urlscan.io logo urlscan.io
SecurityTrails logo

lb5grafica.com Open in urlscan Pro
209.191.185.188  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://tinyurl.com/y8lp7x8u
Effective URL: https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
Submission: On April 20 via manual from PH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 5 domains to perform 9 HTTP transactions. The main IP is 209.191.185.188, located in Portland, United States and belongs to INTERNAP-BLOCK-4 - Internap Network Services Corporation, US. The main domain is lb5grafica.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 11th 2018. Valid for: 3 months.
This is the only time lb5grafica.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 104.20.219.42 13335 (CLOUDFLAR...)
1 6 209.191.185.188 14744 (INTERNAP-...)
2 216.58.214.106 15169 (GOOGLE)
1 172.217.22.35 15169 (GOOGLE)
9 4
Apex Domain
Subdomains		 Transfer
6 lb5grafica.com
lb5grafica.com
192 KB
2 googleapis.com
fonts.googleapis.com
604 B
1 gstatic.com
fonts.gstatic.com
18 KB
1 tinyurl.com
tinyurl.com
440 B
0 cloudflare.com Failed
cdnjs.cloudflare.com Failed
9 5
Domain Requested by
6 lb5grafica.com 1 redirects lb5grafica.com
2 fonts.googleapis.com lb5grafica.com
1 fonts.gstatic.com lb5grafica.com
1 tinyurl.com 1 redirects
0 cdnjs.cloudflare.com Failed lb5grafica.com
9 5

This site contains no links.

Subject Issuer Validity Valid
lb5grafica.com
cPanel, Inc. Certification Authority		 2018-03-11 -
2018-06-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
Frame ID: 8E35316DF1F3272669CCD493EB4BC97F
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://tinyurl.com/y8lp7x8u HTTP 301
    https://lb5grafica.com/images/footer/office/up.php HTTP 302
    https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js/i

Page Statistics

9
Requests

56 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

1
Countries

210 kB
Transfer

217 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://tinyurl.com/y8lp7x8u HTTP 301
    https://lb5grafica.com/images/footer/office/up.php HTTP 302
    https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request phpnet.php
lb5grafica.com/images/footer/office/
Redirect Chain
  • https://tinyurl.com/y8lp7x8u
  • https://lb5grafica.com/images/footer/office/up.php
  • https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.191.185.188 Portland, United States, ASN14744 (INTERNAP-BLOCK-4 - Internap Network Services Corporation, US),
Reverse DNS
vps.bleu-si.com
Software
Apache / PHP/5.5.38
Resource Hash
9616c60b8bf84feffdfc9eaf8649b3e7004a25d5e8ba06fb5d56c93aec1c861c

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lb5grafica.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Cookie
PHPSESSID=2b7e5b6d943c0d05d53f62346ddfe6a0
Connection
keep-alive
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Fri, 20 Apr 2018 00:35:47 GMT
Server
Apache
Connection
Keep-Alive
X-Powered-By
PHP/5.5.38
Transfer-Encoding
chunked
Keep-Alive
timeout=5, max=99
Content-Type
text/html

Redirect headers

Pragma
no-cache
Date
Fri, 20 Apr 2018 00:35:47 GMT
Server
Apache
X-Powered-By
PHP/5.5.38
Content-Type
text/html
Location
phpnet.php?code=2000700
Set-Cookie
PHPSESSID=2b7e5b6d943c0d05d53f62346ddfe6a0; path=/
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
0
Expires
Thu, 19 Nov 1981 08:52:00 GMT
css
fonts.googleapis.com/ 		242 B
302 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans
Requested by
Host: lb5grafica.com
URL: https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
Protocol
SPDY
Server
216.58.214.106 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s05-in-f106.1e100.net
Software
ESF /
Resource Hash
b340f8680f0d4d6983c5c7aacaa68f7d0bdfab44923f2bf2fca8a438795cd278
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date
Fri, 20 Apr 2018 00:35:47 GMT
content-encoding
gzip
server
ESF
status
200
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400
timing-allow-origin
*
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
x-xss-protection
1; mode=block
expires
Fri, 20 Apr 2018 00:35:47 GMT
style.css
lb5grafica.com/images/footer/office/css/ 		4 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lb5grafica.com/images/footer/office/css/style.css
Requested by
Host: lb5grafica.com
URL: https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.191.185.188 Portland, United States, ASN14744 (INTERNAP-BLOCK-4 - Internap Network Services Corporation, US),
Reverse DNS
vps.bleu-si.com
Software
Apache /
Resource Hash
f61ad3ff1f89b0cac1a52cd1ff2b64057c9b9b371a000e63a7bc2cd4259655c7

