cp.simply-store.net Open in urlscan Pro
89.40.143.116 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cp.simply-store.net/index/
Effective URL:
https://cp.simply-store.net/index/part/?Token=d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00...
Submission: On October 31 via manual (October 31st 2022, 1:30:52 pm UTC) from DK — Scanned from DK

Summary HTTP 2 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 2 HTTP transactions. The main IP is 89.40.143.116, located in Italy and belongs to ASSEFLOW, IT. The main domain is cp.simply-store.net.
TLS certificate: Issued by R3 on October 31st 2022. Valid for: 3 months.

This is the only time cp.simply-store.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Simply.com (Online)

Domain & IP information

	IP Address		AS Autonomous System
2 4	89.40.143.116 89.40.143.116		49367 (ASSEFLOW) (ASSEFLOW)
2	2

4 89.40.143.116 (Italy) 2 redirects

ASN49367 (ASSEFLOW, IT)
PTR: 89-40-143-116.virtualsolution.net

cp.simply-store.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	simply-store.net 2 redirects cp.simply-store.net	575 KB
2	1

	Domain	Requested by
4	cp.simply-store.net	2 redirects cp.simply-store.net
2	1

This site contains no links.

Subject Issuer	Validity	Valid
store.artnersgarage.at R3	`2022-10-31` - `2023-01-29`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://cp.simply-store.net/index/part/?Token=d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e
Frame ID: A1580132005CA42E7FDAD1BB468DC32E
Requests: 1 HTTP requests in this frame

Frame: https://cp.simply-store.net/index/ids/
Frame ID: 84DA4621AC30E2715489ED922A35E63B
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

О؜؜؜rdе؜؜؜r - Sіmр؜؜؜lу؜؜؜.с؜؜؜о؜؜؜m Webhosting, WordPress and domains - ؜؜؜, Lо؜؜؜ɡ؜؜؜ɡ؜؜؜ іnn؜؜؜ CDU, online VTK - XFZJA

Page URL History Show full URLs

https://cp.simply-store.net/index/ HTTP 302
https://cp.simply-store.net/index/vps/index.php HTTP 302
https://cp.simply-store.net/index/part/?Token=d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998e... Page URL

