URL: https://waibobear.com/09663/start.php
Submission: On August 08 via manual from US

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 33 HTTP transactions. The main IP is 199.43.205.198, located in Mississauga, Canada and belongs to AS-AKN - ADVANCED KNOWLEDGE NETWORKS, CA. The main domain is waibobear.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 22nd 2019. Valid for: 3 months.
This is the only time waibobear.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Cox (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
10 199.43.205.198 14453 (AS-AKN)
4 5 45.60.47.167 19551 (INCAPSULA)
3 54.230.95.62 16509 (AMAZON-02)
33 4
Apex Domain
Subdomains
Transfer
10 waibobear.com
waibobear.com
19 KB
7 cox.com
idm.cox.com
ww2.cox.com
www.cox.com
9 KB
1 cox.net
idm.west.cox.net
images.cox.net Failed
0 demdex.net Failed
cox.demdex.net Failed
33 4
Domain Requested by
10 waibobear.com waibobear.com
3 www.cox.com waibobear.com
3 ww2.cox.com 3 redirects waibobear.com
1 idm.west.cox.net waibobear.com
1 idm.cox.com 1 redirects
0 cox.demdex.net Failed waibobear.com
0 images.cox.net Failed waibobear.com
33 7

This site contains links to these domains. Also see Links.

Domain
www.cox.com
store.cox.com
idm.east.cox.net
ww2.cox.com
Subject Issuer Validity Valid
beenfree.com
Let's Encrypt Authority X3
2019-07-22 -
2019-10-20
3 months crt.sh
idm.west.cox.net
Entrust Certification Authority - L1K
2019-01-10 -
2021-04-09
2 years crt.sh
www.cox.com
Entrust Certification Authority - L1K
2018-04-23 -
2020-04-23
2 years crt.sh

This page contains 3 frames:

Primary Page: https://waibobear.com/09663/start.php
Frame ID: ABF74A2E6D25755E03074DECF9DCE010
Requests: 31 HTTP requests in this frame

Frame: https://cox.demdex.net/dest5.html?d_nsid=0
Frame ID: B643EC9B5A87F2562591B57FE878E147
Requests: 1 HTTP requests in this frame

Frame: https://cox.demdex.net/dest4.html?d_nsid=0
Frame ID: 53F825987090FF9D6232735440DD8142
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i

Page Statistics

33
Requests

42 %
HTTPS

0 %
IPv6

4
Domains

7
Subdomains

4
IPs

2
Countries

25 kB
Transfer

76 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://idm.cox.com/SmMakeCookie.ccc?SMSESSION=LOGOFF&PERSIST=-SM-Thu%2c%2016%20Oct%202008%2011%3a40%3a12%20GMT&TARGET=-SM-https%3a%2f%2fidm%2ewest%2ecox%2enet%2fcss%2flogoff%2ecss HTTP 302
  • https://idm.west.cox.net/css/logoff.css
Request Chain 5
  • https://ww2.cox.com/wcm/en/common/css/login.css HTTP 301
  • https://www.cox.com/wcm/en/common/css/login.css
Request Chain 19
  • https://ww2.cox.com/wcm/en/common/image/login/interface/form/bg-button-left.png HTTP 301
  • https://www.cox.com/wcm/en/common/image/login/interface/form/bg-button-left.png
Request Chain 21
  • https://ww2.cox.com/wcm/en/common/image/login/interface/icon/lock.gif HTTP 301
  • https://www.cox.com/wcm/en/common/image/login/interface/icon/lock.gif

33 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request start.php
waibobear.com/09663/
30 KB
7 KB
Document
General
Full URL
https://waibobear.com/09663/start.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.43.205.198 Mississauga, Canada, ASN14453 (AS-AKN - ADVANCED KNOWLEDGE NETWORKS, CA),
Reverse DNS
tom.securedwebserver.net
Software
LiteSpeed /
Resource Hash
de4a118d052dc5cde2dc192fb04a832acec8ca2434890f470810da1ba9e36dad

