cniresearchltd.com Open in urlscan Pro
107.154.154.205  Malicious Activity! Public Scan

URL: https://cniresearchltd.com/admin/summernote/plugin/specialchars/config-information-compte.php
Submission Tags: phishing malicious Search All
Submission: On May 11 via api from US

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 107.154.154.205, located in United States and belongs to INCAPSULA, US. The main domain is cniresearchltd.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 30th 2020. Valid for: 3 months.
This is the only time cniresearchltd.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
3 107.154.154.205 19551 (INCAPSULA)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
4 3
Apex Domain
Subdomains
Transfer
3 cniresearchltd.com
cniresearchltd.com
51 KB
1 jquery.com
code.jquery.com
30 KB
4 2
Domain Requested by
3 cniresearchltd.com cniresearchltd.com
1 code.jquery.com cniresearchltd.com
4 2

This site contains no links.

Subject Issuer Validity Valid
cniresearchltd.com
cPanel, Inc. Certification Authority
2020-04-30 -
2020-07-29
3 months crt.sh
jquery.org
COMODO RSA Domain Validation Secure Server CA
2018-10-17 -
2020-10-16
2 years crt.sh

This page contains 1 frames:

Primary Page: https://cniresearchltd.com/admin/summernote/plugin/specialchars/config-information-compte.php
Frame ID: 91BCCBAF5499EA5B002298AC202C3899
Requests: 5 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

4
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

81 kB
Transfer

422 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set config-information-compte.php
cniresearchltd.com/admin/summernote/plugin/specialchars/
216 KB
34 KB
Document
General
Full URL
https://cniresearchltd.com/admin/summernote/plugin/specialchars/config-information-compte.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
107.154.154.205 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
107.154.154.205.ip.incapdns.net
Software
Apache /
Resource Hash
3dffda7a291b2573f55ec46ffeee367a2c96c9d19f11e5f393e9b573c5472a38

Request headers

Host
cniresearchltd.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 11 May 2020 06:26:43 GMT
Server
Apache
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Set-Cookie
visid_incap_2291043=G13vM1cOSuSmgTV/yXmvMiLwuF4AAAAAQUIPAAAAAAC+0O6IBS5qcQwiQfdPP1iX; expires=Mon, 10 May 2021 10:06:23 GMT; HttpOnly; path=/; Domain=.cniresearchltd.com incap_ses_988_2291043=WZFROOPSqTvB/moaxBW2DSLwuF4AAAAA3WmxIKZIw/q3PzlFTrUH0g==; path=/; Domain=.cniresearchltd.com ___utmvmDfuFNDIZ=jsdkMoJSoVc; path=/; Max-Age=900 ___utmvaDfuFNDIZ=npVPdpo; path=/; Max-Age=900 ___utmvbDfuFNDIZ=nZO XqOOMalD: ztJ; path=/; Max-Age=900
X-CDN
Incapsula
Content-Encoding
gzip
X-Iinfo
13-270131427-270132411 NNYY CT(0 0 0) RT(1589178392328 9905) q(0 0 0 1) r(1 1) U12
jquery-2.2.4.min.js
code.jquery.com/
84 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-2.2.4.min.js
Requested by
Host: cniresearchltd.com
URL: https://cniresearchltd.com/admin/summernote/plugin/specialchars/config-information-compte.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://cniresearchltd.com/admin/summernote/plugin/specialchars/config-information-compte.php
Origin
https://cniresearchltd.com

Response headers

Date
Mon, 11 May 2020 06:26:43 GMT
Content-Encoding
gzip
Last-Modified
Fri, 20 May 2016 17:24:41 GMT
Server
nginx
ETag
W/"573f4859-14e4a"
Vary
Accept-Encoding
X-HW
1589178393.dop147.fr8.t,1589178403.cds010.fr8.shn,1589178403.cds010.fr8.c
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
29811
_Incapsula_Resource
cniresearchltd.com/
117 KB
17 KB
Script
General
Full URL
https://cniresearchltd.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=2099941406
Requested by
Host: cniresearchltd.com
URL: https://cniresearchltd.com/admin/summernote/plugin/specialchars/config-information-compte.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
107.154.154.205 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
107.154.154.205.ip.incapdns.net
Software
/
Resource Hash
4233705156bbb823380fe338cfdfed89f994c4a13f9f8e39c5051c8385c330de

Request headers

Referer
https://cniresearchltd.com/admin/summernote/plugin/specialchars/config-information-compte.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Encoding
gzip
Cache-Control
no-cache, no-store
X-Robots-Tag
noindex
Content-Length
17040
Content-Type
application/javascript
truncated
/
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
_Incapsula_Resource
cniresearchltd.com/
1 B
123 B
Image
General
Full URL
https://cniresearchltd.com/_Incapsula_Resource?SWKMTFSR=1&e=0.12208759639095335
Requested by
Host: cniresearchltd.com
URL: https://cniresearchltd.com/admin/summernote/plugin/specialchars/config-information-compte.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
107.154.154.205 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
107.154.154.205.ip.incapdns.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cniresearchltd.com/admin/summernote/plugin/specialchars/config-information-compte.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control
no-cache, no-store
X-Robots-Tag
noindex
Content-Length
1
Content-Type
text/plain

