videsignz.com - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 7 HTTP transactions. The main IP is 67.195.61.46, located in Sunnyvale, United States and belongs to YAHOO-GQ1 - Yahoo, US. The main domain is videsignz.com.

This is the only time videsignz.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Alibaba (Online)

Domain & IP information

	IP Address	AS Autonomous System
4	67.195.61.46 67.195.61.46	36647 (YAHOO-GQ1) (YAHOO-GQ1 - Yahoo)
3	52.22.239.19 52.22.239.19	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
7	2

4 67.195.61.46 (Sunnyvale, United States)

ASN36647 (YAHOO-GQ1 - Yahoo, US)
PTR: p10pn-i.geo.vip.gq1.yahoo.com

videsignz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.22.239.19 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-22-239-19.compute-1.amazonaws.com

np.lexity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	videsignz.com videsignz.com	392 KB
3	lexity.com np.lexity.com	4 KB
7	2

	Domain	Requested by
4	videsignz.com	videsignz.com
3	np.lexity.com	videsignz.com np.lexity.com
7	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://videsignz.com/sandbox/uploader/js/alibaba/alibaba/index.php
Frame ID: CE6929C71782D2F17F91E058CF1BF2DF
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache Traffic Server (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /ATS\/?([\d.]+)?/i

Page Statistics

7
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

396 kB
Transfer

399 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set index.php Show response videsignz.com/sandbox/uploader/js/alibaba/alibaba/	7 KB 7 KB	839ms 684ms	Document text/html	67.195.61.46 Yahoo
General Check archive.org Show headers Download Go to Full URL http://videsignz.com/sandbox/uploader/js/alibaba/alibaba/index.php Protocol HTTP/1.1 Server 67.195.61.46 Sunnyvale, United States, ASN36647 (YAHOO-GQ1 - Yahoo, US), Reverse DNS p10pn-i.geo.vip.gq1.yahoo.com Software ATS/7.1.0 / Resource Hash `87dff24620906a1129b2db9eff9f58d93bbc93767c1da9c6de34663782773a0c` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host videsignz.com Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 04:01:20 GMT Server ATS/7.1.0 Age 2 Transfer-Encoding chunked P3P policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Connection keep-alive Set-Cookie BX=57pi631deie0g&b=3&s=oa; expires=Sat, 02-May-2020 04:01:21 GMT; path=/; domain=.videsignz.com Content-Type text/html
GET H/1.1	200 OK	img2.png videsignz.com/sandbox/uploader/js/alibaba/alibaba/images/	327 KB 328 KB	186ms 186ms	Image image/png	67.195.61.46 Yahoo
General Check archive.org Show headers Download Go to Show image Full URL http://videsignz.com/sandbox/uploader/js/alibaba/alibaba/images/img2.png Requested by Host: videsignz.com URL: http://videsignz.com/sandbox/uploader/js/alibaba/alibaba/index.php Protocol HTTP/1.1 Server 67.195.61.46 Sunnyvale, United States, ASN36647 (YAHOO-GQ1 - Yahoo, US), Reverse DNS p10pn-i.geo.vip.gq1.yahoo.com Software ATS/7.1.0 / Resource Hash `c3de8a20b257b3e3edadd946d59bbee31d90f6f84ed6e9619904669199c0461e` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host videsignz.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://videsignz.com/sandbox/uploader/js/alibaba/alibaba/index.php Cookie BX=57pi631deie0g&b=3&s=oa Connection keep-alive Cache-Control no-cache Referer http://videsignz.com/sandbox/uploader/js/alibaba/alibaba/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 01:49:51 GMT Last-Modified Fri, 22 May 2015 06:27:56 GMT Server ATS/7.1.0 Age 7890 P3P policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Cache-Control max-age=864000 Connection keep-alive Accept-Ranges bytes Content-Type image/png Content-Length 335152 Expires Sat, 12 May 2018 01:49:51 GMT
