urlscan.io logo urlscan.io
SecurityTrails logo

verificanetinfo.ddns.net Open in urlscan Pro
23.94.49.164  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://katesufremuwoculi.cafowocruwesat.summeraugust.xyz/triwomokosucra/ObzEfLD5
Effective URL: https://verificanetinfo.ddns.net/center/c6ca6b9557d896e5?=ObzEfLD5
Submission: On October 23 via manual from CL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 5 HTTP transactions. The main IP is 23.94.49.164, located in Atlanta, United States and belongs to AS-COLOCROSSING - ColoCrossing, US. The main domain is verificanetinfo.ddns.net.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 16th 2018. Valid for: 3 months.
This is the only time verificanetinfo.ddns.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 23.95.11.83 36352 (AS-COLOCR...)
1 2 23.94.49.164 36352 (AS-COLOCR...)
1 205.185.208.52 20446 (HIGHWINDS3)
3 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
5 4
Domain Requested by
3 assets.nflxext.com
2 verificanetinfo.ddns.net 1 redirects
1 code.jquery.com verificanetinfo.ddns.net
1 katesufremuwoculi.cafowocruwesat.summeraugust.xyz 1 redirects
5 4

This site contains no links.

Subject Issuer Validity Valid
verificanetinfo.ddns.net
Let's Encrypt Authority X3		 2018-10-16 -
2019-01-14		 3 months crt.sh
jquery.org
COMODO RSA Domain Validation Secure Server CA		 2018-10-17 -
2020-10-16		 2 years crt.sh
assets.nflxext.com
DigiCert SHA2 Secure Server CA		 2018-03-09 -
2020-03-09		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://verificanetinfo.ddns.net/center/c6ca6b9557d896e5?=ObzEfLD5
Frame ID: 13BAC87AFDD909221813F26F618CFC95
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://katesufremuwoculi.cafowocruwesat.summeraugust.xyz/triwomokosucra/ObzEfLD5 HTTP 302
    http://verificanetinfo.ddns.net/center/c6ca6b9557d896e5?=ObzEfLD5 HTTP 301
    https://verificanetinfo.ddns.net/center/c6ca6b9557d896e5?=ObzEfLD5 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Debian/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

5
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

40 kB
Transfer

97 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://katesufremuwoculi.cafowocruwesat.summeraugust.xyz/triwomokosucra/ObzEfLD5 HTTP 302
    http://verificanetinfo.ddns.net/center/c6ca6b9557d896e5?=ObzEfLD5 HTTP 301
    https://verificanetinfo.ddns.net/center/c6ca6b9557d896e5?=ObzEfLD5 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request c6ca6b9557d896e5
verificanetinfo.ddns.net/center/
Redirect Chain
  • http://katesufremuwoculi.cafowocruwesat.summeraugust.xyz/triwomokosucra/ObzEfLD5
  • http://verificanetinfo.ddns.net/center/c6ca6b9557d896e5?=ObzEfLD5
  • https://verificanetinfo.ddns.net/center/c6ca6b9557d896e5?=ObzEfLD5
20 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://verificanetinfo.ddns.net/center/c6ca6b9557d896e5?=ObzEfLD5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.94.49.164 Atlanta, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
vc2.bizservices.in
Software
Apache/2.4.10 (Debian) /
Resource Hash
7d8b08e9e7be59bb265efd764cd7f1a09575bc696ffd0cd0e23bd4e7e5f61c3c

Request headers

Host
verificanetinfo.ddns.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 23 Oct 2018 15:38:21 GMT
Server
Apache/2.4.10 (Debian)
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
7282
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Tue, 23 Oct 2018 15:38:21 GMT
Server
Apache/2.4.10 (Debian)
Location
https://verificanetinfo.ddns.net/center/c6ca6b9557d896e5?=ObzEfLD5
Content-Length
364
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
jquery-3.3.1.slim.min.js
code.jquery.com/ 		68 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.3.1.slim.min.js
Requested by
Host: verificanetinfo.ddns.net
URL: https://verificanetinfo.ddns.net/center/c6ca6b9557d896e5?=ObzEfLD5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.208.52 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip052.ssl.hwcdn.net
Software
nginx /
Resource Hash
dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://verificanetinfo.ddns.net/center/c6ca6b9557d896e5?=ObzEfLD5
Origin
https://verificanetinfo.ddns.net

Response headers

Date
Tue, 23 Oct 2018 15:38:23 GMT
Content-Encoding
gzip
Last-Modified
Sat, 20 Jan 2018 17:26:44 GMT
Server
nginx
ETag
W/"5a637bd4-1111d"
Vary
Accept-Encoding
X-HW
1540309103.dop019.fr8.shc,1540309103.dop019.fr8.t,1540309103.cds122.fr8.c
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
24038
10_18_2014_icon_amex_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.nflxext.com/ffe/siteui/acquisition/payment/10_18_2014_icon_amex_37x25.png
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:286::33c4 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
8ecdaac15d3a735629ac94ec194ea046e3387e8fb5315e043b093725bf21591a

Request headers

Referer
https://verificanetinfo.ddns.net/center/c6ca6b9557d896e5?=ObzEfLD5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 23 Oct 2018 15:38:23 GMT
last-modified
Wed, 19 Nov 2014 17:18:37 GMT
server
Apache
content-md5
K2OFuI6NBcXvqmodovelug==
content-type
image/png
status
200
cache-control
public, max-age=46671697
accept-ranges
bytes
content-length
1573
expires
Wed, 15 Apr 2020 20:00:00 GMT
12_05_2017_icon_master_33x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.nflxext.com/ffe/siteui/acquisition/payment/12_05_2017_icon_master_33x25.png
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:286::33c4 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
ed120beb869dfaf483128601dca83072784b5c8dfca4a54a2cb37f6409498832

Request headers

Referer
https://verificanetinfo.ddns.net/center/c6ca6b9557d896e5?=ObzEfLD5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 23 Oct 2018 15:38:23 GMT
last-modified
Wed, 06 Dec 2017 04:47:02 GMT
server
Apache
content-md5
ZlSqGI+GHw2HBZcLYfH0mw==
content-type
image/png
status
200
cache-control
public, max-age=46671697
accept-ranges
bytes
content-length
4639
expires
Wed, 15 Apr 2020 20:00:00 GMT
12_11_2014_icon_visa_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.nflxext.com/ffe/siteui/acquisition/payment/12_11_2014_icon_visa_37x25.png
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:286::33c4 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
7334c16dc04df9eef7152086d519c011301cdbf891aacff4dd28db3d09d32e42

Request headers

Referer
https://verificanetinfo.ddns.net/center/c6ca6b9557d896e5?=ObzEfLD5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 23 Oct 2018 15:38:23 GMT
last-modified
Thu, 11 Dec 2014 21:58:16 GMT
server
Apache
content-md5
AlPW3H84IVL0lrk4tEXlHQ==
content-type
image/png
status
200
cache-control
public, max-age=46671697
accept-ranges
bytes
content-length
1947
expires
Wed, 15 Apr 2020 20:00:00 GMT
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0c12d5374247e16fced565a207d010bf39f1eb55ee0394581ced67b2e6fa7b92

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

0 Cookies