www9.newcomercode.net
Open in
urlscan Pro
85.13.157.212
Malicious Activity!
Public Scan
Submitted URL: http://capiital1.com/
Effective URL: https://www9.newcomercode.net/
Submission: On September 09 via api from US — Scanned from DE
Effective URL: https://www9.newcomercode.net/
Submission: On September 09 via api from US — Scanned from DE
Summary
This website contacted 3 IPs
in 2 countries
across 5 domains to perform 15 HTTP transactions.
The main IP is 85.13.157.212, located in
Germany and
belongs to NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE.
The main domain is www9.newcomercode.net.
TLS certificate: Issued by R3 on August 21st 2021. Valid for: 3 months.
This is the only time www9.newcomercode.net was scanned on urlscan.io!
TLS certificate: Issued by R3 on August 21st 2021. Valid for: 3 months.
This is the only time www9.newcomercode.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Lion's Den Scam (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 2 | 23.82.12.30 23.82.12.30 | 30633 (LEASEWEB-...) (LEASEWEB-USA-WDC) | |
| 2 2 | 173.192.101.24 173.192.101.24 | 36351 (SOFTLAYER) (SOFTLAYER) | |
| 1 1 | 13.248.219.100 13.248.219.100 | 16509 (AMAZON-02) (AMAZON-02) | |
| 13 | 85.13.157.212 85.13.157.212 | 34788 (NMM-AS D) (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68) | |
| 1 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 15 | 3 |
2
173.192.101.24
(Dallas, United States)
ASN36351 (SOFTLAYER, US)
PTR: 18.65.c0ad.ip4.static.sl-reverse.com
ASN36351 (SOFTLAYER, US)
PTR: 18.65.c0ad.ip4.static.sl-reverse.com
| mybetterdl.com | |
| p185689.mybetterdl.com |
1
13.248.219.100
(United States)
ASN16509 (AMAZON-02, US)
PTR: abaa834e320054d4d.awsglobalaccelerator.com
ASN16509 (AMAZON-02, US)
PTR: abaa834e320054d4d.awsglobalaccelerator.com
| rb.gy |
13
85.13.157.212
(Germany)
ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE)
PTR: dd40608.kasserver.com
ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE)
PTR: dd40608.kasserver.com
| www9.newcomercode.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 13 |
newcomercode.net
www9.newcomercode.net |
629 KB |
| 2 |
mybetterdl.com
2 redirects
mybetterdl.com p185689.mybetterdl.com |
1 KB |
| 2 |
capiital1.com
1 redirects
capiital1.com |
3 KB |
| 1 |
bootstrapcdn.com
netdna.bootstrapcdn.com |
7 KB |
| 1 |
rb.gy
1 redirects
rb.gy |
221 B |
| 15 | 5 |
| Domain | Requested by | |
|---|---|---|
| 13 | www9.newcomercode.net |
capiital1.com
www9.newcomercode.net |
| 2 | capiital1.com | 1 redirects |
| 1 | netdna.bootstrapcdn.com |
www9.newcomercode.net
|
| 1 | rb.gy | 1 redirects |
| 1 | p185689.mybetterdl.com | 1 redirects |
| 1 | mybetterdl.com | 1 redirects |
| 15 | 6 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| wofo-offers.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| www9.newcomercode.net R3 |
2021-08-21 - 2021-11-19 |
3 months | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-03-01 - 2022-02-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www9.newcomercode.net/
Frame ID: F1A184F36338CFE9A8F2ADE2D8C54D17
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
TAZPage URL History Show full URLs
- http://capiital1.com/ Page URL
-
http://capiital1.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTYzMTE...
