visaslabas.lt Open in urlscan Pro
5.199.164.95 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://visaslabas.lt/inc/plugins/filess/outlook/index.php
Submission: On July 09 via automatic, source phishtank (July 9th 2017, 6:30:40 pm UTC)

Summary HTTP 65 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 6 domains to perform 65 HTTP transactions. The main IP is 5.199.164.95, located in Lithuania and belongs to CHERRYSERVERS1-AS, LT. The main domain is visaslabas.lt.

This is the only time visaslabas.lt was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DocuSign (Online)

Domain & IP information

	IP Address	AS Autonomous System
48	5.199.164.95 5.199.164.95	16125 (CHERRYSER...) (CHERRYSERVERS1-AS)
1	206.188.193.49 206.188.193.49	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING - Network Solutions)
1	172.217.23.130 172.217.23.130	15169 (GOOGLE) (GOOGLE - Google Inc.)
2	2a00:1450:400... 2a00:1450:4001:814::200e	15169 (GOOGLE) (GOOGLE - Google Inc.)
65	5

48 5.199.164.95 (Lithuania)

ASN16125 (CHERRYSERVERS1-AS, LT)
PTR: srv.visaslabas.lt

visaslabas.lt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.visaslabas.lt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.188.193.49 (Jacksonville, United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING - Network Solutions, LLC, US)
PTR: vux.netsolhost.com

0055d7b.netsolhost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.130 (Mountain View, United States)

ASN15169 (GOOGLE - Google Inc., US)
PTR: fra16s18-in-f130.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::200e (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	visaslabas.lt visaslabas.lt www.visaslabas.lt	642 KB
2	google-analytics.com www.google-analytics.com	16 KB
1	googleadservices.com www.googleadservices.com	5 KB
1	netsolhost.com 0055d7b.netsolhost.com
0	google.de Failed www.google.de Failed
0	msocdn.com Failed prod.msocdn.com Failed
65	6

	Domain	Requested by
33	www.visaslabas.lt	visaslabas.lt www.visaslabas.lt
15	visaslabas.lt	visaslabas.lt
2	www.google-analytics.com	www.visaslabas.lt
1	www.googleadservices.com	www.visaslabas.lt
1	0055d7b.netsolhost.com	www.visaslabas.lt
0	www.google.de Failed	www.visaslabas.lt
0	prod.msocdn.com Failed	visaslabas.lt
65	7

This site contains links to these domains. Also see Links.

Domain
portal.office.com
g.microsoftonline.com

Subject Issuer	Validity	Valid
*.google-analytics.com Google Internet Authority G2	`2017-06-28` - `2017-09-20`	3 months	crt.sh

This page contains 3 frames:

Primary Page: http://visaslabas.lt/inc/plugins/filess/outlook/index.php
Frame ID: 2809.1
Requests: 32 HTTP requests in this frame

Frame: http://www.visaslabas.lt/
Frame ID: 2809.2
Requests: 32 HTTP requests in this frame

Frame: https://www.google.de/ads/user-lists/868155221/?random=1499625029702&cv=8&fst=1499625029702&num=1&fmt=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&frm=2&url=http%3A%2F%2Fwww.visaslabas.lt%2F&ref=http%3A%2F%2Fvisaslabas.lt%2Finc%2Fplugins%2Ffiless%2Foutlook%2Findex.php&tiba=UAB%20Visas%20Labas%20%7C%20Vonios%20%C4%AEranga%20%7C%20%C5%A0ildymas%20%7C%20V%C4%97dinimas&cdct=2&is_vtc=1&random=3861697104&fpvtc=/868155221/%3Frandom%3D986862618%26cv%3D8%26fst%3D1499623200000%26num%3D1%26fmt%3D1%26guid%3DON%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_his%3D2%26u_tz%3D0%26u_java%3Dfalse%26u_nplug%3D0%26u_nmime%3D0%26frm%3D2%26url%3Dhttp%253A%252F%252Fwww.visaslabas.lt%252F%26ref%3Dhttp%253A%252F%252Fvisaslabas.lt%252Finc%252Fplugins%252Ffiless%252Foutlook%252Findex.php%26tiba%3DUAB%2520Visas%2520Labas%2520%257C%2520Vonios%2520%25C4%25AEranga%2520%257C%2520%25C5%25A0ildymas%2520%257C%2520V%25C4%2597dinimas%26cdct%3D2%26is_vtc%3D1&ipr=y&ulfeg=n
Frame ID: 2809.3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

65
Requests

3 %
HTTPS

25 %
IPv6

6
Domains

7
Subdomains

5
IPs

3
Countries

662 kB
Transfer

1317 kB
Size

6
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://portal.office.com/SendSmile?wid=10
Title: Feedback

