poseidon.hongkongserver.net
Open in
urlscan Pro
47.91.188.225
Malicious Activity!
Public Scan
Submitted URL: https://darcydavis.com/favicon.php
Effective URL: https://poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/login.php?ip=185.158.119.236
Submission: On November 19 via automatic, source phishtank
Effective URL: https://poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/login.php?ip=185.158.119.236
Submission: On November 19 via automatic, source phishtank
Summary
This website contacted 1 IPs
in 2 countries
across 2 domains to perform 13 HTTP transactions.
The main IP is 47.91.188.225, located in
San Mateo, United States and
belongs to CNNIC-ALIBABA-CN-NET-AP Alibaba (China) Technology Co., Ltd., CN.
The main domain is poseidon.hongkongserver.net.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 21st 2018. Valid for: a year.
This is the only time poseidon.hongkongserver.net was scanned on urlscan.io!
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 21st 2018. Valid for: a year.
This is the only time poseidon.hongkongserver.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online) Apple (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 208.88.5.100 208.88.5.100 | 36218 (CIRRUSTEC...) (CIRRUSTECHLTD - Cirrus Tech Ltd.) | |
| 3 16 | 47.91.188.225 47.91.188.225 | 45102 (CNNIC-ALI...) (CNNIC-ALIBABA-CN-NET-AP Alibaba (China) Technology Co.) | |
| 13 | 1 |
1
208.88.5.100
(Toronto, Canada)
ASN36218 (CIRRUSTECHLTD - Cirrus Tech Ltd., CA)
PTR: radon.hostmds.com
ASN36218 (CIRRUSTECHLTD - Cirrus Tech Ltd., CA)
PTR: radon.hostmds.com
| darcydavis.com |
16
47.91.188.225
(San Mateo, United States)
ASN45102 (CNNIC-ALIBABA-CN-NET-AP Alibaba (China) Technology Co., Ltd., CN)
PTR: poseidon.hongkongserver.net
ASN45102 (CNNIC-ALIBABA-CN-NET-AP Alibaba (China) Technology Co., Ltd., CN)
PTR: poseidon.hongkongserver.net
| poseidon.hongkongserver.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 16 |
hongkongserver.net
3 redirects
poseidon.hongkongserver.net |
75 KB |
| 1 |
darcydavis.com
1 redirects
darcydavis.com |
271 B |
| 13 | 2 |
| Domain | Requested by | |
|---|---|---|
| 16 | poseidon.hongkongserver.net |
3 redirects
poseidon.hongkongserver.net
|
| 1 | darcydavis.com | 1 redirects |
| 13 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| poseidon.hongkongserver.net cPanel, Inc. Certification Authority |
2018-04-21 - 2019-04-21 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/login.php?ip=185.158.119.236
Frame ID: A436ABF8213CA532CA1B750AAE438892
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://darcydavis.com/favicon.php
HTTP 302
https://poseidon.hongkongserver.net/~lmmwcxtu/1/ HTTP 302
https://poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207 HTTP 301
https://poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/ HTTP 302
https://poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/login.php?ip=185.158.119.236 Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- url /\.php(?:$|\?)/i
LiteSpeed
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /^LiteSpeed$/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://darcydavis.com/favicon.php
HTTP 302
https://poseidon.hongkongserver.net/~lmmwcxtu/1/ HTTP 302
https://poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207 HTTP 301
https://poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/ HTTP 302
https://poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/login.php?ip=185.158.119.236 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
login.php
poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/ Redirect Chain
|
4 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
hok.js
poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/ |
20 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login.css
poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/assets/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
header.css
poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/assets/css/ |
497 B 305 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
footer.css
poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/assets/css/ |
234 B 274 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-1.11.3.min.js
poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/assets/js/ |
94 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
validationEngine.js
poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/assets/js/ |
6 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
appCheck.js
poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/assets/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
headerLogo.png
poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/assets/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
appCheck.js
poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/assets/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
footer.png
poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/assets/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
left.png
poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/assets/img/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
header.png
poseidon.hongkongserver.net/~lmmwcxtu/1/5cb33f987707acecfbd6975bcd8d6207/assets/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online) Apple (Online)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| Aes object| Base64 object| Utf8 string| hea2p string| hea2t string| output string| ctrTxt function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
darcydavis.com
poseidon.hongkongserver.net
208.88.5.100
47.91.188.225
0b4bb2ba35c2df698e4f9c5d40b851e7e343f00726fadb2a217ddbd4a7a1fa73
212bdbf9a56a3ad9e5912119cf1f85092e70e5a98a0bffd243bb65cd8b080658
40d19a3e1293a39a2cd091794d60b88e390a2d828e1cbebba5e3b8c46cedd944
5433fdb590daa9a86a62ee7d07a0d98535a148dbf6e9df503e06a0ada0897372
7d1fe2e2415e714306ae74b62ee2ade91120e79f9b014308bedd7344592b540c
8349b21e10f886a1b77ebad7cde7c1906f362ab574f1cac0c266c57e8eefe0e8
847c86ae982abe9180233276125b930b4a1b6f1bd12649b0c07535c1e984def8
84ea438a19665b87a874a0d2305d401cd395a524374178a818b26dbeebbd5857
9a53d0fe879fc2fb0494d0822d664e72b67c0f8e086fd69847a5b270a1952198
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
f9420da0d3043a589e266b0785a9455ce58d1d3ec9fe4296cf99478d09cfa22f