urlscan.io logo urlscan.io
SecurityTrails logo

zmvcu.usa.cc Open in urlscan Pro
51.68.106.167  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://zmvcu.usa.cc/xls.shhet/xls/
Effective URL: http://zmvcu.usa.cc/xls.shhet/xls/4kswuxfybtridgdsieu55jef.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fi...
Submission: On September 20 via api from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 11 HTTP transactions. The main IP is 51.68.106.167, located in United Kingdom and belongs to OVH, FR. The main domain is zmvcu.usa.cc.
This is the only time zmvcu.usa.cc was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

IP Address AS Autonomous System
1 9 51.68.106.167 16276 (OVH)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
11 5
9    51.68.106.167 (United Kingdom)

ASN16276 (OVH, FR)
PTR: ip167.ip-51-68-106.eu
zmvcu.usa.cc
1    2a00:1450:4001:820::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
fonts.googleapis.com
2    2a00:1450:4001:816::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
1    2a00:1450:400c:c00::9d (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
stats.g.doubleclick.net
1    2a00:1450:4001:820::2004 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google.com
1    2a00:1450:4001:820::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google.de
Apex Domain
Subdomains		 Transfer
9 usa.cc
zmvcu.usa.cc
4 MB
2 google-analytics.com
www.google-analytics.com
17 KB
1 google.de
www.google.de
109 B
1 google.com
www.google.com
191 B
1 doubleclick.net
stats.g.doubleclick.net
160 B
1 googleapis.com
fonts.googleapis.com
1021 B
11 6
Domain Requested by
9 zmvcu.usa.cc 1 redirects zmvcu.usa.cc
2 www.google-analytics.com 1 redirects zmvcu.usa.cc
1 www.google.de zmvcu.usa.cc
1 www.google.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 fonts.googleapis.com zmvcu.usa.cc
11 6

This site contains no links.

Subject Issuer Validity Valid
*.google-analytics.com
Google Internet Authority G3		 2018-08-28 -
2018-11-20		 3 months crt.sh
*.google.com
Google Internet Authority G3		 2018-08-28 -
2018-11-20		 3 months crt.sh

This page contains 3 frames:

Primary Page: http://zmvcu.usa.cc/xls.shhet/xls/4kswuxfybtridgdsieu55jef.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Frame ID: DF46486F4F4C01CD7C72461CEEEE53EC
Requests: 3 HTTP requests in this frame

Frame: http://zmvcu.usa.cc/xls.shhet/xls/log.php?email=
Frame ID: D5A94204E96C79A28BEB9A98DAA783FF
Requests: 1 HTTP requests in this frame

Frame: http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
Frame ID: A0E2B5E5890AF2F119CB6F64D05AC07A
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://zmvcu.usa.cc/xls.shhet/xls/ HTTP 302
    http://zmvcu.usa.cc/xls.shhet/xls/4kswuxfybtridgdsieu55jef.php?rand=13InboxLightaspxn.1774256418... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

11
Requests

18 %
HTTPS

83 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

3648 kB
Transfer

3680 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://zmvcu.usa.cc/xls.shhet/xls/ HTTP 302
    http://zmvcu.usa.cc/xls.shhet/xls/4kswuxfybtridgdsieu55jef.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • http://www.google-analytics.com/ga.js HTTP 307
  • https://www.google-analytics.com/ga.js
Request Chain 10
  • http://www.google-analytics.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=829510945&utmhn=zmvcu.usa.cc&utmcs=UTF-8&utmsr=1600x1200&utmvp=504x276&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmhid=1007966614&utmr=0&utmp=%2Fxls.shhet%2Fxls%2Flogins.php%3Femail%3D&utmht=1537425790571&utmac=UA-43981329-1&utmcc=__utma%3D224540305.1100244447.1537425791.1537425791.1537425791.1%3B%2B__utmz%3D224540305.1537425791.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=9759970&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 307
  • https://www.google-analytics.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=829510945&utmhn=zmvcu.usa.cc&utmcs=UTF-8&utmsr=1600x1200&utmvp=504x276&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmhid=1007966614&utmr=0&utmp=%2Fxls.shhet%2Fxls%2Flogins.php%3Femail%3D&utmht=1537425790571&utmac=UA-43981329-1&utmcc=__utma%3D224540305.1100244447.1537425791.1537425791.1537425791.1%3B%2B__utmz%3D224540305.1537425791.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=9759970&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-43981329-1&cid=1100244447.1537425791&jid=9759970&_v=5.6.7&z=829510945 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-43981329-1&cid=1100244447.1537425791&jid=9759970&_v=5.6.7&z=829510945 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-43981329-1&cid=1100244447.1537425791&jid=9759970&_v=5.6.7&z=829510945&slf_rd=1&random=3283457258

