enigmatic-evrard-o9.zipwp.link Open in urlscan Pro
148.135.1.144 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://enigmatic-evrard-o9.zipwp.link/ts?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&a...
Effective URL:
https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&...
Submission: On October 31 via manual (October 31st 2024, 2:33:08 pm UTC) from JP — Scanned from JP

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 148.135.1.144, located in Los Angeles, United States and belongs to MULTA-ASN1, US. The main domain is enigmatic-evrard-o9.zipwp.link.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on February 20th 2024. Valid for: a year.

This is the only time enigmatic-evrard-o9.zipwp.link was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Tech Support Scam (Consumer)

Domain & IP information

	IP Address		AS Autonomous System
2 14	148.135.1.144 148.135.1.144		35916 (MULTA-ASN1) (MULTA-ASN1)
12	1

14 148.135.1.144 (Los Angeles, United States) 2 redirects

ASN35916 (MULTA-ASN1, US)
PTR: 144-1-135-148-dedicated.multacom.com

enigmatic-evrard-o9.zipwp.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	zipwp.link 2 redirects enigmatic-evrard-o9.zipwp.link	1 MB
12	1

	Domain	Requested by
14	enigmatic-evrard-o9.zipwp.link	2 redirects enigmatic-evrard-o9.zipwp.link
12	1

This site contains no links.

Subject Issuer	Validity	Valid
*.zipwp.link Sectigo RSA Domain Validation Secure Server CA	`2024-02-20` - `2025-02-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC%E3%81%A0%E3%81%A8%E6%80%9D%E3%81%A3%E3%81%A6%E6%95%91%E5%8A%A9%E3%81%97%E3%81%9F%EF%BC%91%EF%BC%90%E6%AD%B3%E3%81%AE%E5%B0%91%E5%B9%B4%E3%80%82%E3%81%9D%E3%81%AE%E6%AD%A3%E4%BD%93%E3%82%92%E7%9F%A5%E3%81%A3%E3%81%A6%E9%A9%9A%E6%84%95%E3%81%97%E3%81%9F%E3%80%82}&sctn_id={{section_id}}&section_name={{section_name}}&req_id={{req_id}}&promoted_link_id={{promoted_link_id}}&time_stamp={{time_stamp}}&external_id={{ob_click_id}}&zpbid=79762_dda40884-9656-11ef-a463-88d5bdda8978
Frame ID: 7F12DA0CCE5687F3D9931BE3AB2569D3
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

kochi

Page URL History Show full URLs

https://enigmatic-evrard-o9.zipwp.link/ts?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name=... HTTP 301
https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Page Statistics

12
Requests

92 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1106 kB
Transfer

1274 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://enigmatic-evrard-o9.zipwp.link/ts?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC%E3%81%A0%E3%81%A8%E6%80%9D%E3%81%A3%E3%81%A6%E6%95%91%E5%8A%A9%E3%81%97%E3%81%9F%EF%BC%91%EF%BC%90%E6%AD%B3%E3%81%AE%E5%B0%91%E5%B9%B4%E3%80%82%E3%81%9D%E3%81%AE%E6%AD%A3%E4%BD%93%E3%82%92%E7%9F%A5%E3%81%A3%E3%81%A6%E9%A9%9A%E6%84%95%E3%81%97%E3%81%9F%E3%80%82}&sctn_id={{section_id}}&section_name={{section_name}}&req_id={{req_id}}&promoted_link_id={{promoted_link_id}}&time_stamp={{time_stamp}}&external_id={{ob_click_id}}&zpbid=79762_dda40884-9656-11ef-a463-88d5bdda8978 HTTP 301
https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC%E3%81%A0%E3%81%A8%E6%80%9D%E3%81%A3%E3%81%A6%E6%95%91%E5%8A%A9%E3%81%97%E3%81%9F%EF%BC%91%EF%BC%90%E6%AD%B3%E3%81%AE%E5%B0%91%E5%B9%B4%E3%80%82%E3%81%9D%E3%81%AE%E6%AD%A3%E4%BD%93%E3%82%92%E7%9F%A5%E3%81%A3%E3%81%A6%E9%A9%9A%E6%84%95%E3%81%97%E3%81%9F%E3%80%82}&sctn_id={{section_id}}&section_name={{section_name}}&req_id={{req_id}}&promoted_link_id={{promoted_link_id}}&time_stamp={{time_stamp}}&external_id={{ob_click_id}}&zpbid=79762_dda40884-9656-11ef-a463-88d5bdda8978 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://enigmatic-evrard-o9.zipwp.link/favicon.ico HTTP 302
https://enigmatic-evrard-o9.zipwp.link/wp-includes/images/w-logo-blue-white-bg.png

