cerensa.com - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 3 HTTP transactions. The main IP is 52.25.102.203, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is cerensa.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on June 26th 2023. Valid for: a year.

This is the only time cerensa.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aruba (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	52.25.102.203 52.25.102.203	16509 (AMAZON-02) (AMAZON-02)
2	146.75.40.193 146.75.40.193	54113 (FASTLY) (FASTLY)
3	2

1 52.25.102.203 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-25-102-203.us-west-2.compute.amazonaws.com

cerensa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 146.75.40.193 (Seattle, United States)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	imgur.com i.imgur.com — Cisco Umbrella Rank: 7022	206 KB
1	cerensa.com cerensa.com	1 KB
3	2

	Domain	Requested by
2	i.imgur.com	cerensa.com
1	cerensa.com
3	2

This site contains no links.

Subject Issuer	Validity	Valid
cerensa.com Amazon RSA 2048 M01	`2023-06-26` - `2024-07-24`	a year	crt.sh
*.imgur.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-13` - `2024-03-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://cerensa.com/wp-admin/user/dxb02l0g1n/8d8dea056d8851ac761d20e72211125fb28dea056d8851ac761d20e72211125fb2ea056d88518dea056d8851ac761d20e7221118dea056d8851ac761d20e72211125fb225fb2ac761d20e72211125fb2/incorrect_password.htm
Frame ID: 3ECC1C80390D54F0BB7373521DE33AB3
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Webmail Aruba

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

207 kB
Transfer

208 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request incorrect_password.htm Show response
cerensa.com/wp-admin/user/dxb02l0g1n/8d8dea056d8851ac761d20e72211125fb28dea056d8851ac761d20e72211125fb2ea056d88518dea056d8851ac761d20e7221118dea056d8851ac761d20e72211125fb225fb2ac761d20e72211125fb2/ 3 KB
1 KB 382ms
125ms Document
text/html 52.25.102.203
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cerensa.com/wp-admin/user/dxb02l0g1n/8d8dea056d8851ac761d20e72211125fb28dea056d8851ac761d20e72211125fb2ea056d88518dea056d8851ac761d20e7221118dea056d8851ac761d20e72211125fb225fb2ac761d20e72211125fb2/incorrect_password.htm

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.25.102.203 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-25-102-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

240a8cfaf7b2f89f29d024f32c8970f662877bce88dc6cdaa2e1e274c6602f0e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 1162
content-type: text/html
date: Mon, 30 Oct 2023 21:34:29 GMT
etag: "bd6-608eb7e2ebffc-gzip"
last-modified: Mon, 30 Oct 2023 09:16:27 GMT
server: Apache
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 UWfFUZB.png
i.imgur.com/ 2 KB
3 KB 329ms
109ms Image
image/png 146.75.40.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/UWfFUZB.png

Requested by

Host: cerensa.com
URL: https://cerensa.com/wp-admin/user/dxb02l0g1n/8d8dea056d8851ac761d20e72211125fb28dea056d8851ac761d20e72211125fb2ea056d88518dea056d8851ac761d20e7221118dea056d8851ac761d20e72211125fb225fb2ac761d20e72211125fb2/incorrect_password.htm

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.40.193 Seattle, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

7a80a64c5c148c9ca57e3a91bbf541b61fb0a45eb46d9cc79ce89ca8de5ec6eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://cerensa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 21:34:29 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD55-P2
age: 3487075
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
content-length: 2441
x-served-by: cache-iad-kjyo7100070-IAD, cache-bfi-kbfi7400035-BFI
last-modified: Tue, 06 Jun 2023 01:01:23 GMT
server: cat factory 1.0
x-timer: S1698701669.456917,VS0,VE2
etag: "ff58b4f699cca381d9a3e554d2436ce6"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: UfBgkqlR5nm3EInBnHrRcSN9dxVAqnY92YBn-UdjK4ED6JLIoCVhWg==
x-cache-hits: 105, 1

GET
H2 200 0V0kAkf.png
i.imgur.com/ 202 KB
203 KB 393ms
173ms Image
image/png 146.75.40.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/0V0kAkf.png

Requested by

Host: cerensa.com
URL: https://cerensa.com/wp-admin/user/dxb02l0g1n/8d8dea056d8851ac761d20e72211125fb28dea056d8851ac761d20e72211125fb2ea056d88518dea056d8851ac761d20e7221118dea056d8851ac761d20e72211125fb225fb2ac761d20e72211125fb2/incorrect_password.htm

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.40.193 Seattle, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

24cfa1091dd59573ead3e4479ec74b86e7cb34950a1301d20f3ae7e398e693ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://cerensa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 21:34:29 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 43079
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
content-length: 207350
x-served-by: cache-iad-kcgs7200093-IAD, cache-bfi-kbfi7400035-BFI
last-modified: Tue, 12 Sep 2023 18:32:10 GMT
server: cat factory 1.0
x-timer: S1698701669.456985,VS0,VE66
etag: "6b84ffa8440b25916e756ac3aa2db579"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: BrE1W7_bLUQDK-JSqmc3zvU0YJiBUCrunfe2uB55k9vIsUEMGzczDQ==
x-cache-hits: 1, 1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aruba (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cerensa.com
i.imgur.com
146.75.40.193
52.25.102.203
240a8cfaf7b2f89f29d024f32c8970f662877bce88dc6cdaa2e1e274c6602f0e
24cfa1091dd59573ead3e4479ec74b86e7cb34950a1301d20f3ae7e398e693ca
7a80a64c5c148c9ca57e3a91bbf541b61fb0a45eb46d9cc79ce89ca8de5ec6eb

cerensa.com Open in urlscan Pro 52.25.102.203 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

3 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

207 kBTransfer

208 kBSize

0 Cookies

0 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

cerensa.com Open in urlscan Pro
52.25.102.203 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

207 kB
Transfer

208 kB
Size

0
Cookies

3 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!