net1ease.thefixafence.com Open in urlscan Pro
192.185.28.92 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://webdisk.login.ali-inc.starlitenails.com/
Effective URL:
https://net1ease.thefixafence.com/z1/auwerfwerf.php?e=QHZpcC4xNjMuY29t&VHIwcDJZV250MExSRlZpYzRNdUI9UUhacGNDNHhOak11WTI5dCZmZ2FSZHp...
Submission: On August 26 via api (August 26th 2024, 4:17:22 pm UTC) from US — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 14 HTTP transactions. The main IP is 192.185.28.92, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is net1ease.thefixafence.com.
TLS certificate: Issued by R10 on August 25th 2024. Valid for: 3 months.

This is the only time net1ease.thefixafence.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: 163.cn (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.185.140.149 192.185.140.149	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
2 14	192.185.28.92 192.185.28.92	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
1	163.181.92.228 163.181.92.228	24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.)
1	111.124.200.204 111.124.200.204	139203 (CHINANET-...) (CHINANET-GUIZHOU-GUIAN-IDC Guizhou GuiAn IDC)
14	4

1 192.185.140.149 (United States) 1 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 192-185-140-149.unifiedlayer.com

webdisk.login.ali-inc.starlitenails.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 192.185.28.92 (United States) 2 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 192-185-28-92.unifiedlayer.com

net1ease.thefixafence.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.181.92.228 (Frankfurt am Main, Germany)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)

urswebzj.nosdn.127.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 111.124.200.204 (China)

ASN139203 (CHINANET-GUIZHOU-GUIAN-IDC Guizhou GuiAn IDC, CN)

vip.163.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	thefixafence.com 2 redirects net1ease.thefixafence.com	1 MB
1	163.com vip.163.com — Cisco Umbrella Rank: 478327	809 B
1	127.net urswebzj.nosdn.127.net — Cisco Umbrella Rank: 132273	21 KB
1	starlitenails.com 1 redirects webdisk.login.ali-inc.starlitenails.com	109 B
14	4

	Domain	Requested by
14	net1ease.thefixafence.com	2 redirects net1ease.thefixafence.com
1	vip.163.com
1	urswebzj.nosdn.127.net	net1ease.thefixafence.com
1	webdisk.login.ali-inc.starlitenails.com	1 redirects
14	4

This site contains no links.

Subject Issuer	Validity	Valid
net1ease.thefixafence.com R10	`2024-08-25` - `2024-11-23`	3 months	crt.sh
*.nosdn.127.net GeoTrust RSA CN CA G2	`2024-05-30` - `2025-06-29`	a year	crt.sh
*.163.com GeoTrust RSA CN CA G2	`2024-03-28` - `2025-04-27`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://net1ease.thefixafence.com/z1/auwerfwerf.php?e=QHZpcC4xNjMuY29t&VHIwcDJZV250MExSRlZpYzRNdUI9UUhacGNDNHhOak11WTI5dCZmZ2FSZHpTQnZmY2dPWDFlWDIzTD1VUU1TQVZYaHJSRmwxOTdCUlhYNSZGend5MUVYT2p6Umo3bHIwcHBOVD1wTjFDOVh5SjNBTTU1U2ZXam92dA==
Frame ID: F2E61AEC8F13A61396EFD6DE4CB390B1
Requests: 14 HTTP requests in this frame

Frame: https://net1ease.thefixafence.com/z1/index_files/index_dl2_new.php?username=
Frame ID: 7E184C472CF41FE73E2235275E1F541C
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://webdisk.login.ali-inc.starlitenails.com/ HTTP 302
https://net1ease.thefixafence.com/z1?e=&fn=&usr= HTTP 301
https://net1ease.thefixafence.com/z1/?e=&fn=&usr= HTTP 302
https://net1ease.thefixafence.com/z1/auwerfwerf.php?e=QHZpcC4xNjMuY29t&VHIwcDJZV250MExSRlZpYzRNdUI9UUhacGNDNHh... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

1448 kB
Transfer

1584 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://webdisk.login.ali-inc.starlitenails.com/ HTTP 302
https://net1ease.thefixafence.com/z1?e=&fn=&usr= HTTP 301
https://net1ease.thefixafence.com/z1/?e=&fn=&usr= HTTP 302
https://net1ease.thefixafence.com/z1/auwerfwerf.php?e=QHZpcC4xNjMuY29t&VHIwcDJZV250MExSRlZpYzRNdUI9UUhacGNDNHhOak11WTI5dCZmZ2FSZHpTQnZmY2dPWDFlWDIzTD1VUU1TQVZYaHJSRmwxOTdCUlhYNSZGend5MUVYT2p6Umo3bHIwcHBOVD1wTjFDOVh5SjNBTTU1U2ZXam92dA== Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request auwerfwerf.php Show response
net1ease.thefixafence.com/z1/
Redirect Chain

https://webdisk.login.ali-inc.starlitenails.com/
https://net1ease.thefixafence.com/z1?e=&fn=&usr=
https://net1ease.thefixafence.com/z1/?e=&fn=&usr=
https://net1ease.thefixafence.com/z1/auwerfwerf.php?e=QHZpcC4xNjMuY29t&VHIwcDJZV250MExSRlZpYzRNdUI9UUhacGNDNHhOak11WTI5dCZmZ2FSZHpTQnZmY2dPWDFlWDIzTD1VUU1TQVZYaHJSRmwxOTdCUlhYNSZGend5MUVYT2p6Umo3bH...

43 KB
24 KB

133ms
133ms

Document
text/html

192.185.28.92
NETWORK-SOLUTIONS...

General

net1ease.thefixafence.com Open in urlscan Pro 192.185.28.92 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

1448 kBTransfer

1584 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

net1ease.thefixafence.com Open in urlscan Pro
192.185.28.92 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

1448 kB
Transfer

1584 kB
Size

1
Cookies

14 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!