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
enigmatic-evrard-o9.zipwp.link/ts/
Redirect Chain

https://enigmatic-evrard-o9.zipwp.link/ts?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC%...
https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC...

38 KB
12 KB

134ms
134ms

Document
text/html

148.135.1.144
MULTA-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC%E3%81%A0%E3%81%A8%E6%80%9D%E3%81%A3%E3%81%A6%E6%95%91%E5%8A%A9%E3%81%97%E3%81%9F%EF%BC%91%EF%BC%90%E6%AD%B3%E3%81%AE%E5%B0%91%E5%B9%B4%E3%80%82%E3%81%9D%E3%81%AE%E6%AD%A3%E4%BD%93%E3%82%92%E7%9F%A5%E3%81%A3%E3%81%A6%E9%A9%9A%E6%84%95%E3%81%97%E3%81%9F%E3%80%82}&sctn_id={{section_id}}&section_name={{section_name}}&req_id={{req_id}}&promoted_link_id={{promoted_link_id}}&time_stamp={{time_stamp}}&external_id={{ob_click_id}}&zpbid=79762_dda40884-9656-11ef-a463-88d5bdda8978

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

148.135.1.144 Los Angeles, United States, ASN35916 (MULTA-ASN1, US),

Reverse DNS

144-1-135-148-dedicated.multacom.com

Software

nginx-rc /

Resource Hash

127cbf7f7cbfcf5914e23473511dcc4081117e052a2c5ada50cd2801a8e9f512

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: max-age=86400
content-encoding: br
content-type: text/html
date: Thu, 31 Oct 2024 14:33:02 GMT
etag: W/"671bd3de-99dc"
expires: Fri, 01 Nov 2024 14:33:02 GMT
last-modified: Fri, 25 Oct 2024 17:22:38 GMT
server: nginx-rc
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

Redirect headers

content-length: 166
content-type: text/html
date: Thu, 31 Oct 2024 14:33:02 GMT
location: https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC%E3%81%A0%E3%81%A8%E6%80%9D%E3%81%A3%E3%81%A6%E6%95%91%E5%8A%A9%E3%81%97%E3%81%9F%EF%BC%91%EF%BC%90%E6%AD%B3%E3%81%AE%E5%B0%91%E5%B9%B4%E3%80%82%E3%81%9D%E3%81%AE%E6%AD%A3%E4%BD%93%E3%82%92%E7%9F%A5%E3%81%A3%E3%81%A6%E9%A9%9A%E6%84%95%E3%81%97%E3%81%9F%E3%80%82}&sctn_id={{section_id}}&section_name={{section_name}}&req_id={{req_id}}&promoted_link_id={{promoted_link_id}}&time_stamp={{time_stamp}}&external_id={{ob_click_id}}&zpbid=79762_dda40884-9656-11ef-a463-88d5bdda8978
server: nginx-rc
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 ppt1.jpg
enigmatic-evrard-o9.zipwp.link/ts/ 274 KB
268 KB 142ms
142ms Image
image/jpeg 148.135.1.144
MULTA-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://enigmatic-evrard-o9.zipwp.link/ts/ppt1.jpg