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lb5grafica.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
Cookie
PHPSESSID=2b7e5b6d943c0d05d53f62346ddfe6a0
Connection
keep-alive
Cache-Control
no-cache
Referer
https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Fri, 20 Apr 2018 00:35:48 GMT
Last-Modified
Sun, 04 Feb 2018 21:08:58 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
4107
pdf.png
lb5grafica.com/images/footer/office/im/ 		153 KB
153 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lb5grafica.com/images/footer/office/im/pdf.png
Requested by
Host: lb5grafica.com
URL: https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.191.185.188 Portland, United States, ASN14744 (INTERNAP-BLOCK-4 - Internap Network Services Corporation, US),
Reverse DNS
vps.bleu-si.com
Software
Apache /
Resource Hash
b0e973362319c8a65d6960c37d26771dd67e5777116361f3cf1d8697e7401f59

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lb5grafica.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
Cookie
PHPSESSID=2b7e5b6d943c0d05d53f62346ddfe6a0
Connection
keep-alive
Cache-Control
no-cache
Referer
https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Fri, 20 Apr 2018 00:35:48 GMT
Last-Modified
Sun, 04 Feb 2018 22:55:28 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
156763
index.js
lb5grafica.com/images/footer/office/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://lb5grafica.com/images/footer/office/js/index.js
Requested by
Host: lb5grafica.com
URL: https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.191.185.188 Portland, United States, ASN14744 (INTERNAP-BLOCK-4 - Internap Network Services Corporation, US),
Reverse DNS
vps.bleu-si.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lb5grafica.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
*/*
Referer
https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
Cookie
PHPSESSID=2b7e5b6d943c0d05d53f62346ddfe6a0
Connection
keep-alive
Cache-Control
no-cache
Referer
https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Fri, 20 Apr 2018 00:35:48 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
Content-Length
349
Content-Type
text/html; charset=iso-8859-1
css
fonts.googleapis.com/ 		242 B
302 B 		Other
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans
Requested by
Host: lb5grafica.com
URL: https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
Protocol
SPDY
Server
216.58.214.106 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s05-in-f106.1e100.net
Software
ESF /
Resource Hash
b340f8680f0d4d6983c5c7aacaa68f7d0bdfab44923f2bf2fca8a438795cd278
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Purpose
prefetch
Referer
https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date
Fri, 20 Apr 2018 00:35:48 GMT
content-encoding
gzip
server
ESF
status
200
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400
timing-allow-origin
*
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
x-xss-protection
1; mode=block
expires
Fri, 20 Apr 2018 00:35:48 GMT
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/ 		0
0
bg.png
lb5grafica.com/images/footer/office/css/im/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lb5grafica.com/images/footer/office/css/im/bg.png
Requested by
Host: lb5grafica.com
URL: https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.191.185.188 Portland, United States, ASN14744 (INTERNAP-BLOCK-4 - Internap Network Services Corporation, US),
Reverse DNS
vps.bleu-si.com
Software
Apache /
Resource Hash
f61f1be268ad277e7ef194b08b85500dafb5e6077d1cfbb8abc4d51c598f61e8

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lb5grafica.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://lb5grafica.com/images/footer/office/css/style.css
Cookie
PHPSESSID=2b7e5b6d943c0d05d53f62346ddfe6a0
Connection
keep-alive
Cache-Control
no-cache
Referer
https://lb5grafica.com/images/footer/office/css/style.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Fri, 20 Apr 2018 00:35:48 GMT
Last-Modified
Sun, 04 Feb 2018 22:54:22 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
32659
mem8YaGs126MiZpBA-UFVZ0e.ttf
fonts.gstatic.com/s/opensans/v15/ 		26 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0e.ttf
Requested by
Host: lb5grafica.com
URL: https://lb5grafica.com/images/footer/office/phpnet.php?code=2000700
Protocol
SPDY
Server
172.217.22.35 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s16-in-f35.1e100.net
Software
sffe /
Resource Hash
927658fe940c899225567ad7885c40a7871dee09c2b9f00d31f7ca62d1f424fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans
Origin
https://lb5grafica.com

Response headers

date
Tue, 13 Feb 2018 19:10:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5635533
status
200
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
17857
x-xss-protection
1; mode=block
last-modified
Wed, 11 Oct 2017 21:49:44 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 13 Feb 2019 19:10:15 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdnjs.cloudflare.com
URL
http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| validateForm

1 Cookies

Domain/Path Name / Value
lb5grafica.com/ Name: PHPSESSID
Value: 2b7e5b6d943c0d05d53f62346ddfe6a0