share.dmca.gripe Open in urlscan Pro
2400:cb00:2048:1::681f:5e50 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://deceased.gq/sharepoint?a
Effective URL:
https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html
Submission: On August 06 via manual (August 6th 2018, 6:21:25 pm UTC) from US

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 7 domains to perform 14 HTTP transactions. The main IP is 2400:cb00:2048:1::681f:5e50, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is share.dmca.gripe.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on August 3rd 2018. Valid for: 6 months.

This is the only time share.dmca.gripe was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

	IP Address	AS Autonomous System
2 2	142.93.24.151 142.93.24.151	14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean)
1	2400:cb00:204... 2400:cb00:2048:1::681f:5e50	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
4	2400:cb00:204... 2400:cb00:2048:1::6813:c797	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2a04:4e42:3::393 2a04:4e42:3::393	54113 (FASTLY) (FASTLY - Fastly)
1	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
4	2400:cb00:204... 2400:cb00:2048:1::6812:7c90	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
14	7

2 142.93.24.151 (North York, Canada) 2 redirects

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)

deceased.gq	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::681f:5e50 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

share.dmca.gripe	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2400:cb00:2048:1::6813:c797 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ajax.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:3::393 (European Union)

ASN54113 (FASTLY - Fastly, US)

res.cloudinary.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2400:cb00:2048:1::6812:7c90 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

hackshit-jjgxlqddbv.now.sh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	now.sh hackshit-jjgxlqddbv.now.sh	996 B
4	cloudflare.com cdnjs.cloudflare.com ajax.cloudflare.com	177 KB
2	gstatic.com fonts.gstatic.com	28 KB
2	cloudinary.com res.cloudinary.com	2 KB
2	deceased.gq 2 redirects deceased.gq	522 B
1	googleapis.com fonts.googleapis.com	640 B
1	dmca.gripe share.dmca.gripe	6 KB
14	7

	Domain	Requested by
4	hackshit-jjgxlqddbv.now.sh	cdnjs.cloudflare.com
3	cdnjs.cloudflare.com	share.dmca.gripe ajax.cloudflare.com
2	fonts.gstatic.com	share.dmca.gripe
2	res.cloudinary.com	share.dmca.gripe
2	deceased.gq	2 redirects
1	fonts.googleapis.com	share.dmca.gripe
1	ajax.cloudflare.com	share.dmca.gripe
1	share.dmca.gripe
14	8

This site contains no links.

Subject Issuer	Validity	Valid
sni237724.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-08-03` - `2019-02-09`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html
Frame ID: 1E21714D200A9DD1E510751DD1DCFFF2
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://deceased.gq/sharepoint?a HTTP 301
https://deceased.gq/sharepoint/?a HTTP 302
https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html Page URL

Detected technologies

Node.js (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

env /^io$/i

Semantic-ui (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /(?:<div class="ui\s[^>]+">)/i
html /(?:<link[^>]+semantic(?:\.css|\.min\.css)">)/i

Socket.io (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

env /^io$/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

14
Requests

7 %
HTTPS

86 %
IPv6

7
Domains

8
Subdomains

7
IPs

4
Countries

213 kB
Transfer

895 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://deceased.gq/sharepoint?a HTTP 301
https://deceased.gq/sharepoint/?a HTTP 302
https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

https://res.cloudinary.com/ovac/image/upload/c_scale,e_hue:80,w_200/v1493903802/download_gyaxfp.jpg HTTP 0
https://res.cloudinary.com/ovac/image/upload/c_scale,e_hue:80,w_200/v1493903802/download_gyaxfp.jpg

14 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request GW0e4sNiyMx5PCEF.html Show response
share.dmca.gripe/
Redirect Chain

https://deceased.gq/sharepoint?a
https://deceased.gq/sharepoint/?a
https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html

16 KB
6 KB

275ms
77ms

Document
text/html

2400:cb00:2048:1::681f:5e50
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2400:cb00:2048:1::681f:5e50 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d96f22ce6c5ba3d03c9f61ad215634c5726a71851886aa878b94f334099280f2

Request headers

:method: GET
:authority: share.dmca.gripe
:scheme: https
:path: /GW0e4sNiyMx5PCEF.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 1E21714D200A9DD1E510751DD1DCFFF2

Response headers

status: 200
date: Mon, 06 Aug 2018 18:21:15 GMT
content-type: text/html
set-cookie: __cfduid=d2b0255d6aaf8d58308935a6b737dcf591533579674; expires=Tue, 06-Aug-19 18:21:14 GMT; path=/; domain=.dmca.gripe; HttpOnly
last-modified: Tue, 24 Jul 2018 19:29:03 GMT
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
expires: Tue, 07 Aug 2018 18:21:15 GMT
cache-control: public, max-age=86400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 446385a86c4064f3-FRA
content-encoding: gzip

Redirect headers

Date: Mon, 06 Aug 2018 18:21:14 GMT
Server: Apache
Location: https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
S 200 semantic.min.css
cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.2.6/ 532 KB
93 KB 54ms
41ms Stylesheet
text/css 2400:cb00:2048:1::6813:c797
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.2.6/semantic.min.css

Requested by

Host: share.dmca.gripe
URL: https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html