Requested by

Host: enigmatic-evrard-o9.zipwp.link
URL: https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC%E3%81%A0%E3%81%A8%E6%80%9D%E3%81%A3%E3%81%A6%E6%95%91%E5%8A%A9%E3%81%97%E3%81%9F%EF%BC%91%EF%BC%90%E6%AD%B3%E3%81%AE%E5%B0%91%E5%B9%B4%E3%80%82%E3%81%9D%E3%81%AE%E6%AD%A3%E4%BD%93%E3%82%92%E7%9F%A5%E3%81%A3%E3%81%A6%E9%A9%9A%E6%84%95%E3%81%97%E3%81%9F%E3%80%82}&sctn_id={{section_id}}&section_name={{section_name}}&req_id={{req_id}}&promoted_link_id={{promoted_link_id}}&time_stamp={{time_stamp}}&external_id={{ob_click_id}}&zpbid=79762_dda40884-9656-11ef-a463-88d5bdda8978

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

148.135.1.144 Los Angeles, United States, ASN35916 (MULTA-ASN1, US),

Reverse DNS

144-1-135-148-dedicated.multacom.com

Software

nginx-rc /

Resource Hash

48cb870946418591d93cfbbd0cfd16894bed8060bcb9cd3819e28455716255ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC%E3%81%A0%E3%81%A8%E6%80%9D%E3%81%A3%E3%81%A6%E6%95%91%E5%8A%A9%E3%81%97%E3%81%9F%EF%BC%91%EF%BC%90%E6%AD%B3%E3%81%AE%E5%B0%91%E5%B9%B4%E3%80%82%E3%81%9D%E3%81%AE%E6%AD%A3%E4%BD%93%E3%82%92%E7%9F%A5%E3%81%A3%E3%81%A6%E9%A9%9A%E6%84%95%E3%81%97%E3%81%9F%E3%80%82}&sctn_id={{section_id}}&section_name={{section_name}}&req_id={{req_id}}&promoted_link_id={{promoted_link_id}}&time_stamp={{time_stamp}}&external_id={{ob_click_id}}&zpbid=79762_dda40884-9656-11ef-a463-88d5bdda8978

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=2592000
content-encoding: br
etag: W/"671bd3df-44768"
x-content-type-options: nosniff
expires: Sat, 30 Nov 2024 14:33:02 GMT
date: Thu, 31 Oct 2024 14:33:02 GMT
x-xss-protection: 1; mode=block
content-type: image/jpeg
last-modified: Fri, 25 Oct 2024 17:22:39 GMT
server: nginx-rc
vary: Accept-Encoding

GET
H2 200 1.png
enigmatic-evrard-o9.zipwp.link/ts/ 43 KB
42 KB 142ms
142ms Image
image/png 148.135.1.144
MULTA-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://enigmatic-evrard-o9.zipwp.link/ts/1.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

148.135.1.144 Los Angeles, United States, ASN35916 (MULTA-ASN1, US),

Reverse DNS

144-1-135-148-dedicated.multacom.com

Software

nginx-rc /

Resource Hash

e8a27e1aa6eb59895808961b1ff199466c20fd71eb337de9310cb2a7d8457a74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC%E3%81%A0%E3%81%A8%E6%80%9D%E3%81%A3%E3%81%A6%E6%95%91%E5%8A%A9%E3%81%97%E3%81%9F%EF%BC%91%EF%BC%90%E6%AD%B3%E3%81%AE%E5%B0%91%E5%B9%B4%E3%80%82%E3%81%9D%E3%81%AE%E6%AD%A3%E4%BD%93%E3%82%92%E7%9F%A5%E3%81%A3%E3%81%A6%E9%A9%9A%E6%84%95%E3%81%97%E3%81%9F%E3%80%82}&sctn_id={{section_id}}&section_name={{section_name}}&req_id={{req_id}}&promoted_link_id={{promoted_link_id}}&time_stamp={{time_stamp}}&external_id={{ob_click_id}}&zpbid=79762_dda40884-9656-11ef-a463-88d5bdda8978