Request headers

:method
GET
:authority
waibobear.com
:scheme
https
:path
/09663/start.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
content-type
text/html; charset=UTF-8
content-encoding
br
vary
Accept-Encoding
date
Thu, 08 Aug 2019 12:30:46 GMT
server
LiteSpeed
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
logoff.css
idm.west.cox.net/css/
Redirect Chain
  • https://idm.cox.com/SmMakeCookie.ccc?SMSESSION=LOGOFF&PERSIST=-SM-Thu%2c%2016%20Oct%202008%2011%3a40%3a12%20GMT&TARGET=-SM-https%3a%2f%2fidm%2ewest%2ecox%2enet%2fcss%2flogoff%2ecss
  • https://idm.west.cox.net/css/logoff.css
0
0
Stylesheet
General
Full URL
https://idm.west.cox.net/css/logoff.css
Requested by
Host: waibobear.com
URL: https://waibobear.com/09663/start.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.47.167 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://waibobear.com/09663/start.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

Date
Thu, 08 Aug 2019 12:30:51 GMT
X-CDN
Incapsula
p3p
CP="CAO OUR CURa ADMa DEVa PSAo PSDo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
X-Iinfo
13-1539464-1539465 NNNN CT(260 525 0) RT(1565267449954 135) q(0 0 8 0) r(11 11) U11
Connection
Keep-Alive
Content-Length
223
Access-Control-Allow-Headers
x-requested-with, Content-Type, origin, authorization, accept, client-security-token
Server
Apache
Location
https://idm.west.cox.net/css/logoff.css
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/html; charset=iso-8859-1
Access-Control-Allow-Origin
https://www.cox.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Keep-Alive
timeout=60, max=28800
presentation.css
waibobear.com/09663/data/
24 KB
5 KB
Stylesheet
General
Full URL
https://waibobear.com/09663/data/presentation.css
Requested by
Host: waibobear.com
URL: https://waibobear.com/09663/start.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.43.205.198 Mississauga, Canada, ASN14453 (AS-AKN - ADVANCED KNOWLEDGE NETWORKS, CA),
Reverse DNS
tom.securedwebserver.net
Software
LiteSpeed /
Resource Hash
4950055c9df7d8dc25f85693e477a2ad857c348842308e678f6d47f7f7d77876

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://waibobear.com/09663/start.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 12:30:46 GMT
content-encoding
br
last-modified
Wed, 07 Aug 2019 20:55:09 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
content-length
4661
expires
Thu, 15 Aug 2019 12:30:46 GMT
presentation.js
waibobear.com/09663/data/
0
0
Script
General
Full URL
https://waibobear.com/09663/data/presentation.js
Requested by
Host: waibobear.com
URL: https://waibobear.com/09663/start.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.43.205.198 Mississauga, Canada, ASN14453 (AS-AKN - ADVANCED KNOWLEDGE NETWORKS, CA),
Reverse DNS
tom.securedwebserver.net
Software
LiteSpeed /
Resource Hash

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://waibobear.com/09663/start.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Aug 2019 12:30:47 GMT
content-encoding
br
server
LiteSpeed
link
<https://waibobear.com/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
status
404
cache-control
no-store, no-cache, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
expires
Thu, 19 Nov 1981 08:52:00 GMT
vrf.js
waibobear.com/09663/data/
837 B
341 B
Script
General
Full URL
https://waibobear.com/09663/data/vrf.js
Requested by
Host: waibobear.com
URL: https://waibobear.com/09663/start.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.43.205.198 Mississauga, Canada, ASN14453 (AS-AKN - ADVANCED KNOWLEDGE NETWORKS, CA),
Reverse DNS
tom.securedwebserver.net
Software
LiteSpeed /
Resource Hash
7d5a5c37a2d52701039ac76f5beb7dc41cfc6e5672223c1a80766c103baecf29

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://waibobear.com/09663/start.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 12:30:46 GMT
content-encoding
br
last-modified
Wed, 07 Aug 2019 20:55:09 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
content-length
282
expires
Thu, 15 Aug 2019 12:30:46 GMT
logo-cox.png
waibobear.com/09663/data/
6 KB
6 KB
Image
General
Full URL
https://waibobear.com/09663/data/logo-cox.png
Requested by
Host: waibobear.com
URL: https://waibobear.com/09663/start.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.43.205.198 Mississauga, Canada, ASN14453 (AS-AKN - ADVANCED KNOWLEDGE NETWORKS, CA),
Reverse DNS
tom.securedwebserver.net
Software
LiteSpeed /
Resource Hash
b1fa90966f3bfc845c64d9865ea0ee2ce1610d00583c5d57b6ae5d6d9ec0548c

