ftaysunsdhyd.dns04.com Open in urlscan Pro
140.82.5.70 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://ftaysunsdhyd.dns04.com/1118139232-project-control-integrating-cost-and-schedule-in-construction.pdf
Submission: On December 18 via api (December 18th 2019, 6:00:18 pm UTC) from US

Summary HTTP 25 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 5 IPs in 5 countries across 4 domains to perform 25 HTTP transactions. The main IP is 140.82.5.70, located in Piscataway, United States and belongs to AS-CHOOPA - Choopa, LLC, US. The main domain is ftaysunsdhyd.dns04.com.

This is the only time ftaysunsdhyd.dns04.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Banking (Banking)

Domain & IP information

	IP Address	AS Autonomous System
20	140.82.5.70 140.82.5.70	20473 (AS-CHOOPA) (AS-CHOOPA - Choopa)
2	2001:4de0:ac1... 2001:4de0:ac19::1:b:1a	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	46.105.201.240 46.105.201.240	16276 (OVH) (OVH)
1	192.99.8.28 192.99.8.28	16276 (OVH) (OVH)
25	5

20 140.82.5.70 (Piscataway, United States)

ASN20473 (AS-CHOOPA - Choopa, LLC, US)
PTR: 140.82.5.70.vultr.com

ftaysunsdhyd.dns04.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac19::1:b:1a (Netherlands)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.201.240 (France)

ASN16276 (OVH, FR)

s10.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.99.8.28 (Richmond Hill, Canada)

ASN16276 (OVH, FR)
PTR: ns523448.ip-192-99-8.net

s4.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	dns04.com ftaysunsdhyd.dns04.com	145 KB
2	histats.com s10.histats.com s4.histats.com	5 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com	26 KB
1	googleapis.com fonts.googleapis.com	827 B
25	4

	Domain	Requested by
20	ftaysunsdhyd.dns04.com	ftaysunsdhyd.dns04.com
2	maxcdn.bootstrapcdn.com	ftaysunsdhyd.dns04.com
1	s4.histats.com	s10.histats.com
1	s10.histats.com	ftaysunsdhyd.dns04.com
1	fonts.googleapis.com	ftaysunsdhyd.dns04.com
25	5

This site contains links to these domains. Also see Links.

Domain
look.udncoeln.com

Subject Issuer	Validity	Valid
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-09-14` - `2020-10-13`	a year	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://ftaysunsdhyd.dns04.com/1118139232-project-control-integrating-cost-and-schedule-in-construction.pdf
Frame ID: 18D562FC90D2599CC7A1B01EB2CD0576
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Page Statistics

25
Requests

12 %
HTTPS

40 %
IPv6

4
Domains

5
Subdomains

5
IPs

5
Countries

177 kB
Transfer

325 kB
Size

7
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://look.udncoeln.com/offer?prod=2&ref=5162894&sub_id=signup2
Title: Create my account now

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 1118139232-project-control-integrating-cost-and-schedule-in-construction.pdf Show response
ftaysunsdhyd.dns04.com/ 13 KB
3 KB 356ms
249ms Document
text/html 140.82.5.70
Choopa

General

Domain/Path	Expires	Name / Value
ftaysunsdhyd.dns04.com/	1970-01-19 14:43:47	Name: HstCns4217918 Value: 1
ftaysunsdhyd.dns04.com/	1970-01-19 14:43:47	Name: HstCnv4217918 Value: 1
ftaysunsdhyd.dns04.com/	1970-01-19 14:43:47	Name: HstCfa4217918 Value: 1576691996650
ftaysunsdhyd.dns04.com/	1970-01-19 14:43:47	Name: HstPt4217918 Value: 1
ftaysunsdhyd.dns04.com/	1970-01-19 14:43:47	Name: HstPn4217918 Value: 1
ftaysunsdhyd.dns04.com/	1970-01-19 14:43:47	Name: HstCmu4217918 Value: 1576691996650
ftaysunsdhyd.dns04.com/	1970-01-19 14:43:47	Name: HstCla4217918 Value: 1576691996650

ftaysunsdhyd.dns04.com Open in urlscan Pro 140.82.5.70 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

25 Requests

12 %HTTPS

40 %IPv6

4 Domains

5 Subdomains

5 IPs

5 Countries

177 kBTransfer

325 kBSize

7 Cookies

1 Outgoing links

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

7 Cookies

Indicators

ftaysunsdhyd.dns04.com Open in urlscan Pro
140.82.5.70 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

12 %
HTTPS

40 %
IPv6

4
Domains

5
Subdomains

5
IPs

5
Countries

177 kB
Transfer

325 kB
Size

7
Cookies

25 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!