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=2592000
content-encoding: br
etag: W/"671bd3e2-aa65"
x-content-type-options: nosniff
expires: Sat, 30 Nov 2024 14:33:02 GMT
date: Thu, 31 Oct 2024 14:33:02 GMT
x-xss-protection: 1; mode=block
content-type: image/png
last-modified: Fri, 25 Oct 2024 17:22:42 GMT
server: nginx-rc
vary: Accept-Encoding

GET
H2 200 2.png
enigmatic-evrard-o9.zipwp.link/ts/ 94 KB
92 KB 420ms
419ms Image
image/png 148.135.1.144
MULTA-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://enigmatic-evrard-o9.zipwp.link/ts/2.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

148.135.1.144 Los Angeles, United States, ASN35916 (MULTA-ASN1, US),

Reverse DNS

144-1-135-148-dedicated.multacom.com

Software

nginx-rc /

Resource Hash

997aa0c309d54c15236858ed370282e4d3f8609e1489dd76effe920ed31cca81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC%E3%81%A0%E3%81%A8%E6%80%9D%E3%81%A3%E3%81%A6%E6%95%91%E5%8A%A9%E3%81%97%E3%81%9F%EF%BC%91%EF%BC%90%E6%AD%B3%E3%81%AE%E5%B0%91%E5%B9%B4%E3%80%82%E3%81%9D%E3%81%AE%E6%AD%A3%E4%BD%93%E3%82%92%E7%9F%A5%E3%81%A3%E3%81%A6%E9%A9%9A%E6%84%95%E3%81%97%E3%81%9F%E3%80%82}&sctn_id={{section_id}}&section_name={{section_name}}&req_id={{req_id}}&promoted_link_id={{promoted_link_id}}&time_stamp={{time_stamp}}&external_id={{ob_click_id}}&zpbid=79762_dda40884-9656-11ef-a463-88d5bdda8978

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=2592000
content-encoding: br
etag: W/"671bd3d9-177ab"
x-content-type-options: nosniff
expires: Sat, 30 Nov 2024 14:33:02 GMT
date: Thu, 31 Oct 2024 14:33:02 GMT
x-xss-protection: 1; mode=block
content-type: image/png
last-modified: Fri, 25 Oct 2024 17:22:33 GMT
server: nginx-rc
vary: Accept-Encoding

GET
H2 200 3.png
enigmatic-evrard-o9.zipwp.link/ts/ 206 KB
168 KB 421ms
420ms Image
image/png 148.135.1.144
MULTA-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://enigmatic-evrard-o9.zipwp.link/ts/3.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

148.135.1.144 Los Angeles, United States, ASN35916 (MULTA-ASN1, US),

Reverse DNS

144-1-135-148-dedicated.multacom.com

Software

nginx-rc /

Resource Hash

4a6dae7a9ac86972139b32a9d670b09b1c4dc34444da9ade58222973754b9216

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC%E3%81%A0%E3%81%A8%E6%80%9D%E3%81%A3%E3%81%A6%E6%95%91%E5%8A%A9%E3%81%97%E3%81%9F%EF%BC%91%EF%BC%90%E6%AD%B3%E3%81%AE%E5%B0%91%E5%B9%B4%E3%80%82%E3%81%9D%E3%81%AE%E6%AD%A3%E4%BD%93%E3%82%92%E7%9F%A5%E3%81%A3%E3%81%A6%E9%A9%9A%E6%84%95%E3%81%97%E3%81%9F%E3%80%82}&sctn_id={{section_id}}&section_name={{section_name}}&req_id={{req_id}}&promoted_link_id={{promoted_link_id}}&time_stamp={{time_stamp}}&external_id={{ob_click_id}}&zpbid=79762_dda40884-9656-11ef-a463-88d5bdda8978