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 4kswuxfybtridgdsieu55jef.php
zmvcu.usa.cc/xls.shhet/xls/
Redirect Chain
  • http://zmvcu.usa.cc/xls.shhet/xls/
  • http://zmvcu.usa.cc/xls.shhet/xls/4kswuxfybtridgdsieu55jef.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.r...
19 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://zmvcu.usa.cc/xls.shhet/xls/4kswuxfybtridgdsieu55jef.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Server
51.68.106.167 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip167.ip-51-68-106.eu
Software
Apache /
Resource Hash
8664775044762a3301c1419f457f75bbcd25aafdc3c48263bd8011174e5b1b7f

Request headers

Host
zmvcu.usa.cc
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Cookie
PHPSESSID=tj2cifqsvl3ujj3890iicedot1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 20 Sep 2018 06:41:48 GMT
Server
Apache
Keep-Alive
timeout=5, max=97
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Thu, 20 Sep 2018 06:41:48 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
PHPSESSID=tj2cifqsvl3ujj3890iicedot1; path=/
Location
4kswuxfybtridgdsieu55jef.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4#n=1252899642&fid=1&fav=1
Keep-Alive
timeout=5, max=98
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7900a6daf04859fef2501b2cf08851772deae586328d56d79a36e86c689851c5

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
pobg.gif
zmvcu.usa.cc/xls.shhet/xls/ 		3 MB
3 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://zmvcu.usa.cc/xls.shhet/xls/pobg.gif
Requested by
Host: zmvcu.usa.cc
URL: http://zmvcu.usa.cc/xls.shhet/xls/4kswuxfybtridgdsieu55jef.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Server
51.68.106.167 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip167.ip-51-68-106.eu
Software
Apache /
Resource Hash
a210b28a6b1be655e3f077da0b9be0e2384cc4d0424add48d7690b8ef27f807a

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
zmvcu.usa.cc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://zmvcu.usa.cc/xls.shhet/xls/4kswuxfybtridgdsieu55jef.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Cookie
PHPSESSID=tj2cifqsvl3ujj3890iicedot1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://zmvcu.usa.cc/xls.shhet/xls/4kswuxfybtridgdsieu55jef.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 20 Sep 2018 06:41:48 GMT
Last-Modified
Thu, 01 Dec 2016 21:09:30 GMT
Server
Apache
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
3547074
log.php
zmvcu.usa.cc/xls.shhet/xls/ Frame D5A9 		183 B
389 B 		Document
General
Check archive.org
Download Go to
Full URL
http://zmvcu.usa.cc/xls.shhet/xls/log.php?email=
Requested by
Host: zmvcu.usa.cc
URL: http://zmvcu.usa.cc/xls.shhet/xls/4kswuxfybtridgdsieu55jef.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Server
51.68.106.167 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip167.ip-51-68-106.eu
Software
Apache /
Resource Hash
34dfaa33f2fcb5148536abc84b9c683ede1a05f203b43ba82865543c8132461b

Request headers

Host
zmvcu.usa.cc
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://zmvcu.usa.cc/xls.shhet/xls/4kswuxfybtridgdsieu55jef.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Accept-Encoding
gzip, deflate
Cookie
PHPSESSID=tj2cifqsvl3ujj3890iicedot1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://zmvcu.usa.cc/xls.shhet/xls/4kswuxfybtridgdsieu55jef.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4

