t5.synergeticwave.sc

Summary

This website contacted 2 IPs in 1 countries across 5 domains to perform 3 HTTP transactions. The main IP is 2606:4700:3036::ac43:9b50, located in United States and belongs to CLOUDFLARENET, US. The main domain is t5.synergeticwave.sc.

This is the only time t5.synergeticwave.sc was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
1 1	3.218.80.61 3.218.80.61	14618 (AMAZON-AES) (AMAZON-AES)
1 1	34.233.93.229 34.233.93.229	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2606:4700:303... 2606:4700:3035::6815:1d65	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:303... 2606:4700:3034::ac43:93d0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:303... 2606:4700:3036::ac43:9b50	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2

1 3.218.80.61 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-218-80-61.compute-1.amazonaws.com

cvy18t.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.233.93.229 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-233-93-229.compute-1.amazonaws.com

cvy18t.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:1d65 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

item-shipments.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3034::ac43:93d0 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

web.opensecurelink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3036::ac43:9b50 (United States)

ASN13335 (CLOUDFLARENET, US)

t5.synergeticwave.sc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	synergeticwave.sc t5.synergeticwave.sc	15 KB
2	cvy18t.com 2 redirects cvy18t.com	572 B
1	opensecurelink.com 1 redirects web.opensecurelink.com	2 KB
1	item-shipments.com 1 redirects item-shipments.com	737 B
0	Failed function sub() { [native code] }. Failed
3	5

	Domain	Requested by
2	t5.synergeticwave.sc	t5.synergeticwave.sc
2	cvy18t.com	2 redirects
1	web.opensecurelink.com	1 redirects
1	item-shipments.com	1 redirects
0	127.0.0.1 Failed	t5.synergeticwave.sc
3	5

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Frame: http://127.0.0.1/
Frame ID: BE7D5398E4AB50AA89AA4910CC62D450
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://cvy18t.com/9tue HTTP 301
https://cvy18t.com/9tue HTTP 302
https://item-shipments.com/cvs2.php?a=3664&sub1=Yuniv-071623-515clickers-500kB&sub2=071823&sub3=mms&sub... HTTP 302
https://web.opensecurelink.com/aff_c?offer_id=660&aff_id=3664&aff_click_id=&source=cvs&aff_sub=Yuniv-071623... HTTP 302
http://t5.synergeticwave.sc/aff_c?offer_id=699&aff_id=1615&aff_sub=cvs&aff_sub2=3664&aff_sub3=10214892e6... Page URL

Page Statistics

3
Requests

0 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

2
IPs

1
Countries

15 kB
Transfer

35 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://cvy18t.com/9tue HTTP 301
https://cvy18t.com/9tue HTTP 302
https://item-shipments.com/cvs2.php?a=3664&sub1=Yuniv-071623-515clickers-500kB&sub2=071823&sub3=mms&sub4=orig&sub5=MD HTTP 302
https://web.opensecurelink.com/aff_c?offer_id=660&aff_id=3664&aff_click_id=&source=cvs&aff_sub=Yuniv-071623-515clickers-500kB&aff_sub2=071823&aff_sub3=mms&aff_sub4=orig&aff_sub5=MD HTTP 302
http://t5.synergeticwave.sc/aff_c?offer_id=699&aff_id=1615&aff_sub=cvs&aff_sub2=3664&aff_sub3=10214892e664ff85fb6a184cd01225 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://t5.synergeticwave.sc/aff_c?offer_id=699&aff_id=1615&aff_sub=cvs&aff_sub2=3664&aff_sub3=10214892e664ff85fb6a184cd01225&view=e20514d8945697be13e97c5a7c4d5a0d_0 HTTP 302
http://127.0.0.1/