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://waibobear.com/09663/start.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 12:30:46 GMT
last-modified
Wed, 07 Aug 2019 20:55:09 GMT
server
LiteSpeed
content-type
image/png
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
content-length
6289
expires
Thu, 15 Aug 2019 12:30:46 GMT
login.css
www.cox.com/wcm/en/common/css/
Redirect Chain
  • https://ww2.cox.com/wcm/en/common/css/login.css
  • https://www.cox.com/wcm/en/common/css/login.css
13 KB
3 KB
Stylesheet
General
Full URL
https://www.cox.com/wcm/en/common/css/login.css
Requested by
Host: waibobear.com
URL: https://waibobear.com/09663/start.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.95.62 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-95-62.fra2.r.cloudfront.net
Software
Apache /
Resource Hash
17ba9f1acbce2bf77db6d56955aac392bb6c86167dcce797286211881b7faa59
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.cox.net *.cox.com *.coxbusiness.com coxcommunications.experiencecloud.adobe.com *.discovercoxonline.com
X-Xss-Protection 1

Request headers

Referer
https://waibobear.com/09663/start.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 12:30:57 GMT
content-encoding
gzip
x-cdn
Incapsula
x-amz-cf-pop
FRA2
x-cache
Miss from cloudfront
status
200
x-iinfo
5-22313704-22313723 NNNN CT(0 0 0) RT(1565267457684 100) q(0 0 0 2) r(1 1) U5
content-length
2604
x-xss-protection
1
x-ua-compatible
IE=edge
x-content-type
nosniff
last-modified
Wed, 23 Apr 2014 11:15:08 GMT
server
Apache
vary
Accept-Encoding,User-Agent
content-type
text/css
via
1.1 1a483cde6df004748f3e5c80dc46df26.cloudfront.net (CloudFront)
cache-control
max-age=86400, must-revalidate
content-security-policy
frame-ancestors *.cox.net *.cox.com *.coxbusiness.com coxcommunications.experiencecloud.adobe.com *.discovercoxonline.com
accept-ranges
bytes
x-amz-cf-id
gUTcayhIcy3PJPsdAxLtHQMkIvRf6uYyjfE96NaYHGjDzkw0ntYQuA==

Redirect headers

Date
Thu, 08 Aug 2019 12:30:48 GMT
Server
Apache
Content-Type
text/html; charset=iso-8859-1
Location
https://www.cox.com/wcm/en/common/css/login.css
X-Iinfo
5-4805064-4805079 NNNN CT(266 538 0) RT(1565267447016 148) q(0 0 8 0) r(11 11) U5
Connection
close
Content-Length
255
X-CDN
Incapsula
icon-livechat.png
waibobear.com/09663/data/
555 B
596 B
Image
General
Full URL
https://waibobear.com/09663/data/icon-livechat.png
Requested by
Host: waibobear.com
URL: https://waibobear.com/09663/start.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.43.205.198 Mississauga, Canada, ASN14453 (AS-AKN - ADVANCED KNOWLEDGE NETWORKS, CA),
Reverse DNS
tom.securedwebserver.net
Software
LiteSpeed /
Resource Hash
7fc9e371158249b0fe2f16d37cebc747fcc28c4149b457a4c3b4594d1174f0b1

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://waibobear.com/09663/start.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 12:30:46 GMT
last-modified
Wed, 07 Aug 2019 20:55:09 GMT
server
LiteSpeed
content-type
image/png
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
content-length
555
expires
Thu, 15 Aug 2019 12:30:46 GMT
bg-main-gradient.png
images.cox.net/ui/presentation/tsw/residential/img/interface/
0
0

header-footer.png
images.cox.net/ui/presentation/tsw/residential/img/interface/
0
0

tabs-active-residential-left.png
images.cox.net/ui/presentation/tsw/residential/img/interface/header/
0
0

tabs-active-right.png
images.cox.net/ui/presentation/tsw/residential/img/interface/header/
0
0

tabs-deactive-business-left.png
images.cox.net/ui/presentation/tsw/residential/img/interface/header/
0
0

tabs-deactive-business-right.png
images.cox.net/ui/presentation/tsw/residential/img/interface/header/
0
0