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=2592000
content-encoding: br
etag: W/"671bd3d8-3390d"
x-content-type-options: nosniff
expires: Sat, 30 Nov 2024 14:33:02 GMT
date: Thu, 31 Oct 2024 14:33:02 GMT
x-xss-protection: 1; mode=block
content-type: image/png
last-modified: Fri, 25 Oct 2024 17:22:32 GMT
server: nginx-rc
vary: Accept-Encoding

GET
H2 200 4.png
enigmatic-evrard-o9.zipwp.link/ts/ 377 KB
356 KB 421ms
420ms Image
image/png 148.135.1.144
MULTA-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://enigmatic-evrard-o9.zipwp.link/ts/4.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

148.135.1.144 Los Angeles, United States, ASN35916 (MULTA-ASN1, US),

Reverse DNS

144-1-135-148-dedicated.multacom.com

Software

nginx-rc /

Resource Hash

6ba1efc4b46529f362c97fff4507cb556de910691845f3b4fece71ccb317f4cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC%E3%81%A0%E3%81%A8%E6%80%9D%E3%81%A3%E3%81%A6%E6%95%91%E5%8A%A9%E3%81%97%E3%81%9F%EF%BC%91%EF%BC%90%E6%AD%B3%E3%81%AE%E5%B0%91%E5%B9%B4%E3%80%82%E3%81%9D%E3%81%AE%E6%AD%A3%E4%BD%93%E3%82%92%E7%9F%A5%E3%81%A3%E3%81%A6%E9%A9%9A%E6%84%95%E3%81%97%E3%81%9F%E3%80%82}&sctn_id={{section_id}}&section_name={{section_name}}&req_id={{req_id}}&promoted_link_id={{promoted_link_id}}&time_stamp={{time_stamp}}&external_id={{ob_click_id}}&zpbid=79762_dda40884-9656-11ef-a463-88d5bdda8978

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=2592000
content-encoding: br
etag: W/"671bd3da-5e562"
x-content-type-options: nosniff
expires: Sat, 30 Nov 2024 14:33:02 GMT
date: Thu, 31 Oct 2024 14:33:02 GMT
x-xss-protection: 1; mode=block
content-type: image/png
last-modified: Fri, 25 Oct 2024 17:22:34 GMT
server: nginx-rc
vary: Accept-Encoding

GET
H2 200 5.png
enigmatic-evrard-o9.zipwp.link/ts/ 122 KB
116 KB 421ms
420ms Image
image/png 148.135.1.144
MULTA-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://enigmatic-evrard-o9.zipwp.link/ts/5.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

148.135.1.144 Los Angeles, United States, ASN35916 (MULTA-ASN1, US),

Reverse DNS

144-1-135-148-dedicated.multacom.com

Software

nginx-rc /

Resource Hash

5a712bc416dd9d75969dcf6117bde6eb1eca8343b5ab6368feb03e2cefd82235

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC%E3%81%A0%E3%81%A8%E6%80%9D%E3%81%A3%E3%81%A6%E6%95%91%E5%8A%A9%E3%81%97%E3%81%9F%EF%BC%91%EF%BC%90%E6%AD%B3%E3%81%AE%E5%B0%91%E5%B9%B4%E3%80%82%E3%81%9D%E3%81%AE%E6%AD%A3%E4%BD%93%E3%82%92%E7%9F%A5%E3%81%A3%E3%81%A6%E9%A9%9A%E6%84%95%E3%81%97%E3%81%9F%E3%80%82}&sctn_id={{section_id}}&section_name={{section_name}}&req_id={{req_id}}&promoted_link_id={{promoted_link_id}}&time_stamp={{time_stamp}}&external_id={{ob_click_id}}&zpbid=79762_dda40884-9656-11ef-a463-88d5bdda8978

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=2592000
content-encoding: br
etag: W/"671bd3da-1e6e2"
x-content-type-options: nosniff
expires: Sat, 30 Nov 2024 14:33:02 GMT
date: Thu, 31 Oct 2024 14:33:02 GMT
x-xss-protection: 1; mode=block
content-type: image/png
last-modified: Fri, 25 Oct 2024 17:22:34 GMT
server: nginx-rc
vary: Accept-Encoding

