urlscan.io logo urlscan.io
SecurityTrails logo

www.cpackline.com Open in urlscan Pro
104.221.193.40  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://cpackline.com/tmp/jsonplist.html
Effective URL: http://www.cpackline.com/tmp/jsonplist.html
Submission: On December 27 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 8 HTTP transactions. The main IP is 104.221.193.40, located in Los Angeles, United States and belongs to ESITED - eSited Solutions, US. The main domain is www.cpackline.com.
This is the only time www.cpackline.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bet365 (Entertainment)

Domain & IP information

IP Address AS Autonomous System
1 4 104.221.193.40 22552 (ESITED)
2 2606:4700:30:... 13335 (CLOUDFLAR...)
1 1 185.10.104.110 55967 (CNNIC-BAI...)
1 103.235.46.39 55967 (CNNIC-BAI...)
1 2001:438:fffd... 6461 (ZAYO-6461)
8 5
4    104.221.193.40 (Los Angeles, United States)

ASN22552 (ESITED - eSited Solutions, US)
cpackline.com
www.cpackline.com
2    2606:4700:30::6818:675a (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.xpj6666.org
1    185.10.104.110 (Ascension Island)

ASN55967 (CNNIC-BAIDU-AP Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
ss1.bdstatic.com
1    103.235.46.39 (Hong Kong)

ASN55967 (CNNIC-BAIDU-AP Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
www.baidu.com
1    2001:438:fffd:98::5 (United States)

ASN6461 (ZAYO-6461 - Zayo Bandwidth, US)
www.gov.cn
Domain Requested by
3 www.cpackline.com www.cpackline.com
2 www.xpj6666.org www.cpackline.com
1 www.gov.cn www.cpackline.com
1 www.baidu.com www.cpackline.com
1 ss1.bdstatic.com 1 redirects
1 cpackline.com 1 redirects
0 push.zhanzhang.baidu.com Failed www.cpackline.com
8 7

This site contains links to these domains. Also see Links.

Domain
www.gov.cn
Subject Issuer Validity Valid
sni254512.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-12-26 -
2020-07-03		 6 months crt.sh
baidu.com
GlobalSign Organization Validation CA - SHA256 - G2		 2019-05-09 -
2020-06-25		 a year crt.sh

This page contains 2 frames:

Primary Page: http://www.cpackline.com/tmp/jsonplist.html
Frame ID: F01255729B93A53891A4EB46D13E7625
Requests: 7 HTTP requests in this frame

Frame: https://www.xpj6666.org/
Frame ID: 3601C46EE83B6F3B0216263C1C96AC8B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://cpackline.com/tmp/jsonplist.html HTTP 301
    http://www.cpackline.com/tmp/jsonplist.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

8
Requests

38 %
HTTPS

40 %
IPv6

5
Domains

7
Subdomains

5
IPs

3
Countries

58 kB
Transfer

85 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://cpackline.com/tmp/jsonplist.html HTTP 301
    http://www.cpackline.com/tmp/jsonplist.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://ss1.bdstatic.com/70cFuXSh_Q1YnxGkpoWK1HF6hhy/it/u=127797215,3674913516&fm=15&gp=0.jpg HTTP 302
  • https://www.baidu.com/search/error.html

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set jsonplist.html
www.cpackline.com/tmp/
Redirect Chain
  • http://cpackline.com/tmp/jsonplist.html
  • http://www.cpackline.com/tmp/jsonplist.html
4 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.cpackline.com/tmp/jsonplist.html
Protocol
HTTP/1.1
Server
104.221.193.40 Los Angeles, United States, ASN22552 (ESITED - eSited Solutions, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / PHP/5.4.45 ASP.NET
Resource Hash
eb22f46b726d65c3e070a13b3cd287eefd56898684a3410a0a7921ce985f6ad9

Request headers

Host
www.cpackline.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Content-Type
text/html; charset=gbk
Content-Encoding
gzip
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Vary
Accept-Encoding
Server
Microsoft-IIS/8.5
X-Powered-By
PHP/5.4.45 ASP.NET
Set-Cookie
ZDEDebuggerPresent=php,phtml,php3; path=/ PHPSESSID=b4e40gcitpqe97jn207bd0vl11; path=/
Date
Fri, 27 Dec 2019 12:13:34 GMT
Connection
close
Content-Length
2144

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Content-Type
text/html; charset=UTF-8
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Location
http://www.cpackline.com/tmp/jsonplist.html
Server
Microsoft-IIS/8.5
X-Powered-By
PHP/5.4.45 ASP.NET
Set-Cookie
ZDEDebuggerPresent=php,phtml,php3; path=/ PHPSESSID=bef298qjlm9e9am8005a4fuvl2; path=/
Date
Fri, 27 Dec 2019 12:13:33 GMT
Content-Length
166
jquery-1.8.3.min.js
www.cpackline.com/tmp/js/ 		67 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.cpackline.com/tmp/js/jquery-1.8.3.min.js
Requested by
Host: www.cpackline.com
URL: http://www.cpackline.com/tmp/jsonplist.html
Protocol
HTTP/1.1
Server
104.221.193.40 Los Angeles, United States, ASN22552 (ESITED - eSited Solutions, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / PHP/5.4.45, ASP.NET
Resource Hash
79ea34e47b2b2f3004c8da26396b60545e614252b22a902a9c767985a3650e79