OpenSans-Regular-webfont.woff
waibobear.com/ui/presentation/tsw/css/fonts/
0
0
Font
General
Full URL
https://waibobear.com/ui/presentation/tsw/css/fonts/OpenSans-Regular-webfont.woff
Requested by
Host: waibobear.com
URL: https://waibobear.com/09663/start.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.43.205.198 Mississauga, Canada, ASN14453 (AS-AKN - ADVANCED KNOWLEDGE NETWORKS, CA),
Reverse DNS
tom.securedwebserver.net
Software
LiteSpeed /
Resource Hash

Request headers

Sec-Fetch-Mode
cors
Referer
https://waibobear.com/09663/data/presentation.css
Origin
https://waibobear.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Aug 2019 12:31:01 GMT
content-encoding
br
server
LiteSpeed
link
<https://waibobear.com/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
status
404
cache-control
no-store, no-cache, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
expires
Thu, 19 Nov 1981 08:52:00 GMT
nav-border.png
images.cox.net/ui/presentation/tsw/residential/img/interface/header/
0
0

bg-bd.png
ww2.cox.com/wcm/en/common/image/login/interface/module/
0
0

help-bubble-grey.png
ww2.cox.com/wcm/en/common/image/login/interface/tooltip/
0
0

bg-input-left.png
ww2.cox.com/wcm/en/common/image/login/interface/form/
0
0

bg-input.png
ww2.cox.com/wcm/en/common/image/login/interface/form/
0
0

bg-button-left.png
www.cox.com/wcm/en/common/image/login/interface/form/
Redirect Chain
  • https://ww2.cox.com/wcm/en/common/image/login/interface/form/bg-button-left.png
  • https://www.cox.com/wcm/en/common/image/login/interface/form/bg-button-left.png
457 B
1 KB
Image
General
Full URL
https://www.cox.com/wcm/en/common/image/login/interface/form/bg-button-left.png
Requested by
Host: waibobear.com
URL: https://waibobear.com/09663/start.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.95.62 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-95-62.fra2.r.cloudfront.net
Software
Apache /
Resource Hash
ac7d97d082b546ae647941c99bd38c22a9758939eeebbcc8717a332226031e40
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.cox.net *.cox.com *.coxbusiness.com coxcommunications.experiencecloud.adobe.com *.discovercoxonline.com
X-Xss-Protection 1

Request headers

Referer
https://www.cox.com/wcm/en/common/css/login.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 12:31:05 GMT
via
1.1 1a483cde6df004748f3e5c80dc46df26.cloudfront.net (CloudFront)
x-cdn
Incapsula
x-amz-cf-pop
FRA2
x-cache
Miss from cloudfront
status
200
x-iinfo
3-14993850-14993866 NNNN CT(17 37 0) RT(1565267465545 92) q(0 0 0 0) r(1 1) U5
content-length
457
x-xss-protection
1
x-ua-compatible
IE=edge
x-content-type
nosniff
last-modified
Wed, 03 Nov 2010 15:07:48 GMT
server
Apache
vary
User-Agent
content-type
image/png
cache-control
max-age=86400, must-revalidate
content-security-policy
frame-ancestors *.cox.net *.cox.com *.coxbusiness.com coxcommunications.experiencecloud.adobe.com *.discovercoxonline.com
accept-ranges
bytes
x-amz-cf-id
c8U64tyJ_L3lPCSa5kc-f27i7O9dlY0s-iWLttDBQx2vr-VEyIm96w==

Redirect headers

Date
Thu, 08 Aug 2019 12:31:05 GMT
Server
Apache
Content-Type
text/html; charset=iso-8859-1
Location
https://www.cox.com/wcm/en/common/image/login/interface/form/bg-button-left.png
X-Iinfo
4-3679255-3679259 NNNN CT(0 0 0) RT(1565267464614 135) q(0 0 0 -1) r(3 3) U5
Connection
close
Content-Length
287
X-CDN
Incapsula
bg-button.png
ww2.cox.com/wcm/en/common/image/login/interface/form/
0
0