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request aff_c Show response t5.synergeticwave.sc/ Redirect Chain http://cvy18t.com/9tue https://cvy18t.com/9tue https://item-shipments.com/cvs2.php?a=3664&sub1=Yuniv-071623-515clickers-500kB&sub2=071823&sub3=mms&sub4=orig&sub5=MD https://web.opensecurelink.com/aff_c?offer_id=660&aff_id=3664&aff_click_id=&source=cvs&aff_sub=Yuniv-071623-515clickers-500kB&aff_sub2=071823&aff_sub3=mms&aff_sub4=orig&aff_sub5=MD http://t5.synergeticwave.sc/aff_c?offer_id=699&aff_id=1615&aff_sub=cvs&aff_sub2=3664&aff_sub3=10214892e664ff85fb6a184cd01225	5 KB 2 KB	437ms 278ms	Document text/html	2606:4700:3036::ac43:9b50 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://t5.synergeticwave.sc/aff_c?offer_id=699&aff_id=1615&aff_sub=cvs&aff_sub2=3664&aff_sub3=10214892e664ff85fb6a184cd01225 Protocol HTTP/1.1 Server 2606:4700:3036::ac43:9b50 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `86cf05d546e6604dd5cd5d5d5684fe14f6f9af9f1c56235eddd223941b168f0f` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers CF-Cache-Status DYNAMIC CF-RAY 7ea5824f2a3dbb8c-FRA Connection keep-alive Content-Encoding gzip Content-Type text/html Date Fri, 21 Jul 2023 18:29:22 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fOITNDM840wZ5qxu2a4T6cbgE40rqS4nNnHXRnxFKhPgVCFu7jUa9o2auXJDkgvpnpEvWpVq8pp4nk02224F%2Ff9boB5gD91VshBCzT3j1owJga3SXqaZR7rE7ihQ%2BldE6CfI%2BbuYOFvN9Hdj6MJu087hdQ%3D%3D"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked alt-svc h3=":443"; ma=86400 Redirect headers access-control-allow-headers Tune-SDK-Version access-control-allow-origin * alt-svc h3=":443"; ma=86400 cache-control no-cache, no-store, must-revalidate cf-cache-status DYNAMIC cf-ray 7ea5824daaacbb4d-FRA content-type text/html; charset=iso-8859-1 date Fri, 21 Jul 2023 18:29:22 GMT expires Sat, 26 Jul 1997 05:00:00 GMT location http://t5.synergeticwave.sc/aff_c?offer_id=699&aff_id=1615&aff_sub=cvs&aff_sub2=3664&aff_sub3=10214892e664ff85fb6a184cd01225 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} p3p CP="NOI CUR OUR NOR INT" pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fb16a0Y7FO34KKztNYNyfBrpTwa3xQT47Z%2BAlg%2B4ahwGnG2CBdT6DTB%2Fe6h8C5hrc1%2Bw9CgtnRY8jDIL2EU7Xuw7ctqXA9QvEq6YrgJ6ZY%2Fu5WyllCZh2qGb%2FBwiRrDjZWEbFMgdXTPwmcDAHpjuyys0sOOg"}],"group":"cf-nel","max_age":604800} server cloudflare tracking_id 10214892e664ff85fb6a184cd01225 x-request-id e4c88807bcf799fe7a0b57e8f23dcaec x-robots-tag noindex, nofollow
GET H/1.1	200 OK	ads.js Show response t5.synergeticwave.sc/js/	31 KB 13 KB	20ms 20ms	Script application/javascript	2606:4700:3036::ac43:9b50 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://t5.synergeticwave.sc/js/ads.js Requested by Host: t5.synergeticwave.sc URL: http://t5.synergeticwave.sc/aff_c?offer_id=699&aff_id=1615&aff_sub=cvs&aff_sub2=3664&aff_sub3=10214892e664ff85fb6a184cd01225 Protocol HTTP/1.1 Server 2606:4700:3036::ac43:9b50 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d88c72596233ee490491b90016b2949657136d29762153ea2284ac1926adf3a5` Request headers accept-language de-DE,de;q=0.9 Referer http://t5.synergeticwave.sc/aff_c?offer_id=699&aff_id=1615&aff_sub=cvs&aff_sub2=3664&aff_sub3=10214892e664ff85fb6a184cd01225 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36 Response headers Date Fri, 21 Jul 2023 18:29:22 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Thu, 05 May 2022 12:29:38 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Age 6620 Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cx%2BvvFcOixli06h1S28unAydnTEns9%2FfUR314qmHbhdZD9fMuHNM8fYiYajcI6XdoP7DJzbyg%2B1nxAbxOBQh5SCBhNTFeeA0Ro4RnOanZV9SQCtb9HdVqTWS%2FeAnLcy1kvcotlmMPmLKhkNqZTCXFTON6Q%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type application/javascript Vary Accept-Encoding Cache-Control max-age=14400 Connection keep-alive CF-RAY 7ea58250eca3bb8c-FRA alt-svc h3=":443"; ma=86400
GET		/ 127.0.0.1/ Redirect Chain https://t5.synergeticwave.sc/aff_c?offer_id=699&aff_id=1615&aff_sub=cvs&aff_sub2=3664&aff_sub3=10214892e664ff85fb6a184cd01225&view=e20514d8945697be13e97c5a7c4d5a0d_0 http://127.0.0.1/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 127.0.0.1
URL: http://127.0.0.1/

