urlscan.io logo urlscan.io
SecurityTrails logo

glanexz.somee.com Open in urlscan Pro
66.85.73.146  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://glanexz.somee.com/adobezz_pdf.html
Submission Tags: @ipnigh
Submission: On December 30 via api from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 7 HTTP transactions. The main IP is 66.85.73.146, located in Kansas City, United States and belongs to JOESDATACENTER - Joe_s Datacenter, LLC, US. The main domain is glanexz.somee.com.
This is the only time glanexz.somee.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Adobe (Consumer) Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 66.85.73.146 19969 (JOESDATAC...)
1 195.80.159.133 29152 (DECKNET-AS)
3 98.102.204.219 10796 (TWC-10796...)
1 2 158.106.189.209 393398 (ASN-DIS)
7 5
Apex Domain
Subdomains		 Transfer
3 pearlsuites.net
pearlsuites.net
84 KB
2 planomed.org
planomed.org
246 B
1 l2.io
l2.io
231 B
1 somee.com
glanexz.somee.com
lawmailx.somee.com Failed
3 KB
7 4
Domain Requested by
3 pearlsuites.net glanexz.somee.com
2 planomed.org 1 redirects glanexz.somee.com
1 l2.io glanexz.somee.com
1 glanexz.somee.com
0 lawmailx.somee.com Failed glanexz.somee.com
7 5

This site contains no links.

Subject Issuer Validity Valid
l2.io
Let's Encrypt Authority X3		 2019-12-11 -
2020-03-10		 3 months crt.sh
planomed.org
cPanel, Inc. Certification Authority		 2019-10-27 -
2020-01-25		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://glanexz.somee.com/adobezz_pdf.html
Frame ID: 58564F3B1CD85B471BC65C3DFAD49286
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

7
Requests

29 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

87 kB
Transfer

92 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • http://planomed.org/cgi/smallpdf.png HTTP 302
  • https://planomed.org/cgi/smallpdf.png

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request adobezz_pdf.html
glanexz.somee.com/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://glanexz.somee.com/adobezz_pdf.html
Protocol
HTTP/1.1
Server
66.85.73.146 Kansas City, United States, ASN19969 (JOESDATACENTER - Joe_s Datacenter, LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
fe99b7ec7784ff3b339c5afd912d548e7fcf61fca171a600443b5eeb02e86b3c

Request headers

Host
glanexz.somee.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
text/html
Content-Encoding
gzip
Last-Modified
Sun, 26 Feb 2017 06:33:26 GMT
Accept-Ranges
bytes
ETag
"07f183cfa8fd21:0"
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Date
Mon, 30 Dec 2019 22:29:40 GMT
Content-Length
2696
ip.js
l2.io/ 		27 B
231 B 		Script
General
Check archive.org
Download Go to
Full URL
https://l2.io/ip.js?var=userip
Requested by
Host: glanexz.somee.com
URL: http://glanexz.somee.com/adobezz_pdf.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.80.159.133 , France, ASN29152 (DECKNET-AS, FR),
Reverse DNS
Software
Apache/2.4.25 (Debian) /
Resource Hash
6abdb3189802502e20d414916080f3cef18916ca01d23fde35e7794f2c6fd1e0

Request headers

Referer
http://glanexz.somee.com/adobezz_pdf.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Dec 2019 22:29:40 GMT
Server
Apache/2.4.25 (Debian)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
27
Content-Type
text/html; charset=UTF-8
logs.png
pearlsuites.net/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://pearlsuites.net/logs.png
Requested by
Host: glanexz.somee.com
URL: http://glanexz.somee.com/adobezz_pdf.html
Protocol
HTTP/1.1
Server
98.102.204.219 London, United States, ASN10796 (TWC-10796-MIDWEST - Charter Communications Inc, US),
Reverse DNS
rrcs-98-102-204-219.central.biz.rr.com
Software
Microsoft-IIS/7.5 / ASP.NET
Resource Hash
d5a135bd47b11881dc1a223ea1ea946e6ca5e7cb3b1af58eef8629ea017dbd4e

Request headers

Referer
http://glanexz.somee.com/adobezz_pdf.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Dec 2019 22:25:15 GMT
ETag
"aedcba1ff288d21:0"
Last-Modified
Fri, 17 Feb 2017 07:47:44 GMT
Server
Microsoft-IIS/7.5
X-Powered-By
ASP.NET
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
31580
100Secure.jpg
pearlsuites.net/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://pearlsuites.net/100Secure.jpg
Requested by
Host: glanexz.somee.com
URL: http://glanexz.somee.com/adobezz_pdf.html
Protocol
HTTP/1.1
Server
98.102.204.219 London, United States, ASN10796 (TWC-10796-MIDWEST - Charter Communications Inc, US),
Reverse DNS
rrcs-98-102-204-219.central.biz.rr.com
Software
Microsoft-IIS/7.5 / ASP.NET
Resource Hash
2f71bea7601b970d07eea91af38bcee8b1c9fc197b5f85cbe9bae3b9f2b705c5

Request headers

Referer
http://glanexz.somee.com/adobezz_pdf.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Dec 2019 22:25:15 GMT
ETag
"ca5ced64f288d21:0"
Last-Modified
Fri, 17 Feb 2017 07:49:40 GMT
Server
Microsoft-IIS/7.5
X-Powered-By
ASP.NET
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
4687
am.jpg
lawmailx.somee.com/ 		0
0
bgm.jpg
pearlsuites.net/ 		48 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://pearlsuites.net/bgm.jpg
Requested by
Host: glanexz.somee.com
URL: http://glanexz.somee.com/adobezz_pdf.html
Protocol
HTTP/1.1
Server
98.102.204.219 London, United States, ASN10796 (TWC-10796-MIDWEST - Charter Communications Inc, US),
Reverse DNS
rrcs-98-102-204-219.central.biz.rr.com
Software
Microsoft-IIS/7.5 / ASP.NET
Resource Hash
b017df1defe56bb74395e69cf291beea481d7f97cdbe2cd50e9ea9f86f5570ca

Request headers

Referer
http://glanexz.somee.com/adobezz_pdf.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Dec 2019 22:25:15 GMT
ETag
"458a022f288d21:0"
Last-Modified
Fri, 17 Feb 2017 07:47:49 GMT
Server
Microsoft-IIS/7.5
X-Powered-By
ASP.NET
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
48861
smallpdf.png
planomed.org/cgi/
Redirect Chain
  • http://planomed.org/cgi/smallpdf.png
  • https://planomed.org/cgi/smallpdf.png
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://planomed.org/cgi/smallpdf.png
Requested by
Host: glanexz.somee.com
URL: http://glanexz.somee.com/adobezz_pdf.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
158.106.189.209 Dallas, United States, ASN393398 (ASN-DIS - Dallas Infrastructure Services, LLC, US),
Reverse DNS
go.aplin.africa
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://glanexz.somee.com/adobezz_pdf.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

Location
https://planomed.org/cgi/smallpdf.png
Date
Mon, 30 Dec 2019 22:29:40 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
221
Content-Type
text/html; charset=iso-8859-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
lawmailx.somee.com
URL
http://lawmailx.somee.com/am.jpg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Adobe (Consumer) Microsoft (Consumer)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate string| userip function| myFunction function| validateForm

0 Cookies