Australia and
belongs to DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU.
The main domain is cp-wc90.per01.ds.network.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 23rd 2019. Valid for: a year.
This is the only time cp-wc90.per01.ds.network was scanned on urlscan.io!
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 23rd 2019. Valid for: a year.
This is the only time cp-wc90.per01.ds.network was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 3 | 108.167.181.161 108.167.181.161 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
| 2 3 | 66.186.19.4 66.186.19.4 | 7296 (ALCHEMYNET) (ALCHEMYNET - Alchemy Communications) | |
| 4 8 | 2404:8280:a11... 2404:8280:a111:101::46 | 38719 (DREAMSCAP...) (DREAMSCAPE-AS-AP Dreamscape Networks Limited) | |
| 12 | 4 |
3
108.167.181.161
(Houston, United States)
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
| enora.fund |
3
66.186.19.4
(United States)
ASN7296 (ALCHEMYNET - Alchemy Communications, Inc., US)
ASN7296 (ALCHEMYNET - Alchemy Communications, Inc., US)
| bioselectaint.com |
8
2404:8280:a111:101::46
(Australia)
ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)
ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)
| cp-wc90.per01.ds.network |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 8 |
ds.network
4 redirects
cp-wc90.per01.ds.network |
33 KB |
| 3 |
bioselectaint.com
2 redirects
bioselectaint.com |
958 B |
| 3 |
enora.fund
2 redirects
enora.fund |
848 B |
| 12 | 3 |
| Domain | Requested by | |
|---|---|---|
| 8 | cp-wc90.per01.ds.network |
4 redirects
cp-wc90.per01.ds.network
|
| 3 | bioselectaint.com | 2 redirects |
| 3 | enora.fund | 2 redirects |
| 12 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.per01.ds.network Sectigo RSA Domain Validation Secure Server CA |
2019-04-23 - 2020-04-22 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/
Frame ID: 415BD6BC57F9133BA47A52BABBFF94E7
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://enora.fund/
HTTP 302
http://enora.fund/0692f556548996da5772edc80a2dfb73 HTTP 301
http://enora.fund/0692f556548996da5772edc80a2dfb73/ Page URL
-
http://bioselectaint.com/revolution/lnc/
HTTP 302
http://bioselectaint.com/revolution/lnc/7fd62ba77fabbe4509a4b2bc179108d4 HTTP 301
http://bioselectaint.com/revolution/lnc/7fd62ba77fabbe4509a4b2bc179108d4/ Page URL
-
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/
HTTP 302
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef HTTP 301
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/ HTTP 302
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69... HTTP 301
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69... Page URL
Detected technologies
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://enora.fund/
HTTP 302
http://enora.fund/0692f556548996da5772edc80a2dfb73 HTTP 301
http://enora.fund/0692f556548996da5772edc80a2dfb73/ Page URL
-
http://bioselectaint.com/revolution/lnc/
HTTP 302
http://bioselectaint.com/revolution/lnc/7fd62ba77fabbe4509a4b2bc179108d4 HTTP 301
http://bioselectaint.com/revolution/lnc/7fd62ba77fabbe4509a4b2bc179108d4/ Page URL
-
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/
HTTP 302
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef HTTP 301
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/ HTTP 302
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702 HTTP 301
https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://enora.fund/ HTTP 302
- http://enora.fund/0692f556548996da5772edc80a2dfb73 HTTP 301
- http://enora.fund/0692f556548996da5772edc80a2dfb73/
- http://bioselectaint.com/revolution/lnc/ HTTP 302
- http://bioselectaint.com/revolution/lnc/7fd62ba77fabbe4509a4b2bc179108d4 HTTP 301
- http://bioselectaint.com/revolution/lnc/7fd62ba77fabbe4509a4b2bc179108d4/
12 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
enora.fund/0692f556548996da5772edc80a2dfb73/ Redirect Chain
|
84 B 321 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
bioselectaint.com/revolution/lnc/7fd62ba77fabbe4509a4b2bc179108d4/ Redirect Chain
|
106 B 375 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
 Cookie set
/
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/ Redirect Chain
|
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.css
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/css/ |
7 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
icon.ico
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/ |
17 KB 17 KB |
Stylesheet
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.js
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/js/ |
5 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
background-medium.jpg
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
logo.png
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
check.png
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
fb.png
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
globe.png
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
down.png
cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cp-wc90.per01.ds.network
- URL
- https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/background-medium.jpg
- Domain
- cp-wc90.per01.ds.network
- URL
- https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/logo.png
- Domain
- cp-wc90.per01.ds.network
- URL
- https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/check.png?s
- Domain
- cp-wc90.per01.ds.network
- URL
- https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/fb.png
- Domain
- cp-wc90.per01.ds.network
- URL
- https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/globe.png?s
- Domain
- cp-wc90.per01.ds.network
- URL
- https://cp-wc90.per01.ds.network/~thesafe1/lnc/Browse/Sign-in/be15a88fe0c2a3cf6f1f5f26717bf9ef/dccab9bd9e0b69c49302025efdf19702/assets/img/down.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bioselectaint.com
cp-wc90.per01.ds.network
enora.fund
cp-wc90.per01.ds.network
108.167.181.161
2404:8280:a111:101::46
66.186.19.4
49ecd3152c0f0464b5f7b0adce0cd32635577f0c260470f21277f7d0fcb6198e
b60c0b97a53d4f781c853a6bdc687069dbffd966d40b7107bc7bdcf88c4a6eff
c69a818f75b13a1a14452fea83d4c25b1e8606ea34095b32dabdfa0dce255eae
c8d904d2bb3904ebc2e3e6dfe37872553e2b5b41642111b9c97906b0c8b82386
e0c09760fd0d9ca8c45a7e2e348fe5cf61a1c18dea59e49366e1c22971e7ff8c
f940ec3ed8c80227019e6a43361a8963e8c398f57ea5f4e8e238c21bf42ec319