HTTP 302
https://mybetterdl.com/aS/feedclick?s=EUEFNSLDhHsKg2DaWTq2KI8uDhK_8R6jZHDKZGtRZ0awNFsuYEBhHYLUfaDR_... HTTP 302
https://p185689.mybetterdl.com/adServe/domainClick?ai=IMh5EoW_2OoytLAg21JEdJn5Txe1nqW5yzPKUfQncVy407H84asSw... HTTP 302
https://rb.gy/rkj4uy HTTP 301
https://www9.newcomercode.net/ Page URL
Detected technologies
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
URL: https://wofo-offers.com/bitcoin-system/index-de.html?e=1&funnel_id=236&ld_id=bfeadckgwqjcd-iv&tp_advertiser_id=1&tp_affiliate_id=6&tp_id=1&tp_offer_id=137&ts_id=bfeadckgwqjcd-kg&tp_aff_sub=ADW1_DE
Title: Folge um ein System
Title: Folge um ein System
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://capiital1.com/ Page URL
-
http://capiital1.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTYzMTE3OTIyMiwiaWF0IjoxNjMxMTcyMDIyLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIycWhoY2p2dGlkaDZsbGJjZGcwbmp0cWMiLCJuYmYiOjE2MzExNzIwMjIsInRzIjoxNjMxMTcyMDIyODUwNjg5fQ.V1tcRWrkX9sZwyQsylHPai7KqHdOew-n5PUe1Lh_g60&sid=6564927a-113e-11ec-8064-3cfcc4420837
HTTP 302
https://mybetterdl.com/aS/feedclick?s=EUEFNSLDhHsKg2DaWTq2KI8uDhK_8R6jZHDKZGtRZ0awNFsuYEBhHYLUfaDR__NeVVH-ImtJpPaG_Nh80WMmwqfTqqBykvhwGVatJqgR1xMoDKoyvP4nOVIrIFFzO-PqxlOmzgR5fh3nQoQZVtH1UcHY6z5T2K7NFT_4ZRcycYiJeYpos6ipJ3M0y_hfsYme0ZaIuuvkueubp7kZArPGd-bIlRKPSvCQLUfCj9pxNtstF2JDRcB1fjYpVUBW9mUtnYgY0I_ShN62OJGiFDF-sGkYYsTD3QDzNi0zWTGf8VK8t3zSjl0UZNw9lGFN_r1k6Fb4wZvu6iwIVyJ0-oWh2ndFBZo9DU-NYGUVl1leqHDKmzZmkr9IBWjZ6tueqBTzHrxx3Bep3oL8lC34NRufEELJegJa_gpw-0J4lNgVq1BPccQvSZm0LcoNiPGfqtIBZ2TRmTCi_mAW19wyd3SAtUJt0vhnMaXTA5K5_EoxPMPVYw48wKlH1h7CrCfs1qPBgMc_nAoPrAD3-ul--FLfBhnC7cKdTbftHruV-WEfYuFeov7d-qmJTfgeM01-v8HtdMZkNrgMluE3Vl4HTuCI9GQeSwVTGwIV4iwL27DO9Wdq-FZnrKzy1TE6uUoxiJe3jbeIrNUUOSxhMOmsEVTsuJ6_gkRj1RUs_3pNwAjiqQO6tvyghvQht4En9goylcgQx6HwKz_ljpb55LV80fysUtCtzdlG7ZSZ1jx094CmnBLjPTYmfWjoVE4i9cTfdbkqR1f9Fpb41ZHGc3tDj8iL6ocSjfmQDhPcDYXCEHYRbcS51j8av-n5jhcbaZ7tUsbrHQ95V39nMoQ6j6_bITQ8Ow2WrtUJcj2Eex-TaETWqwUyJtRlOJ4LSy23qIF2mxGpu3yT36a6bn5Ksyw5VI6sUh6LB51TyPTJkY_vvHDi4uCv2i922LN2oPrDIQavpWNPZ4xwCrW3wekbO7pWllwGdVGZXxgmhR3INz-QU0tQexjS1sjTSDdvxjTnBG6KLohwyqV7tETR7cP-o1a3gHjZa1GVWyseWWwK6c7oiDTpxDaQOdy-Ktbcd--YqskXimRCL7oeqEmQLKbq9IaY6LYxIZWMdLhVZ-b57MywwUPf5i78p2MqbkZWZerxMcIMxGZ8Dd6khgw1xizWMeetFs7qVMcs-YHfoW8vHIJ5SbpGXDuzV43JffXLd2OozLLYQrKtqiDFTLoVLz5YlXd2pUmbquaUtUUC10IQf2-HFh5IolVHUVgE-cuaYByljerSDS5-QwaQOvadgw6aCoXbwbleoAVM9bqSn6ZQoyEOp_uQSuZDrOLfQ0JDqPiWyyEnr6j57lePxzD8FZrHLPmB36FvLxoe69ovvZ0w42_V6lH_sVR52jM6-Hyv0gap56scovdyCYToM-EFzmI HTTP 302
https://p185689.mybetterdl.com/adServe/domainClick?ai=IMh5EoW_2OoytLAg21JEdJn5Txe1nqW5yzPKUfQncVy407H84asSwVRWFCqhBHPYfbTIcJq106M_RFaBcwr6-p1LGVWYVlTz_tvSyZhB3Zme2-kMvWtZh0n96h-moH0m1Q8x4Kyer7Xr2iPLc49PEXpJ7WBPyAKhJnDLTJ0ijWesFnB-eWnMmXaz2tUGY1MywXkLx8HD-sP08czw3vFiJWtdnt_Lrhn8xIM-F2T9IJsA6I4B8spzdfq1VQcFG0q_7cxV8pdl6qeNnUqwZB1wttfL2tY4RhRiPI3aj7cR-FAiUOPEN66SyzZXxnX9w3KH1wgeoYy4_2BwF5GYn3cQm7mTKB2lpsLjbWnaHeEFBufsfIEQ6j_a0nnaMzr4fK_SBqnnqxyi93Klu56Ibtjf36CO8S7VjsMM&ui=EUEFNSLDhHsKg2DaWTq2KPbWwvziNp_1xLgNeF8Zj-jpyO_wc6B2L2HjccrCSYlSJc-XiS9sMo_WkUvZm2TfYITilp6hf-zayLePPL6cj2eT5YcmVJB6vw&si=1&oref=08effb99e3ac96c097ca6bd7d3bb97df&optunit=Sf3qH6agfSYa0M9BYWejQw&rb=QTWv0rczs9k&rr=1&abtg=0 HTTP 302