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

890 kB
Transfer

898 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cp.simply-store.net/index/ HTTP 302
https://cp.simply-store.net/index/vps/index.php HTTP 302
https://cp.simply-store.net/index/part/?Token=d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
9 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response cp.simply-store.net/index/part/ Redirect Chain https://cp.simply-store.net/index/ https://cp.simply-store.net/index/vps/index.php https://cp.simply-store.net/index/part/?Token=d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e	1 KB 1 KB	70ms 70ms	Document text/html	89.40.143.116 ASSEFLOW
General Check archive.org Show headers Download Go to Full URL https://cp.simply-store.net/index/part/?Token=d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.40.143.116 , Italy, ASN49367 (ASSEFLOW, IT), Reverse DNS 89-40-143-116.virtualsolution.net Software Microsoft-IIS/10.0 / PHP/5.6.31 Resource Hash `44d1e03ec19dce79535b64d87ba3778be20172be8cbbbeb6738e6b78b0ad673e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language da-DK,da;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 content-length 1193 content-type text/html; charset=UTF-8 date Mon, 31 Oct 2022 13:30:47 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Microsoft-IIS/10.0 x-powered-by PHP/5.6.31 Redirect headers content-length 0 content-type text/html; charset=UTF-8 date Mon, 31 Oct 2022 13:30:46 GMT location https://cp.simply-store.net/index/part/?Token=d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e server Microsoft-IIS/10.0 x-powered-by PHP/5.6.31
GET H2	200	/ Show response cp.simply-store.net/index/ids/ Frame 84DA	573 KB 573 KB	72ms 72ms	Document text/html	89.40.143.116 ASSEFLOW
General Check archive.org Show headers Download Go to Full URL https://cp.simply-store.net/index/ids/ Requested by Host: cp.simply-store.net URL: https://cp.simply-store.net/index/part/?Token=d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 89.40.143.116 , Italy, ASN49367 (ASSEFLOW, IT), Reverse DNS 89-40-143-116.virtualsolution.net Software Microsoft-IIS/10.0 / PHP/5.6.31 Resource Hash `fc623fbec16bc5fd4a3b6a799a762e0016279c976ef7fc7ce75c11877c5edc6a` Request headers Referer https://cp.simply-store.net/index/part/?Token=d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language da-DK,da;q=0.9 Response headers content-length 586263 content-type text/html; charset=UTF-8 date Mon, 31 Oct 2022 13:30:47 GMT server Microsoft-IIS/10.0 x-powered-by PHP/5.6.31
GET DATA	200 OK	truncated / Frame 84DA	7 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d125a7457b8b517e14abead711399f59bff111a46b53ecaad98c14538adf8c7b` Request headers accept-language da-DK,da;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame 84DA	744 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9cc8368f8ee23383cd9923b45d46c2bdc61b4842360a8ff2b0c030b3833bdda0` Request headers accept-language da-DK,da;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame 84DA	181 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6366c6d793187d59eede3997c055dfa4b9f018203474f1a198803d88a885536e` Request headers accept-language da-DK,da;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8
GET DATA	200 OK	truncated / Frame 84DA	38 KB 38 KB		Font font/ttf
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `700d1bd17b880e43e8f46fc04e22dd463826b46803478603af240c4cb25c5dac` Request headers Referer Origin https://cp.simply-store.net accept-language da-DK,da;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Content-Type font/ttf
GET DATA	200 OK	truncated / Frame 84DA	38 KB 38 KB		Font font/ttf
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `58bc64f04419472b652d4c34b9b41d45e85ac0d0a3c8641d883b339d84df6d1e` Request headers Referer Origin https://cp.simply-store.net accept-language da-DK,da;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Content-Type font/ttf
GET DATA	200 OK	truncated / Frame 84DA	165 KB 165 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4de49631fe60b17010f7cda29a6236ca6ad6102ea204e5c31d2c1e79ee276938` Request headers Referer Origin https://cp.simply-store.net accept-language da-DK,da;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated / Frame 84DA	239 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c29517b4eb6b056475330a26a3f929c0523ef80268a8457ca5d44a7def3cdf44` Request headers accept-language da-DK,da;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame 84DA	75 KB 75 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c2497d559960ba9e1c68f41674e8bc980d3b229155e068bc7f42f157f81c4388` Request headers Referer Origin https://cp.simply-store.net accept-language da-DK,da;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated / Frame 84DA	37 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96` Request headers accept-language da-DK,da;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Content-Type image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Simply.com (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cp.simply-store.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: empebo5cigod7th8iqs553g9f3

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cp.simply-store.net
89.40.143.116
44d1e03ec19dce79535b64d87ba3778be20172be8cbbbeb6738e6b78b0ad673e
4de49631fe60b17010f7cda29a6236ca6ad6102ea204e5c31d2c1e79ee276938
58bc64f04419472b652d4c34b9b41d45e85ac0d0a3c8641d883b339d84df6d1e
6366c6d793187d59eede3997c055dfa4b9f018203474f1a198803d88a885536e
700d1bd17b880e43e8f46fc04e22dd463826b46803478603af240c4cb25c5dac
9cc8368f8ee23383cd9923b45d46c2bdc61b4842360a8ff2b0c030b3833bdda0
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c2497d559960ba9e1c68f41674e8bc980d3b229155e068bc7f42f157f81c4388
c29517b4eb6b056475330a26a3f929c0523ef80268a8457ca5d44a7def3cdf44
d125a7457b8b517e14abead711399f59bff111a46b53ecaad98c14538adf8c7b
fc623fbec16bc5fd4a3b6a799a762e0016279c976ef7fc7ce75c11877c5edc6a

cp.simply-store.net Open in urlscan Pro 89.40.143.116 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

2 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

890 kBTransfer

898 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

1 Cookies

Indicators

cp.simply-store.net Open in urlscan Pro
89.40.143.116 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

890 kB
Transfer

898 kB
Size

1
Cookies

2 HTTP transactions
9 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!