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on July 21st 2023, 6:32:27 pm UTC — From United States

Threats: Brand Impersonation
Comment: Scam site that knows your name and CVS reward

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
item-shipments.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 4un62kk37vmhnfj1lvotueimgn
web.opensecurelink.com/	1970-01-20 14:10:42	Name: enc_aff_session_660 Value: ENC0343d60098e6284ae9f4cc4e2274342774a8a1684f73d2a404bc479a9ad8495cfd596a79a9718a3ea89293989640207ba34b5c8b0d65382705b16c3d4dfcfa896599e6a0b47e3b4889903c2c21d30ae3d9dddeb9ca719570b0f5db1eeace24672c5a3d83a66421fdc59e62e4098d895615969c10ad74c8f634e6ca6829b02682bbb34e8daff4e5f3559df7f8929c01c9a68574058b187dbcbceb0d35361156067e17d429c5
web.opensecurelink.com/	1970-01-20 23:02:04	Name: ho_mob Value: eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMTUiLCJtb2JpbGVfY2FycmllciI6Ij8iLCJ1c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IFg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgTGlrZSBHZWNrbykgQ2hyb21lLzExNS4wLjU3OTAuOTggU2FmYXJpLzUzNy4zNiIsImFjY2VwdF9sYW5ndWFnZSI6ImRlLURFLGRlO3E9MC45IiwiY29ubmVjdGlvbl9zcGVlZCI6ImJyb2FkYmFuZCJ9
t5.synergeticwave.sc/	1969-12-31 23:59:59	Name: C Value: c147439d3b4a3bf9ed7d72766cbf0dcd
t5.synergeticwave.sc/	1970-01-20 13:27:30	Name: fb4db4f3-1c71-42a1-bb71-adbc8027e014-v4 Value: 4t1D6NSAJ94T9MzL7VLbhNt4gKTSuLDClihD8nKe_do
t5.synergeticwave.sc/	1970-01-20 22:11:40	Name: cc-v4 Value: CPiaRtCN%2ByPEtjJT0xyN890r0wPMR6tDuHA%2BIPXKQkVGckOoxec0%2BcO4U0bi275a0NLCEvTvKUZF4UFHJ3YQQ4lmbvU1458MiV%2FELFLDGD8o0IvGOPxnTjgYtJ%2F%2Bnat2wKC%2BvH54dqmk%2Fqm1MHOowg%3D%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

127.0.0.1
cvy18t.com
item-shipments.com
t5.synergeticwave.sc
web.opensecurelink.com
127.0.0.1
2606:4700:3034::ac43:93d0
2606:4700:3035::6815:1d65
2606:4700:3036::ac43:9b50
3.218.80.61
34.233.93.229
86cf05d546e6604dd5cd5d5d5684fe14f6f9af9f1c56235eddd223941b168f0f
d88c72596233ee490491b90016b2949657136d29762153ea2284ac1926adf3a5

t5.synergeticwave.sc Open in urlscan Pro 2606:4700:3036::ac43:9b50 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

3 Requests

0 %HTTPS

60 %IPv6

5 Domains

5 Subdomains

2 IPs

1 Countries

15 kBTransfer

35 kBSize

6 Cookies

0 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Malicious page.url Submitted on July 21st 2023, 6:32:27 pm UTC — From United States

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

0 JavaScript Global Variables

6 Cookies

Indicators

t5.synergeticwave.sc Open in urlscan Pro
2606:4700:3036::ac43:9b50 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

0 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

2
IPs

1
Countries

15 kB
Transfer

35 kB
Size

6
Cookies

3 HTTP transactions
0 data transactions

Malicious page.url
Submitted on July 21st 2023, 6:32:27 pm UTC — From United States

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!