lock.gif
www.cox.com/wcm/en/common/image/login/interface/icon/
Redirect Chain
  • https://ww2.cox.com/wcm/en/common/image/login/interface/icon/lock.gif
  • https://www.cox.com/wcm/en/common/image/login/interface/icon/lock.gif
564 B
1 KB
Image
General
Full URL
https://www.cox.com/wcm/en/common/image/login/interface/icon/lock.gif
Requested by
Host: waibobear.com
URL: https://waibobear.com/09663/start.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.95.62 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-95-62.fra2.r.cloudfront.net
Software
Apache /
Resource Hash
cbf38574be467245fe2cd27a3df9ed51a541c78419d6fb8bfdc2b4fee954ff32
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.cox.net *.cox.com *.coxbusiness.com coxcommunications.experiencecloud.adobe.com *.discovercoxonline.com
X-Xss-Protection 1

Request headers

Referer
https://www.cox.com/wcm/en/common/css/login.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 08 Aug 2019 12:31:05 GMT
via
1.1 1a483cde6df004748f3e5c80dc46df26.cloudfront.net (CloudFront)
x-cdn
Incapsula
x-amz-cf-pop
FRA2
x-cache
Miss from cloudfront
status
200
x-iinfo
10-31865189-31865210 NNNN CT(0 0 0) RT(1565267465538 94) q(0 0 0 0) r(0 0) U5
content-length
564
x-xss-protection
1
x-ua-compatible
IE=edge
x-content-type
nosniff
last-modified
Wed, 03 Nov 2010 15:07:56 GMT
server
Apache
vary
User-Agent
content-type
image/gif
cache-control
max-age=86400, must-revalidate
content-security-policy
frame-ancestors *.cox.net *.cox.com *.coxbusiness.com coxcommunications.experiencecloud.adobe.com *.discovercoxonline.com
accept-ranges
bytes
x-amz-cf-id
nuohXt1KibPCDw1vmmVhHqFq9Gft-pp3NBeEtF2kEGyWwDr9f6gJ7A==

Redirect headers

Date
Thu, 08 Aug 2019 12:31:05 GMT
Server
Apache
Content-Type
text/html; charset=iso-8859-1
Location
https://www.cox.com/wcm/en/common/image/login/interface/icon/lock.gif
X-Iinfo
14-3124855-3124860 NNNN CT(0 0 0) RT(1565267464610 134) q(0 0 0 0) r(3 3) U5
Connection
close
Content-Length
277
X-CDN
Incapsula
divider.png
images.cox.net/ui/presentation/tsw/residential/img/interface/footer/
0
0

social-you-tube.png
images.cox.net/ui/presentation/tsw/residential/img/interface/footer/
0
0

social-facebook.png
images.cox.net/ui/presentation/tsw/residential/img/interface/footer/
0
0

social-twitter.png
images.cox.net/ui/presentation/tsw/residential/img/interface/footer/
0
0

social-google-plus.png
images.cox.net/ui/presentation/tsw/residential/img/interface/footer/
0
0

OpenSans-Semibold-webfont.woff
waibobear.com/ui/presentation/tsw/css/fonts/
0
0
Font
General
Full URL
https://waibobear.com/ui/presentation/tsw/css/fonts/OpenSans-Semibold-webfont.woff
Requested by
Host: waibobear.com
URL: https://waibobear.com/09663/start.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.43.205.198 Mississauga, Canada, ASN14453 (AS-AKN - ADVANCED KNOWLEDGE NETWORKS, CA),
Reverse DNS
tom.securedwebserver.net
Software
LiteSpeed /
Resource Hash

Request headers

Sec-Fetch-Mode
cors
Referer
https://waibobear.com/09663/data/presentation.css
Origin
https://waibobear.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Aug 2019 12:31:01 GMT
content-encoding
br
server
LiteSpeed
link
<https://waibobear.com/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
status
404
cache-control
no-store, no-cache, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
expires
Thu, 19 Nov 1981 08:52:00 GMT
dest5.html
cox.demdex.net/ Frame B643
0
0

dest4.html
cox.demdex.net/ Frame 53F8
0
0

OpenSans-Regular-webfont.ttf
waibobear.com/ui/presentation/tsw/css/fonts/
0
0
Font
General
Full URL
https://waibobear.com/ui/presentation/tsw/css/fonts/OpenSans-Regular-webfont.ttf
Requested by
Host: waibobear.com
URL: https://waibobear.com/09663/start.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.43.205.198 Mississauga, Canada, ASN14453 (AS-AKN - ADVANCED KNOWLEDGE NETWORKS, CA),
Reverse DNS
tom.securedwebserver.net
Software
LiteSpeed /
Resource Hash