Request headers

Referer
http://www.cpackline.com/tmp/jsonplist.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 27 Dec 2019 12:13:34 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.5
X-Powered-By
PHP/5.4.45, ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript;charset=gbk
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Length
41356
Expires
Thu, 19 Nov 1981 08:52:00 GMT
jq.js
www.xpj6666.org/ 		1 KB
802 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.xpj6666.org/jq.js
Requested by
Host: www.cpackline.com
URL: http://www.cpackline.com/tmp/jsonplist.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:675a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa53512800135bd85aaa8542c351f3ec4d7b2212aef5e027b2692fc0c136af89

Request headers

Referer
http://www.cpackline.com/tmp/jsonplist.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 27 Dec 2019 12:13:36 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Sun, 24 Mar 2019 09:38:57 GMT
server
cloudflare
etag
W/"411-584d3db6760ff"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
54bb359e4c45c2a9-FRA
error.html
www.baidu.com/search/
Redirect Chain
  • https://ss1.bdstatic.com/70cFuXSh_Q1YnxGkpoWK1HF6hhy/it/u=127797215,3674913516&fm=15&gp=0.jpg
  • https://www.baidu.com/search/error.html
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.baidu.com/search/error.html
Requested by
Host: www.cpackline.com
URL: http://www.cpackline.com/tmp/jsonplist.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.39 , Hong Kong, ASN55967 (CNNIC-BAIDU-AP Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://www.cpackline.com/tmp/jsonplist.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date
Fri, 27 Dec 2019 12:13:37 GMT
ohc-response-time
0 0 0 0 459 459
server
JSP3/2.0.14
access-control-allow-origin
*
location
https://www.baidu.com/search/error.html
content-type
text/plain; charset=utf-8
status
302
accept-ranges
bytes
content-length
0
pushinfo.js
www.gov.cn/pushinfo/v150203/ 		12 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.gov.cn/pushinfo/v150203/pushinfo.js
Requested by
Host: www.cpackline.com
URL: http://www.cpackline.com/tmp/jsonplist.html
Protocol
HTTP/1.1
Server
2001:438:fffd:98::5 , United States, ASN6461 (ZAYO-6461 - Zayo Bandwidth, US),
Reverse DNS
Software
Apache /
Resource Hash
8302ece997e9658513b80476983c85e1d76c3d96bfbe1eec73cf1ca02529e8dd

Request headers

Referer
http://www.cpackline.com/tmp/jsonplist.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 27 Dec 2019 12:13:36 GMT
Last-Modified
Thu, 26 Dec 2019 14:34:56 GMT
Server
Apache
ETag
"ac0010-30b2-59a9c47ef6400"
X-Cache
HIT from BC243_US-Washington-seattle-1-cache-3(baishan)
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
12466
X-Ser
BC24_dx-lt-yd-zhejiang-jinhua-5-cache-2, BC201_US-DistColumbia-washingtonDC-1-cache-1, BC243_US-Washington-seattle-1-cache-3
/
www.xpj6666.org/ Frame 3601 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.xpj6666.org/
Requested by
Host: www.cpackline.com
URL: http://www.cpackline.com/tmp/jsonplist.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:675a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
www.xpj6666.org
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
http://www.cpackline.com/tmp/jsonplist.html
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://www.cpackline.com/tmp/jsonplist.html

Response headers

status
200
date
Fri, 27 Dec 2019 12:13:38 GMT
content-type
text/html
set-cookie
__cfduid=d01326f516611e596ad3856c17580df711577448817; expires=Sun, 26-Jan-20 12:13:37 GMT; path=/; domain=.xpj6666.org; HttpOnly; SameSite=Lax
last-modified
Fri, 30 Aug 2019 06:46:47 GMT
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
54bb35a7df57c2a9-FRA
content-encoding
br
push.js
push.zhanzhang.baidu.com/ 		0
0
arr2.gif
www.cpackline.com/tmp/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.cpackline.com/tmp/images/arr2.gif
Requested by
Host: www.cpackline.com
URL: http://www.cpackline.com/tmp/jsonplist.html
Protocol
HTTP/1.1
Server
104.221.193.40 Los Angeles, United States, ASN22552 (ESITED - eSited Solutions, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / PHP/5.4.45, ASP.NET
Resource Hash
cddafccc081936b78ebeb38b2429127105dc880670214f81db5dfb8120ff1a18

Request headers

Referer
http://www.cpackline.com/tmp/jsonplist.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 27 Dec 2019 12:13:35 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
PHP/5.4.45, ASP.NET
Content-Type
image/gif
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Length
1096
Expires
Thu, 19 Nov 1981 08:52:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
push.zhanzhang.baidu.com
URL
http://push.zhanzhang.baidu.com/push.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bet365 (Entertainment)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery string| ss

0 Cookies