water.c0m.li
Open in
urlscan Pro
159.65.71.145
Malicious Activity!
Public Scan
Effective URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Submission: On November 23 via manual from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on November 22nd 2018. Valid for: 3 months.
This is the only time water.c0m.li was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Earthlink (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2a07:d880::5 2a07:d880::5 | 43357 (OWL Owl L...) (OWL Owl Limited) | |
18 | 159.65.71.145 159.65.71.145 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean) | |
1 2 | 172.82.212.52 172.82.212.52 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
19 | 2 |
ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
water.c0m.li |
ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: earthlink.net.102.122.2o7.net
s.earthlink.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
c0m.li
water.c0m.li |
382 KB |
2 |
earthlink.net
1 redirects
s.earthlink.net |
2 KB |
1 |
u.nu
1 redirects
u.nu |
305 B |
19 | 3 |
Domain | Requested by | |
---|---|---|
18 | water.c0m.li |
water.c0m.li
|
2 | s.earthlink.net |
1 redirects
water.c0m.li
|
1 | u.nu | 1 redirects |
19 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.earthlink.net |
webmail.earthlink.net |
myaccount.earthlink.net |
support.earthlink.net |
www.facebook.com |
twitter.com |
my.earthlink.net |
Subject Issuer | Validity | Valid | |
---|---|---|---|
water.c0m.li Let's Encrypt Authority X3 |
2018-11-22 - 2019-02-20 |
3 months | crt.sh |
s.earthlink.net COMODO RSA Organization Validation Secure Server CA |
2016-02-02 - 2019-02-01 |
3 years | crt.sh |
This page contains 2 frames:
Primary Page:
https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Frame ID: 484A97D0488AB4332BDF3123ABA0C7DA
Requests: 18 HTTP requests in this frame
Frame:
https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/saved_resource.html
Frame ID: FF3B233EF944165304C2EFA6D820E3C5
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://u.nu/hhfhfhfhf
HTTP 301
https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Outbrain (Widgets) Expand
Detected patterns
- env /^(?:OutbrainPermaLink|OB_releaseVer)$/i
SiteCatalyst (Analytics) Expand
Detected patterns
- script /\/s[_-]code.*\.js/i
- env /^s_(?:account|objectID|code|INST)$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Twitter Bootstrap () Expand
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
Page Statistics
13 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: My Account
Search URL Search Domain Scan URL
Title: Support
Search URL Search Domain Scan URL
Title: MyEarthLink App!
Search URL Search Domain Scan URL
Title: IMAP: Now Available!
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Forgot your password?
Search URL Search Domain Scan URL
Title: Policies and Agreements
Search URL Search Domain Scan URL
Title: Acceptable Use Policy.
Search URL Search Domain Scan URL
Title: EarthLink Privacy Policy
Search URL Search Domain Scan URL
Title: Feedback
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u.nu/hhfhfhfhf
HTTP 301
https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 15- https://s.earthlink.net/b/ss/earthlnkpsplive/1/H.17/s03476204304953?AQB=1&ndh=1&t=23/10/2018%2019%3A1%3A32%205%200&vmt=4A785FB7&g=https%3A//water.c0m.li/cil/earthlinx/myEarthLink%2520Secure%2520Login.html&cc=USD&ch=myEarthLink%20Secure%20Login&c1=cg%3A87&c3=out&c4=Mozilla/5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_13_5%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/67.0.3396.87%20Safari/537.36&c21=NO_UUID&v21=NO_UUID&c22=NO_ZIP&v22=NO_ZIP&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
- https://s.earthlink.net/b/ss/earthlnkpsplive/1/H.17/s03476204304953?AQB=1&pccr=true&vidn=2DFC27468507EB63-4000010B8000B640&&ndh=1&t=23/10/2018%2019%3A1%3A32%205%200&vmt=4A785FB7&g=https%3A//water.c0m.li/cil/earthlinx/myEarthLink%2520Secure%2520Login.html&cc=USD&ch=myEarthLink%20Secure%20Login&c1=cg%3A87&c3=out&c4=Mozilla/5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_13_5%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/67.0.3396.87%20Safari/537.36&c21=NO_UUID&v21=NO_UUID&c22=NO_ZIP&v22=NO_ZIP&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
myEarthLink%20Secure%20Login.html
water.c0m.li/cil/earthlinx/ Redirect Chain
|
11 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
get
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ |
2 KB 2 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ |
122 KB 122 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.2.1.slim.min.js.download
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ |
68 KB 68 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s_code.js.download
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ |
18 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
elnk_logo.png
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
enhanced_by_google.png
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mag_button_smaller.png
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webmail_icon.png
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gear_icon.png
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
facebook.png
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
twitter.png
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
widgetGlobalEvent
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ |
4 B 218 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
outbrain.js.download
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ |
61 KB 62 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
popper.min.js.download
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ |
19 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js.download
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ |
50 KB 50 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s03476204304953
s.earthlink.net/b/ss/earthlnkpsplive/1/H.17/ Redirect Chain
|
43 B 723 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
signin_img_2.jpg
water.c0m.li/img/signin/ |
344 B 344 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
saved_resource.html
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ Frame FF3B |
149 B 390 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Earthlink (Telecommunication)27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| urlParams string| s_account object| s function| s_doPlugins string| s_code string| s_objectID function| s_gi function| s_r function| s_d function| s_fe function| s_fa function| s_ft function| s_c object| s_c_il number| s_c_in string| widgetsOpen string| tcdacmd object| s_i_earthlnkpsplive string| csrfToken function| Popper object| OBR string| OB_releaseVer function| OBR$ object| outbrain object| outbrain_rater3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.c0m.li/ | Name: s_sq Value: %5B%5BB%5D%5D |
|
.c0m.li/ | Name: gpv_p5 Value: no%20value |
|
.c0m.li/ | Name: s_cc Value: true |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
s.earthlink.net
u.nu
water.c0m.li
159.65.71.145
172.82.212.52
2a07:d880::5
0b2d5239c939743140b96b98c98c33d539161496b9d22d82d02c73af9d776a46
0e25895d7caaf355a53d19c37c69a06198f668e5422b211d27597ed93983b80b
17c5de1e2baed4a56701eb883099236177fe9234c92416d31ebce7a0cdddbcac
29459dd1e4566c297c1a27c78bbebb3bca144d246e97e1494c12c59298cc5546
2c4e94821b47cf33602ff80defc9d0f3085447dd0d25d5c2c7839b65560301ca
2f212a6c52aa781c6c3aa834a70eaa2ca0b1fc627ceeab4ae5d87bd6bd961e18
333f4216a9e8db7733ab783c873dc1df37f7f3e5e2990e41180ea27ad3b823d6
46b2ccda52249b86593a44bad556801f0a5783c73bf56b15ef56aa67013950c9
5292e677fe712c80863414e9e73f3678d86d409f751392b6803b70a949fc1017
7769eef08de59d070e1fedf01a59b47770dfbf0e386ecd0b49ef50753665d6a4
7abf8fd346f413ae2fd27ef7d5fd95d0b72a4e15d6e7a59d5c4204cbde5c324e
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
979346a2ac7f149b93abd9777ca6407300f6e8bab341e7ec958354a8f9232ea5
97f9b10039b05e1af4a3c9b778fc72ba44cf68a376e4ec1d55f2558f16cf3e50
9bf87f7140c085febf881462c536ee73cf9183670811342d3dc1fd0f7a762a0d
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b72865c6b577b87b4628d9923a04ac037ff3f0e4e63658394942965ec3c04b58
db42be4b42f924f73a72a5878fa21f9a3e6d375715625ff30971f07f138deb94