Request headers

Sec-Fetch-Mode
cors
Referer
https://waibobear.com/09663/data/presentation.css
Origin
https://waibobear.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Aug 2019 12:31:02 GMT
content-encoding
br
server
LiteSpeed
link
<https://waibobear.com/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
status
404
cache-control
no-store, no-cache, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
expires
Thu, 19 Nov 1981 08:52:00 GMT
OpenSans-Semibold-webfont.ttf
waibobear.com/ui/presentation/tsw/css/fonts/
0
0
Font
General
Full URL
https://waibobear.com/ui/presentation/tsw/css/fonts/OpenSans-Semibold-webfont.ttf
Requested by
Host: waibobear.com
URL: https://waibobear.com/09663/start.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.43.205.198 Mississauga, Canada, ASN14453 (AS-AKN - ADVANCED KNOWLEDGE NETWORKS, CA),
Reverse DNS
tom.securedwebserver.net
Software
LiteSpeed /
Resource Hash

Request headers

Sec-Fetch-Mode
cors
Referer
https://waibobear.com/09663/data/presentation.css
Origin
https://waibobear.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Aug 2019 12:31:02 GMT
content-encoding
br
server
LiteSpeed
link
<https://waibobear.com/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
status
404
cache-control
no-store, no-cache, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
expires
Thu, 19 Nov 1981 08:52:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
images.cox.net
URL
https://images.cox.net/ui/presentation/tsw/residential/img/interface/bg-main-gradient.png
Domain
images.cox.net
URL
https://images.cox.net/ui/presentation/tsw/residential/img/interface/header-footer.png
Domain
images.cox.net
URL
https://images.cox.net/ui/presentation/tsw/residential/img/interface/header/tabs-active-residential-left.png
Domain
images.cox.net
URL
https://images.cox.net/ui/presentation/tsw/residential/img/interface/header/tabs-active-right.png
Domain
images.cox.net
URL
https://images.cox.net/ui/presentation/tsw/residential/img/interface/header/tabs-deactive-business-left.png
Domain
images.cox.net
URL
https://images.cox.net/ui/presentation/tsw/residential/img/interface/header/tabs-deactive-business-right.png
Domain
images.cox.net
URL
https://images.cox.net/ui/presentation/tsw/residential/img/interface/header/nav-border.png
Domain
ww2.cox.com
URL
https://ww2.cox.com/wcm/en/common/image/login/interface/module/bg-bd.png
Domain
ww2.cox.com
URL
https://ww2.cox.com/wcm/en/common/image/login/interface/tooltip/help-bubble-grey.png
Domain
ww2.cox.com
URL
https://ww2.cox.com/wcm/en/common/image/login/interface/form/bg-input-left.png
Domain
ww2.cox.com
URL
https://ww2.cox.com/wcm/en/common/image/login/interface/form/bg-input.png
Domain
ww2.cox.com
URL
https://ww2.cox.com/wcm/en/common/image/login/interface/form/bg-button.png
Domain
images.cox.net
URL
https://images.cox.net/ui/presentation/tsw/residential/img/interface/footer/divider.png
Domain
images.cox.net
URL
https://images.cox.net/ui/presentation/tsw/residential/img/interface/footer/social-you-tube.png
Domain
images.cox.net
URL
https://images.cox.net/ui/presentation/tsw/residential/img/interface/footer/social-facebook.png
Domain
images.cox.net
URL
https://images.cox.net/ui/presentation/tsw/residential/img/interface/footer/social-twitter.png
Domain
images.cox.net
URL
https://images.cox.net/ui/presentation/tsw/residential/img/interface/footer/social-google-plus.png
Domain
cox.demdex.net
URL
https://cox.demdex.net/dest5.html?d_nsid=0
Domain
cox.demdex.net
URL
https://cox.demdex.net/dest4.html?d_nsid=0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Cox (Telecommunication)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| checkform function| formSub function| logPANentry

0 Cookies