GET H/1.1	200 OK	img1.jpg videsignz.com/sandbox/uploader/js/alibaba/alibaba/images/	54 KB 55 KB	367ms 213ms	Image image/jpeg	67.195.61.46 Yahoo
General Check archive.org Show headers Download Go to Show image Full URL http://videsignz.com/sandbox/uploader/js/alibaba/alibaba/images/img1.jpg Requested by Host: videsignz.com URL: http://videsignz.com/sandbox/uploader/js/alibaba/alibaba/index.php Protocol HTTP/1.1 Server 67.195.61.46 Sunnyvale, United States, ASN36647 (YAHOO-GQ1 - Yahoo, US), Reverse DNS p10pn-i.geo.vip.gq1.yahoo.com Software ATS/7.1.0 / Resource Hash `c55290da88f9b88dcc6e593fa17a5281841b40f4324557c75cc5a2c5eb96f6ac` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host videsignz.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://videsignz.com/sandbox/uploader/js/alibaba/alibaba/index.php Cookie BX=57pi631deie0g&b=3&s=oa Connection keep-alive Cache-Control no-cache Referer http://videsignz.com/sandbox/uploader/js/alibaba/alibaba/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 04:01:21 GMT Last-Modified Fri, 22 May 2015 06:27:44 GMT Server ATS/7.1.0 Age 0 P3P policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Cache-Control max-age=864000 Connection keep-alive Accept-Ranges bytes Content-Type image/jpeg Content-Length 55712 Expires Sat, 12 May 2018 04:01:21 GMT
GET H/1.1	200 OK	img3.gif videsignz.com/sandbox/uploader/js/alibaba/alibaba/images/	1 KB 2 KB	330ms 176ms	Image image/gif	67.195.61.46 Yahoo
General Check archive.org Show headers Download Go to Show image Full URL http://videsignz.com/sandbox/uploader/js/alibaba/alibaba/images/img3.gif Requested by Host: videsignz.com URL: http://videsignz.com/sandbox/uploader/js/alibaba/alibaba/index.php Protocol HTTP/1.1 Server 67.195.61.46 Sunnyvale, United States, ASN36647 (YAHOO-GQ1 - Yahoo, US), Reverse DNS p10pn-i.geo.vip.gq1.yahoo.com Software ATS/7.1.0 / Resource Hash `f789f6aa5304d63550e35f144eb65f131104ecb1e38cfacd51f7f63792579503` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host videsignz.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://videsignz.com/sandbox/uploader/js/alibaba/alibaba/index.php Cookie BX=57pi631deie0g&b=3&s=oa Connection keep-alive Cache-Control no-cache Referer http://videsignz.com/sandbox/uploader/js/alibaba/alibaba/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 04:01:21 GMT Last-Modified Fri, 22 May 2015 06:28:04 GMT Server ATS/7.1.0 Age 0 P3P policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Cache-Control max-age=864000 Connection keep-alive Accept-Ranges bytes Content-Type image/gif Content-Length 1380 Expires Sat, 12 May 2018 04:01:21 GMT
GET H/1.1	200 OK	d1b8f31ef3a187b46ca5f5e0bd65e43a Show response np.lexity.com/embed/YW/	9 KB 4 KB	253ms 132ms	Script text/plain	52.22.239.19 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://np.lexity.com/embed/YW/d1b8f31ef3a187b46ca5f5e0bd65e43a?id=da44ede39abc Requested by Host: videsignz.com URL: http://videsignz.com/sandbox/uploader/js/alibaba/alibaba/index.php Protocol HTTP/1.1 Server 52.22.239.19 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-22-239-19.compute-1.amazonaws.com Software / Resource Hash `fec558c06855aa3a481e6c92bd777cd9c25d461eb2b9d32f72f62f4f8f7c4ebb` Request headers Referer http://videsignz.com/sandbox/uploader/js/alibaba/alibaba/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 04:01:22 GMT content-encoding gzip Connection keep-alive transfer-encoding chunked