GET
H2 200 7.gif
enigmatic-evrard-o9.zipwp.link/ts/ 14 KB
14 KB 421ms
420ms Image
image/gif 148.135.1.144
MULTA-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://enigmatic-evrard-o9.zipwp.link/ts/7.gif

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

148.135.1.144 Los Angeles, United States, ASN35916 (MULTA-ASN1, US),

Reverse DNS

144-1-135-148-dedicated.multacom.com

Software

nginx-rc /

Resource Hash

4b436b0b6a47db85c88f83dc3fe3fd9a96c0a4018b28832165df929dffe0bc86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC%E3%81%A0%E3%81%A8%E6%80%9D%E3%81%A3%E3%81%A6%E6%95%91%E5%8A%A9%E3%81%97%E3%81%9F%EF%BC%91%EF%BC%90%E6%AD%B3%E3%81%AE%E5%B0%91%E5%B9%B4%E3%80%82%E3%81%9D%E3%81%AE%E6%AD%A3%E4%BD%93%E3%82%92%E7%9F%A5%E3%81%A3%E3%81%A6%E9%A9%9A%E6%84%95%E3%81%97%E3%81%9F%E3%80%82}&sctn_id={{section_id}}&section_name={{section_name}}&req_id={{req_id}}&promoted_link_id={{promoted_link_id}}&time_stamp={{time_stamp}}&external_id={{ob_click_id}}&zpbid=79762_dda40884-9656-11ef-a463-88d5bdda8978

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=2592000
content-encoding: br
etag: W/"671bd3db-399f"
x-content-type-options: nosniff
expires: Sat, 30 Nov 2024 14:33:02 GMT
date: Thu, 31 Oct 2024 14:33:02 GMT
x-xss-protection: 1; mode=block
content-type: image/gif
last-modified: Fri, 25 Oct 2024 17:22:35 GMT
server: nginx-rc
vary: Accept-Encoding

GET
H2 200 6.png
enigmatic-evrard-o9.zipwp.link/ts/ 29 KB
26 KB 421ms
420ms Image
image/png 148.135.1.144
MULTA-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://enigmatic-evrard-o9.zipwp.link/ts/6.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

148.135.1.144 Los Angeles, United States, ASN35916 (MULTA-ASN1, US),

Reverse DNS

144-1-135-148-dedicated.multacom.com

Software

nginx-rc /

Resource Hash

c4d2d5ee774877dfa8569d1c29c21a12f076034c155f2d9b476d3f5efecec3b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC%E3%81%A0%E3%81%A8%E6%80%9D%E3%81%A3%E3%81%A6%E6%95%91%E5%8A%A9%E3%81%97%E3%81%9F%EF%BC%91%EF%BC%90%E6%AD%B3%E3%81%AE%E5%B0%91%E5%B9%B4%E3%80%82%E3%81%9D%E3%81%AE%E6%AD%A3%E4%BD%93%E3%82%92%E7%9F%A5%E3%81%A3%E3%81%A6%E9%A9%9A%E6%84%95%E3%81%97%E3%81%9F%E3%80%82}&sctn_id={{section_id}}&section_name={{section_name}}&req_id={{req_id}}&promoted_link_id={{promoted_link_id}}&time_stamp={{time_stamp}}&external_id={{ob_click_id}}&zpbid=79762_dda40884-9656-11ef-a463-88d5bdda8978

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=2592000
content-encoding: br
etag: W/"671bd3db-749b"
x-content-type-options: nosniff
expires: Sat, 30 Nov 2024 14:33:02 GMT
date: Thu, 31 Oct 2024 14:33:02 GMT
x-xss-protection: 1; mode=block
content-type: image/png
last-modified: Fri, 25 Oct 2024 17:22:35 GMT
server: nginx-rc
vary: Accept-Encoding