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery function| CardJs number| step function| showadress function| showcc function| showcompte function| endInfo

3 Cookies

Domain/Path Name / Value
cniresearchltd.com/ Name: ___utmvc
Value: GEFJcOLwu2E15OLbpx9C/gyLsc9fargD5M8aeFLUVuX4kBDeTYBUisERagCyPcgjQa36YbxVq8diykTo39UIohv3MMGweKgl3H1cxO6HzfL4TQ4gWpU0Mvr78ZfXy10MY3uWmZ0wk4h9HER0KGL48setWf6FK7TFHmaugmKMdk4vS7PzYDhidjt8kXUiYtBJG76g3ItMlNI0M6c6GPANqHumjoiA6TCatDMgt6X4Fd2FBrFuxQwNRf8hM+UUi0onblOXGTa/6ZzEKNwuk/xYbGhZTxIfh5FqSsw3sEYSct9LyQaILtQtBsO1Rr8wlKRsMyOapdkI58iq4sbZ6sHoBLtH0FplSUWM0ZpUW62AEJGmZZAuKDcFnCRhG9f8UN0gd/AudV9fi0tDShnZv39CwsZKb6LuuiUPdptRKpV1NpBT3sYBdLjOFX4bFlDD2GTy1Ntu28yASyPMYc9J2S3IG5LzDUUUCxIhOzLoLZjuz3bLN3SJ335vuSPee9a8OsvuwDlS8t/6yKn2KMOOP3B8zZYOZcYb9smRzIyR6tDY1It4wtoKj3YS/CHkIvJQcsw3/2GJ0xeEEDVwtn+dPzrKpm+y0UPBKCyxaVtg9wRrnoPMuo34rVVLdb4Hd/azgr04oJoFWK+v4bD0NMKEbFfqck/UNX6QzbQbQLslavKIDTced7XXIKQ+3WA0fr6MDUEE/9UtkAIyb5ZD2ndGAMKEdDTyY3DTgtLNfWaUIahi3AdH0ms68WWJ8BfqFSKk6zG6tH/7OsGTIWuaJvoDwMUiu+7CwhTSllOWYE7QlGStk8ybJj81+rTthinlD+3UFI+PfMP+kYikozLopKvA5OZV0nZ86Cu2SzXk14F8GCLNEf9KOBXLB4mgEMXQlu6AWtJZd/sqGXk/Ydc4GYKKQaDbyxCdlKZ16cw3jySfC3FAiFh7dhXZTsj9irWcgjbJXZz/JIFQM12ieTt3yx71TkGOaMDNbKRQ3BFR7oy4dva0SVyzOFgjYHwcZxZ4ZBWkcPoQxjYeTORltDU4FokCwGNrERDMF8zmXhSmPE34cuVJk6tzWsLcjxYe40jhvVYJ8B5gDO32OJprlR881Ev3XKAFg2PEaoNdlgxMDqZeJExOttSXnZxJc+yT1oQOzIcZg0W864V2b2FJoZi2qt3ZAdBKY3s3qZHRBdXNibzfJiCHdfh4ZEjLfTXrhJpb6+p+GGt1EnTO1U9AcBK5Vl+xPbpUCcG2GMQ8+x7t49zPcfJM2NvOaiWrVwkaI8jASSrpa7RtOy2eMZDaLU+isZnS5WUvcb4LjnPDQ8A5KJqhVhiwNBXSAoXWECHZacYXcVrdUirXXKTTWkQBdkdKM0x67anMWNL71D67xPfm+xz7mZG8MCN8XcQsiOytH3IrF65o6SHQ8Uc0wjquN16yYvZ3VJM2XpajemC9VK01DtztJh7x3xpgXsRTx91ca8ehDbyiMliOHJBKJBS5S4BKbL8SRfA2HwdIdBMdogV5vpF9ZkEhr1ZGvBlQg1IQW9FlOtxs+sgpwpPtO6T6QFHgJtKxM3cbHjtt2ZhffHdQviqxwlyv/dWnfnxoRvSdFR7GmkhW9rn/w7WbDp638ziz/rqWhEUoB0LyIe7/shwL8UgAxCxkaWdlc3Q9MTE0NjQ5LHM9OWQ2NjdkODE4YjdjN2E5ZTdjOWY4MTdmNjFhOTg4N2NhYzdjODY2NzVmNjY2ZDY4YTM2NTlhYTc4NjZlODQ5NDdlODY2YzdiN2Q5ODcxNzM=
.cniresearchltd.com/ Name: incap_ses_988_2291043
Value: WZFROOPSqTvB/moaxBW2DSLwuF4AAAAA3WmxIKZIw/q3PzlFTrUH0g==
.cniresearchltd.com/ Name: visid_incap_2291043
Value: G13vM1cOSuSmgTV/yXmvMiLwuF4AAAAAQUIPAAAAAAC+0O6IBS5qcQwiQfdPP1iX