https://rb.gy/rkj4uy HTTP 301
https://www9.newcomercode.net/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
capiital1.com/ |
469 B 826 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
/
www9.newcomercode.net/ Redirect Chain
|
17 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.js
www9.newcomercode.net/files/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
styles.css
www9.newcomercode.net/files/ |
13 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
hd-hero1.jpg
www9.newcomercode.net/files/ |
118 KB 119 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
2018-03-28_12.jpg
www9.newcomercode.net/files/ |
188 KB 190 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
carsten-maschmeyer-und-judith-williams.jpg
www9.newcomercode.net/files/ |
71 KB 72 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ccccc.jpg
www9.newcomercode.net/files/ |
138 KB 139 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prof1.jpg
www9.newcomercode.net/files/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prof2.jpg
www9.newcomercode.net/files/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prof3.jpg
www9.newcomercode.net/files/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prof4.jpg
www9.newcomercode.net/files/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prof5.jpg
www9.newcomercode.net/files/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
184dc9ab-6565-4fbf-a6a5-27cb70a870e3.jpg
www9.newcomercode.net/files/ |
62 KB 62 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
font-awesome.min.css
netdna.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Lion's Den Scam (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery object| dayNames object| monthNames object| now3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .capiital1.com/ | Name: sid Value: 6564927a-113e-11ec-8064-3cfcc4420837 |
|
| .mybetterdl.com/ | Name: rhid Value: 79585138890 |
|
| .mybetterdl.com/ | Name: loi Value: ad_1120153_off_565021_aff_90058_cid_185689-CAPIITAL1.COM_ts_1631172024 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
capiital1.com
mybetterdl.com
netdna.bootstrapcdn.com
p185689.mybetterdl.com
rb.gy
www9.newcomercode.net
13.248.219.100
173.192.101.24
23.82.12.30
2606:4700::6812:bcf
85.13.157.212
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
1707346b93ea4f91be70ba1d144c800813af2ef6d7bf2a9785665d2e9764b4c8
44d22dd34c6e3f0c9253be6aa002e79f353981ba21ec8b5f92c1a82923d65908
4f51b53dba3c024c6ddb381aa17367a54be11c30b3a9411d9b0691aa3493882e
5e4a39e9f9298e25b326bd92f08b9cca6b15f0d617677c8ef2a6a3c037a8a0a1
6ef18c874e412f0827a0830ddf7f9f6ace52e3ba01e85dfb0de890601d085b30
70d81524ff46cf40ab5b8dafa8597489819bed792aeffde58837e55b99013464
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
a472856f502af25298eed6a7387693fe3e21bc93ae0b8ab98b7a717d94a6df65
ac82b39e64db16df0c9d59832a78d60ca919fb39f39e22c1dd63e70d960cffb2
c155aa91c885690a76b7980782929e024d0a9c1c0eb718467f1984b190e91e39
df99f7229bbfb0bdf5ed771fca5acc2fcbe96e41429bc2b2451f238c42d3f948
f5653349d4d9eade79c3484fc521672332ffba22afbf1022e80ecb56973814c4
f6894acedc5915b51c9f1857f0da8ea062475edaff3b391b7cd7ffdf7115ad91