GET H/1.1	200 OK	iltnnalv.f.kk[0] Show response np.lexity.com/embed/YW/d1b8f31ef3a187b46ca5f5e0bd65e43a/v/xXo0tK1npyTB/k/PRWBzte3RDb4/u/http%3A%2F%2Fvidesignz.com%2Fsandbox%2Fuploader%2Fjs%2Falibaba%2Falibaba%2Findex.php/n/1525233682549/t/Alibab...	20 B 340 B	111ms 110ms	Script text/javascript	52.22.239.19 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://np.lexity.com/embed/YW/d1b8f31ef3a187b46ca5f5e0bd65e43a/v/xXo0tK1npyTB/k/PRWBzte3RDb4/u/http%3A%2F%2Fvidesignz.com%2Fsandbox%2Fuploader%2Fjs%2Falibaba%2Falibaba%2Findex.php/n/1525233682549/t/Alibaba%C2%A0Manufacturer%C2%A0Directory%C2%A0-%C2%A0Suppliers%2C%C2%A0Manufacturers%2C%C2%A0Exporters%C2%A0%26amp%3B%C2%A0Importers%C2%A0/vn/1/c/iltnnalv.f.kk[0]?id=da44ede39abc&ts=1525233682849 Requested by Host: np.lexity.com URL: http://np.lexity.com/embed/YW/d1b8f31ef3a187b46ca5f5e0bd65e43a?id=da44ede39abc Protocol HTTP/1.1 Server 52.22.239.19 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-22-239-19.compute-1.amazonaws.com Software / Resource Hash `8c3a93e4536d8e3ccdffa285f175a93a181e27f35d6247ad81121c2b0a0a8691` Request headers Referer http://videsignz.com/sandbox/uploader/js/alibaba/alibaba/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 04:01:22 GMT Cache-Control no-store, no-cache Connection keep-alive p3p policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC" transfer-encoding chunked Content-Type text/javascript
GET H/1.1	200 OK	iltnnalv.f.kk[1] Show response np.lexity.com/embed/YW/d1b8f31ef3a187b46ca5f5e0bd65e43a/h/1/v/xXo0tK1npyTB/k/PRWBzte3RDb4/u/http%3A%2F%2Fvidesignz.com%2Fsandbox%2Fuploader%2Fjs%2Falibaba%2Falibaba%2Findex.php/n/1525233682549/t/Al...	20 B 340 B	110ms 110ms	Script text/javascript	52.22.239.19 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://np.lexity.com/embed/YW/d1b8f31ef3a187b46ca5f5e0bd65e43a/h/1/v/xXo0tK1npyTB/k/PRWBzte3RDb4/u/http%3A%2F%2Fvidesignz.com%2Fsandbox%2Fuploader%2Fjs%2Falibaba%2Falibaba%2Findex.php/n/1525233682549/t/Alibaba%C2%A0Manufacturer%C2%A0Directory%C2%A0-%C2%A0Suppliers%2C%C2%A0Manufacturers%2C%C2%A0Exporters%C2%A0%26amp%3B%C2%A0Importers%C2%A0/vn/1/c/iltnnalv.f.kk[1]?id=da44ede39abc&ts=1525233686849 Requested by Host: np.lexity.com URL: http://np.lexity.com/embed/YW/d1b8f31ef3a187b46ca5f5e0bd65e43a?id=da44ede39abc Protocol HTTP/1.1 Server 52.22.239.19 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-22-239-19.compute-1.amazonaws.com Software / Resource Hash `d4997ca6523c2ab88f457d9826ef04bac9a687a3606dc4647d1e3850a9e6e8c3` Request headers Referer http://videsignz.com/sandbox/uploader/js/alibaba/alibaba/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Wed, 02 May 2018 04:01:26 GMT Cache-Control no-store, no-cache Connection keep-alive p3p policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC" transfer-encoding chunked Content-Type text/javascript

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Alibaba (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| iltnnalv object| _ycc object| _lex

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

np.lexity.com
videsignz.com
52.22.239.19
67.195.61.46
87dff24620906a1129b2db9eff9f58d93bbc93767c1da9c6de34663782773a0c
8c3a93e4536d8e3ccdffa285f175a93a181e27f35d6247ad81121c2b0a0a8691
c3de8a20b257b3e3edadd946d59bbee31d90f6f84ed6e9619904669199c0461e
c55290da88f9b88dcc6e593fa17a5281841b40f4324557c75cc5a2c5eb96f6ac
d4997ca6523c2ab88f457d9826ef04bac9a687a3606dc4647d1e3850a9e6e8c3
f789f6aa5304d63550e35f144eb65f131104ecb1e38cfacd51f7f63792579503
fec558c06855aa3a481e6c92bd777cd9c25d461eb2b9d32f72f62f4f8f7c4ebb

videsignz.com Open in urlscan Pro 67.195.61.46 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

7 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

396 kBTransfer

399 kBSize

0 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

videsignz.com Open in urlscan Pro
67.195.61.46 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

396 kB
Transfer

399 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!