GET
H2 206 audio1.mp3
enigmatic-evrard-o9.zipwp.link/ts/ 64 KB
0 406ms
406ms Media
audio/mpeg 148.135.1.144
MULTA-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://enigmatic-evrard-o9.zipwp.link/ts/audio1.mp3

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

148.135.1.144 Los Angeles, United States, ASN35916 (MULTA-ASN1, US),

Reverse DNS

144-1-135-148-dedicated.multacom.com

Software

nginx-rc /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC%E3%81%A0%E3%81%A8%E6%80%9D%E3%81%A3%E3%81%A6%E6%95%91%E5%8A%A9%E3%81%97%E3%81%9F%EF%BC%91%EF%BC%90%E6%AD%B3%E3%81%AE%E5%B0%91%E5%B9%B4%E3%80%82%E3%81%9D%E3%81%AE%E6%AD%A3%E4%BD%93%E3%82%92%E7%9F%A5%E3%81%A3%E3%81%A6%E9%A9%9A%E6%84%95%E3%81%97%E3%81%9F%E3%80%82}&sctn_id={{section_id}}&section_name={{section_name}}&req_id={{req_id}}&promoted_link_id={{promoted_link_id}}&time_stamp={{time_stamp}}&external_id={{ob_click_id}}&zpbid=79762_dda40884-9656-11ef-a463-88d5bdda8978
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

strict-transport-security: max-age=31536000
etag: "671bd3de-748a9"
Content-Range: bytes 0-477352/477353
x-content-type-options: nosniff
Content-Length: 477353
x-xss-protection: 1; mode=block
date: Thu, 31 Oct 2024 14:33:02 GMT
content-type: audio/mpeg
last-modified: Fri, 25 Oct 2024 17:22:38 GMT
server: nginx-rc
vary: Accept-Encoding

GET
H2 206 audio2.mp3
enigmatic-evrard-o9.zipwp.link/ts/ 8 KB
8 KB 406ms
405ms Media
audio/mpeg 148.135.1.144
MULTA-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://enigmatic-evrard-o9.zipwp.link/ts/audio2.mp3

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

148.135.1.144 Los Angeles, United States, ASN35916 (MULTA-ASN1, US),

Reverse DNS

144-1-135-148-dedicated.multacom.com

Software

nginx-rc /

Resource Hash

0589be7715d2320e559eae6bd26f3528e97450c70293da2e1e8ce45f77f99ab1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC%E3%81%A0%E3%81%A8%E6%80%9D%E3%81%A3%E3%81%A6%E6%95%91%E5%8A%A9%E3%81%97%E3%81%9F%EF%BC%91%EF%BC%90%E6%AD%B3%E3%81%AE%E5%B0%91%E5%B9%B4%E3%80%82%E3%81%9D%E3%81%AE%E6%AD%A3%E4%BD%93%E3%82%92%E7%9F%A5%E3%81%A3%E3%81%A6%E9%A9%9A%E6%84%95%E3%81%97%E3%81%9F%E3%80%82}&sctn_id={{section_id}}&section_name={{section_name}}&req_id={{req_id}}&promoted_link_id={{promoted_link_id}}&time_stamp={{time_stamp}}&external_id={{ob_click_id}}&zpbid=79762_dda40884-9656-11ef-a463-88d5bdda8978
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

strict-transport-security: max-age=31536000
etag: "671bd3dc-20d5"
Content-Range: bytes 0-8404/8405
x-content-type-options: nosniff
Content-Length: 8405
x-xss-protection: 1; mode=block
date: Thu, 31 Oct 2024 14:33:02 GMT
content-type: audio/mpeg
last-modified: Fri, 25 Oct 2024 17:22:36 GMT
server: nginx-rc
vary: Accept-Encoding

GET
H2

200

w-logo-blue-white-bg.png
enigmatic-evrard-o9.zipwp.link/wp-includes/images/
Redirect Chain

https://enigmatic-evrard-o9.zipwp.link/favicon.ico
https://enigmatic-evrard-o9.zipwp.link/wp-includes/images/w-logo-blue-white-bg.png

