wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz
Open in
urlscan Pro
139.59.255.208
Malicious Activity!
Public Scan
Effective URL: https://wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/PS-6140c11ca3218
Submission Tags: falconsandbox
Submission: On September 14 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on September 2nd 2021. Valid for: 3 months.
This is the only time wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.207.148.143 54.207.148.143 | 16509 (AMAZON-02) (AMAZON-02) | |
1 11 | 139.59.255.208 139.59.255.208 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
10 | 1 |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-207-148-143.sa-east-1.compute.amazonaws.com
nt.embluemail.com |
ASN14061 (DIGITALOCEAN-ASN, US)
vulvet.effectivestuffs.com | |
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
cloudns.nz
1 redirects
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz |
158 KB |
1 |
effectivestuffs.com
vulvet.effectivestuffs.com |
23 KB |
1 |
embluemail.com
1 redirects
nt.embluemail.com |
234 B |
10 | 3 |
Domain | Requested by | |
---|---|---|
10 | wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz |
1 redirects
vulvet.effectivestuffs.com
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz |
1 | vulvet.effectivestuffs.com | |
1 | nt.embluemail.com | 1 redirects |
10 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
vulvet.effectivestuffs.com R3 |
2021-09-02 - 2021-12-01 |
3 months | crt.sh |
www.wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz R3 |
2021-09-02 - 2021-12-01 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/PS-6140c11ca3218
Frame ID: 62CEE3F26AA3668B59A99D60F78F34D9
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
44584CD0EFDC4DB460DEE9DF468C3F4B6140C11CD99DFPage URL History Show full URLs
-
https://nt.embluemail.com/p/cl?data=8d9cg%2BSyaNP%2FaRwH0uUoq0p%2FUOMcKb%2FlnNafQmcO2U7h7k790gBhUSpjU2...
HTTP 302
https://vulvet.effectivestuffs.com/bHVjaWxsZS5oYXJiZXJzQGRic2NoZW5rZXIuY29t Page URL
-
https://wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/$&OhBDnbkcPLE9xUQsppK3VlW...
HTTP 302
https://wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/PS-6140c11ca3218 Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://nt.embluemail.com/p/cl?data=8d9cg%2BSyaNP%2FaRwH0uUoq0p%2FUOMcKb%2FlnNafQmcO2U7h7k790gBhUSpjU2Cc5aJ%2BJL%2F8Q9Qe0SwNUiD20GnvLai5u9vMEKGwxhAyvrDtC4s%3D%21-%217j6gn%3A%21-%21https%3A%2F%2Fvulvet.effectivestuffs.com%2FbHVjaWxsZS5oYXJiZXJzQGRic2NoZW5rZXIuY29t
HTTP 302
https://vulvet.effectivestuffs.com/bHVjaWxsZS5oYXJiZXJzQGRic2NoZW5rZXIuY29t Page URL
-
https://wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/$&OhBDnbkcPLE9xUQsppK3VlWyXJK4n21LamwWEn8PVUmtSiXM8i0vzLLWyXH5ItbK5IN2IUHCj5VJ0l9ztqCrEwf7g5mIg8T9PFDTu9G73IzBpdwaqjmwv4YrM18H0DMWdso8zFzTLx6tDUqF7nvSS86n1YL5nSgu6N3m2bt2QGGClwvVMfWeZOmjQIKwEjGiTEbqqMNU?client=bHVjaWxsZS5oYXJiZXJzQGRic2NoZW5rZXIuY29t
HTTP 302
https://wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/PS-6140c11ca3218 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://nt.embluemail.com/p/cl?data=8d9cg%2BSyaNP%2FaRwH0uUoq0p%2FUOMcKb%2FlnNafQmcO2U7h7k790gBhUSpjU2Cc5aJ%2BJL%2F8Q9Qe0SwNUiD20GnvLai5u9vMEKGwxhAyvrDtC4s%3D%21-%217j6gn%3A%21-%21https%3A%2F%2Fvulvet.effectivestuffs.com%2FbHVjaWxsZS5oYXJiZXJzQGRic2NoZW5rZXIuY29t HTTP 302
- https://vulvet.effectivestuffs.com/bHVjaWxsZS5oYXJiZXJzQGRic2NoZW5rZXIuY29t
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
bHVjaWxsZS5oYXJiZXJzQGRic2NoZW5rZXIuY29t
vulvet.effectivestuffs.com/ Redirect Chain
|
23 KB 23 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
PS-6140c11ca3218
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/ Redirect Chain
|
38 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bdcc8bc613dce661d41d44cf0dd8f0549e94f09d444fe
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/APP-FFUZDB/ |
103 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fcd9438dcebd4c4941d656c6fdfe41db40ef0d9844c10
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/o/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ec4cf6d14c4edddd46b5443198f4896f9db001ccd04ef
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/e/ |
513 B 635 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
814450b4b41c4dfd4dc66cf4fd9ddee60943cd9c18e0f
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/jq/ |
84 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
eefbdfd1d36b4e644cdc180019c84df4c064cd99d454f
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/boot/ |
50 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ddf4edec4fb69dc46e6f1b940040389d5fdcd14c48c14
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/jm/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
api-689dbebcdc81444ddc144109c64cf9ed4004f6ffde53d
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/ |
7 KB 7 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
api-dc8f41eb5611d4d0d4b4d493f096c8dc4fe46d9fec0c4
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/JZDbKXAP2RBTUejEYLFYi4LpdK2zvuwgWHqh5W7PPCBTmE6hTd/ |
105 KB 81 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery object| bootstrap string| email string| url function| sleep1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz/ | Name: PHPSESSID Value: qnao9ljlu8ctd1etrd2g77lpum |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
nt.embluemail.com
vulvet.effectivestuffs.com
wecr470d90e2b1ca04d07fe2a5308245c2ec.cloudns.nz
139.59.255.208
54.207.148.143
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0bab69c57154da999fbf60cf3b3ea43f3b793e4a89e1adf73f74942de5a4e669
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
a7057bebfff43e7281ca31da00d40bd88c8d02d1576b9c45891dd56a3853269a
ad73176c68f5ffbccc4a80dd84100aebf642ebb812c2c12ad288effa9b9f611b
e74f7d8eba1dc86a252d7bf16bd1d11cd0f61e2a3701784869626e2d53f5d83d
fb23209dbc5709c625b8103fdbc6914f5cb8df714c88e4dbc99f22cd18ebcde7