Response headers

Date
Thu, 20 Sep 2018 06:41:48 GMT
Server
Apache
Keep-Alive
timeout=5, max=96
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
logins.php
zmvcu.usa.cc/xls.shhet/xls/ Frame A0E2 		6 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
Requested by
Host: zmvcu.usa.cc
URL: http://zmvcu.usa.cc/xls.shhet/xls/log.php?email=
Protocol
HTTP/1.1
Server
51.68.106.167 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip167.ip-51-68-106.eu
Software
Apache /
Resource Hash
713dbcc2ace08f96aa9fc64a23e0ed047ea3d1984575631ebc4ff3397f48eea1

Request headers

Host
zmvcu.usa.cc
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://zmvcu.usa.cc/xls.shhet/xls/log.php?email=
Accept-Encoding
gzip, deflate
Cookie
PHPSESSID=tj2cifqsvl3ujj3890iicedot1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://zmvcu.usa.cc/xls.shhet/xls/log.php?email=

Response headers

Date
Thu, 20 Sep 2018 06:41:48 GMT
Server
Apache
Keep-Alive
timeout=5, max=95
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
ga.js
zmvcu.usa.cc/xls.shhet/xls/ Frame A0E2 		42 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://zmvcu.usa.cc/xls.shhet/xls/ga.js
Requested by
Host: zmvcu.usa.cc
URL: http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
Protocol
HTTP/1.1
Server
51.68.106.167 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip167.ip-51-68-106.eu
Software
Apache /
Resource Hash
4e2ed635abf0b2dcbac3ea04d16ccf58bb2195364d65b76190f03da0f43255c5

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
zmvcu.usa.cc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
Cookie
PHPSESSID=tj2cifqsvl3ujj3890iicedot1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 20 Sep 2018 06:41:48 GMT
Last-Modified
Thu, 01 Dec 2016 21:09:24 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=94
Content-Length
43082
jquery.js
zmvcu.usa.cc/xls.shhet/xls/ Frame A0E2 		94 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://zmvcu.usa.cc/xls.shhet/xls/jquery.js
Requested by
Host: zmvcu.usa.cc
URL: http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
Protocol
HTTP/1.1
Server
51.68.106.167 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip167.ip-51-68-106.eu
Software
Apache /
Resource Hash
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
zmvcu.usa.cc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
Cookie
PHPSESSID=tj2cifqsvl3ujj3890iicedot1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 20 Sep 2018 06:41:48 GMT
Last-Modified
Thu, 01 Dec 2016 21:09:24 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
96381
jquery_popup.css
zmvcu.usa.cc/xls.shhet/xls/ Frame A0E2 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://zmvcu.usa.cc/xls.shhet/xls/jquery_popup.css
Requested by
Host: zmvcu.usa.cc
URL: http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
Protocol
HTTP/1.1
Server
51.68.106.167 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip167.ip-51-68-106.eu
Software
Apache /
Resource Hash
8180ef2d3d03fad302b169e59b768fadf177b947ffd376b7d2dfe06f3a23d73e

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
zmvcu.usa.cc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
Cookie
PHPSESSID=tj2cifqsvl3ujj3890iicedot1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 20 Sep 2018 06:41:48 GMT
Last-Modified
Thu, 01 Dec 2016 21:09:24 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
2111
jquery_popup.js
zmvcu.usa.cc/xls.shhet/xls/ Frame A0E2 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://zmvcu.usa.cc/xls.shhet/xls/jquery_popup.js
Requested by
Host: zmvcu.usa.cc
URL: http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
Protocol
HTTP/1.1
Server
51.68.106.167 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip167.ip-51-68-106.eu
Software
Apache /
Resource Hash
8308cd4f7dbe8a301e058f6ed215fdeca44bdec56c2ea2ff7d645bf631afe7b2