Search URL Search Domain Scan URL

URL: https://g.microsoftonline.com/0BX20en/142
Title: Community

Search URL Search Domain Scan URL

URL: https://g.microsoftonline.com/0BX20en/721
Title: Legal

Search URL Search Domain Scan URL

URL: https://g.microsoftonline.com/0BX20en/1305
Title: Privacy & cookies

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request 5

http://visaslabas.lt/inc/plugins/filess/outlook/Office%20365_files/MasterStyles15MVC.css
http://www.visaslabas.lt/

Request 7

http://visaslabas.lt/inc/plugins/filess/outlook/Office%20365_files/shellg2corecss_11377998.css
http://www.visaslabas.lt/

Request 9

http://visaslabas.lt/inc/plugins/filess/outlook/Office%20365_files/shellg2pluscss_baae2042.css
http://www.visaslabas.lt/

Request 13

http://visaslabas.lt/inc/plugins/filess/outlook/Office%20365_files/O365ShellG2Plus.js
http://www.visaslabas.lt/

Request 15

http://visaslabas.lt/16.00.1279.006/en-US/css/Fabric/0.10.3/fonts/office365icons.woff?
http://www.visaslabas.lt/

Request 27

http://visaslabas.lt/inc/plugins/filess/outlook/Office%20365_files/SuiteServiceProxy.htm
http://www.visaslabas.lt/

Request 28

http://visaslabas.lt/16.00.1279.006/en-US/css/Fabric/0.10.3/fonts/office365icons.ttf?
http://www.visaslabas.lt/

Request 58

http://visaslabas.lt/inc/plugins/filess/outlook/Office%20365_files/shellwofficons_f991c945.woff
http://www.visaslabas.lt/

Request 59

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

Request 60

https://www.google.com/ads/user-lists/868155221/?random=1499625029702&cv=8&fst=1499625029702&num=1&fmt=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&...
https://www.google.de/ads/user-lists/868155221/?random=1499625029702&cv=8&fst=1499625029702&num=1&fmt=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u...

Request 61

http://www.google-analytics.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=1168229875&utmhn=www.visaslabas.lt&utmcs=UTF-8&utmsr=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=UAB%20Visas%20Labas...
https://www.google-analytics.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=1168229875&utmhn=www.visaslabas.lt&utmcs=UTF-8&utmsr=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=UAB%20Visas%20Laba...

Request 62

http://visaslabas.lt/inc/plugins/filess/outlook/Office%20365_files/shellttficons_9739c58c.ttf
http://www.visaslabas.lt/

Request 63

http://visaslabas.lt/pp.l?CID=4d282929-551c-4ee1-998d-17a012b75264&pageId=home&d={B:{S:%27L%27,LT:3427,UT:-1,MT:1218},A:{ET:-1,OT:1,DT:1,CT:40,RT:80,ST:80,MT:1303,LT:3512},C:{LT:1499625030234}}
http://www.visaslabas.lt/

65 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request index.php Show response
visaslabas.lt/inc/plugins/filess/outlook/ 29 KB
7 KB 79ms
40ms Document
text/html 5.199.164.95
CHERRYSERVERS1-AS

General

Domain/Path	Expires	Name / Value
.www.visaslabas.lt/	2017-07-09 19:30:30	Name: frontend Value: 8803tvp9vjcdbkqkejkaupb0j2
.visaslabas.lt/	2018-01-08 06:30:29	Name: __utmz Value: 186683055.1499625030.1.1.utmcsr=visaslabas.lt\|utmccn=(referral)\|utmcmd=referral\|utmcct=/inc/plugins/filess/outlook/index.php
.visaslabas.lt/	2017-07-09 19:00:29	Name: __utmb Value: 186683055.1.10.1499625030
.visaslabas.lt/	2019-07-09 18:30:29	Name: __utma Value: 186683055.909988189.1499625030.1499625030.1499625030.1
.visaslabas.lt/	1970-01-01 00:00:00	Name: __utmc Value: 186683055
.visaslabas.lt/	2017-07-09 18:40:29	Name: __utmt Value: 1

visaslabas.lt Open in urlscan Pro 5.199.164.95 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

65 Requests

3 %HTTPS

25 %IPv6

6 Domains

7 Subdomains

5 IPs

3 Countries

662 kBTransfer

1317 kBSize

6 Cookies

4 Outgoing links

Redirected requests

65 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

visaslabas.lt Open in urlscan Pro
5.199.164.95 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

65
Requests

3 %
HTTPS

25 %
IPv6

6
Domains

7
Subdomains

5
IPs

3
Countries

662 kB
Transfer

1317 kB
Size

6
Cookies

65 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!