4 KB
4 KB

107ms
106ms

Other
image/png

148.135.1.144
MULTA-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://enigmatic-evrard-o9.zipwp.link/wp-includes/images/w-logo-blue-white-bg.png

Protocol

Server

148.135.1.144 Los Angeles, United States, ASN35916 (MULTA-ASN1, US),

Reverse DNS

144-1-135-148-dedicated.multacom.com

Software

nginx-rc /

Resource Hash

6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://enigmatic-evrard-o9.zipwp.link/ts/?campaign_id={{campaign_id}}&publisher_id={{publisher_id}}&publisher_name={{publisher_name}}&ad_id={{ad_id}}&ad_title={%E6%99%AE%E9%80%9A%E3%81%AE%E7%8A%AC%E3%81%A0%E3%81%A8%E6%80%9D%E3%81%A3%E3%81%A6%E6%95%91%E5%8A%A9%E3%81%97%E3%81%9F%EF%BC%91%EF%BC%90%E6%AD%B3%E3%81%AE%E5%B0%91%E5%B9%B4%E3%80%82%E3%81%9D%E3%81%AE%E6%AD%A3%E4%BD%93%E3%82%92%E7%9F%A5%E3%81%A3%E3%81%A6%E9%A9%9A%E6%84%95%E3%81%97%E3%81%9F%E3%80%82}&sctn_id={{section_id}}&section_name={{section_name}}&req_id={{req_id}}&promoted_link_id={{promoted_link_id}}&time_stamp={{time_stamp}}&external_id={{ob_click_id}}&zpbid=79762_dda40884-9656-11ef-a463-88d5bdda8978

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=2592000
content-encoding: br
etag: W/"671b8891-1017"
x-content-type-options: nosniff
expires: Sat, 30 Nov 2024 14:33:04 GMT
date: Thu, 31 Oct 2024 14:33:04 GMT
x-xss-protection: 1; mode=block
content-type: image/png
last-modified: Fri, 25 Oct 2024 12:01:21 GMT
server: nginx-rc
vary: Accept-Encoding

Redirect headers

x-redirect-by: WordPress
strict-transport-security: max-age=31536000
link: <https://enigmatic-evrard-o9.zipwp.link/wp-json/>; rel="https://api.w.org/"
location: https://enigmatic-evrard-o9.zipwp.link/wp-includes/images/w-logo-blue-white-bg.png
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 14:33:04 GMT
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8
server: nginx-rc

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Tech Support Scam (Consumer)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

enigmatic-evrard-o9.zipwp.link
148.135.1.144
0589be7715d2320e559eae6bd26f3528e97450c70293da2e1e8ce45f77f99ab1
127cbf7f7cbfcf5914e23473511dcc4081117e052a2c5ada50cd2801a8e9f512
48cb870946418591d93cfbbd0cfd16894bed8060bcb9cd3819e28455716255ec
4a6dae7a9ac86972139b32a9d670b09b1c4dc34444da9ade58222973754b9216
4b436b0b6a47db85c88f83dc3fe3fd9a96c0a4018b28832165df929dffe0bc86
5a712bc416dd9d75969dcf6117bde6eb1eca8343b5ab6368feb03e2cefd82235
6ba1efc4b46529f362c97fff4507cb556de910691845f3b4fece71ccb317f4cb
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0
997aa0c309d54c15236858ed370282e4d3f8609e1489dd76effe920ed31cca81
c4d2d5ee774877dfa8569d1c29c21a12f076034c155f2d9b476d3f5efecec3b6
e8a27e1aa6eb59895808961b1ff199466c20fd71eb337de9310cb2a7d8457a74

enigmatic-evrard-o9.zipwp.link Open in urlscan Pro 148.135.1.144 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

92 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

1106 kBTransfer

1274 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

enigmatic-evrard-o9.zipwp.link Open in urlscan Pro
148.135.1.144 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

92 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1106 kB
Transfer

1274 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!