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
zmvcu.usa.cc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
Cookie
PHPSESSID=tj2cifqsvl3ujj3890iicedot1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 20 Sep 2018 06:41:48 GMT
Last-Modified
Thu, 01 Dec 2016 21:09:26 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1739
css
fonts.googleapis.com/ Frame A0E2 		2 KB
1021 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://fonts.googleapis.com/css?family=Fauna+One|Muli
Requested by
Host: zmvcu.usa.cc
URL: http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
Protocol
HTTP/1.1
Server
2a00:1450:4001:820::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
b6bbf050f711af99beecc388af447d4ac54349498c956a02cd33702e55425936
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 20 Sep 2018 06:43:10 GMT
Content-Encoding
gzip
Last-Modified
Thu, 20 Sep 2018 06:43:10 GMT
Server
ESF
X-Frame-Options
SAMEORIGIN
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
private, max-age=86400, stale-while-revalidate=604800
Transfer-Encoding
chunked
Timing-Allow-Origin
*
Link
<http://fonts.gstatic.com>; rel=preconnect; crossorigin
X-XSS-Protection
1; mode=block
Expires
Thu, 20 Sep 2018 06:43:10 GMT
ga.js
www.google-analytics.com/ Frame A0E2
Redirect Chain
  • http://www.google-analytics.com/ga.js
  • https://www.google-analytics.com/ga.js
45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/ga.js
Requested by
Host: zmvcu.usa.cc
URL: http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 13 Sep 2018 23:12:19 GMT
server
Golfe2
age
2848
date
Thu, 20 Sep 2018 05:55:42 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
17168
expires
Thu, 20 Sep 2018 07:55:42 GMT

Redirect headers

Location
https://www.google-analytics.com/ga.js
Non-Authoritative-Reason
HSTS
ga-audiences
www.google.de/ads/ Frame A0E2
Redirect Chain
  • http://www.google-analytics.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=829510945&utmhn=zmvcu.usa.cc&utmcs=UTF-8&utmsr=1600x1200&utmvp=504x276&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmhid=1007966614...
  • https://www.google-analytics.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=829510945&utmhn=zmvcu.usa.cc&utmcs=UTF-8&utmsr=1600x1200&utmvp=504x276&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmhid=100796661...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-43981329-1&cid=1100244447.1537425791&jid=9759970&_v=5.6.7&z=829510945
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-43981329-1&cid=1100244447.1537425791&jid=9759970&_v=5.6.7&z=829510945
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-43981329-1&cid=1100244447.1537425791&jid=9759970&_v=5.6.7&z=829510945&slf_rd=1&random=3283457258
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-43981329-1&cid=1100244447.1537425791&jid=9759970&_v=5.6.7&z=829510945&slf_rd=1&random=3283457258
Requested by
Host: zmvcu.usa.cc
URL: http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:820::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://zmvcu.usa.cc/xls.shhet/xls/logins.php?email=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 20 Sep 2018 06:43:10 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 20 Sep 2018 06:43:10 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-43981329-1&cid=1100244447.1537425791&jid=9759970&_v=5.6.7&z=829510945&slf_rd=1&random=3283457258
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame A0E2 		622 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
82f04c5d953b2ccb07f301b00299566e9a6efcc00a654259cd44ca71bb4db7fb

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| validateForm number| myVar function| myFunction function| showPage

6 Cookies

Domain/Path Name / Value
.zmvcu.usa.cc/ Name: __utmt
Value: 1
.zmvcu.usa.cc/ Name: __utmc
Value: 224540305
.zmvcu.usa.cc/ Name: __utma
Value: 224540305.1100244447.1537425791.1537425791.1537425791.1
.zmvcu.usa.cc/ Name: __utmb
Value: 224540305.1.10.1537425791
.zmvcu.usa.cc/ Name: __utmz
Value: 224540305.1537425791.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
zmvcu.usa.cc/ Name: PHPSESSID
Value: tj2cifqsvl3ujj3890iicedot1