Protocol

SPDY

Server

2400:cb00:2048:1::6813:c797 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

88aec064ced76b8da2b9445d31da35b29dfc95dfc92777c3b52d39db718aa9d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 06 Aug 2018 18:21:15 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
status: 200
served-in-seconds: 0.004
last-modified: Thu, 17 May 2018 09:25:35 GMT
server: cloudflare
etag: W/"5afd4a8f-851b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 446385a90d9c6379-FRA
expires: Sat, 27 Jul 2019 18:21:15 GMT

GET
S 200 download_trlc1g.png
res.cloudinary.com/ovac/image/upload/c_scale,w_50/v1493903153/ 1 KB
2 KB 232ms
194ms Image
image/png 2a04:4e42:3::393
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://res.cloudinary.com/ovac/image/upload/c_scale,w_50/v1493903153/download_trlc1g.png
Requested by: Host: share.dmca.gripe
URL: https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html
Protocol: SPDY
Server: 2a04:4e42:3::393 , European Union, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: a235dfede6424d9334cb64f46399b850ea104a734adf38a3f5bda17ab9d9f2aa

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 06 Aug 2018 18:21:15 GMT
via: 1.1 varnish
age: 0
edge-cache-tag: 217022637592589673012551334107379334295,367808117550747172532115753563485787113,b2452c9fa10f10fbae91b6eb2e68c1ac
status: 200
x-cache: MISS
content-length: 1170
x-served-by: cache-fra19123-FRA
last-modified: Thu, 04 May 2017 13:06:45 GMT
server: cloudinary
x-timer: S1533579675.079188,VS0,VE179
etag: "e65b0bde2dc80472af76982e9b99c8b8"
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0

GET
S 200 rocket-loader.min.js Show response
ajax.cloudflare.com/cdn-cgi/scripts/2448a7bd/cloudflare-static/ 11 KB
4 KB 8ms
7ms Script
application/javascript 2400:cb00:2048:1::6813:c797
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.cloudflare.com/cdn-cgi/scripts/2448a7bd/cloudflare-static/rocket-loader.min.js

Requested by

Host: share.dmca.gripe
URL: https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html

Protocol

SPDY

Server

2400:cb00:2048:1::6813:c797 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare-nginx /

Resource Hash

3493abbdef3202f502f59b11be045f3b4df6d94f047d882da751dc36087a31b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 06 Aug 2018 18:21:15 GMT
content-encoding: gzip
last-modified: Wed, 01 Aug 2018 14:07:03 GMT
server: cloudflare-nginx
etag: W/"5b61be87-2ba8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/javascript
status: 200
cache-control: max-age=172800, public
strict-transport-security: max-age=15780000; includeSubDomains
cf-ray: 446385a96e086379-FRA
expires: Wed, 08 Aug 2018 18:21:15 GMT

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7900a6daf04859fef2501b2cf08851772deae586328d56d79a36e86c689851c5

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
S 200 css
fonts.googleapis.com/ 3 KB
640 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:81c::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin

Requested by

Host: share.dmca.gripe
URL: https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html

Protocol

SPDY

Server

2a00:1450:4001:81c::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

9e01cd9d5c99f2550fff5002f1b7fcc1402aa88b84f471214b032a7cde0f42b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=3600
content-encoding: gzip
last-modified: Mon, 06 Aug 2018 18:21:15 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
date: Mon, 06 Aug 2018 18:21:15 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
x-xss-protection: 1; mode=block
expires: Mon, 06 Aug 2018 18:21:15 GMT

GET
S 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/ 85 KB
30 KB 19ms
18ms Script
application/javascript 2400:cb00:2048:1::6813:c797
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/2448a7bd/cloudflare-static/rocket-loader.min.js

Protocol

SPDY

Server

2400:cb00:2048:1::6813:c797 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 06 Aug 2018 18:21:15 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
status: 200
served-in-seconds: 0.004
last-modified: Thu, 17 May 2018 09:21:00 GMT
server: cloudflare
etag: W/"5afd497c-152b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 446385a98e346379-FRA
expires: Sat, 27 Jul 2019 18:21:15 GMT

GET
S 200 socket.io.js Show response
cdnjs.cloudflare.com/ajax/libs/socket.io/1.7.1/ 207 KB
50 KB 11ms
10ms Script
application/javascript 2400:cb00:2048:1::6813:c797
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.7.1/socket.io.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/2448a7bd/cloudflare-static/rocket-loader.min.js

Protocol

SPDY

Server

2400:cb00:2048:1::6813:c797 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fbade78bbd7df1292d1ac6595dffb1cd06e05b2429cfd553ef5d79974c0b84d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 06 Aug 2018 18:21:15 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
status: 200
served-in-seconds: 0.008
last-modified: Thu, 17 May 2018 09:26:47 GMT
server: cloudflare
etag: W/"5afd4ad7-33bbf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 446385a98e386379-FRA
expires: Sat, 27 Jul 2019 18:21:15 GMT

GET
DATA 200
OK truncated
/ 166 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f52b1d9da25ece2ba4a1e6add1a4a2cf8ba9851b21c8d00dd6a6e02605ee2a99

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
S

200

download_gyaxfp.jpg
res.cloudinary.com/ovac/image/upload/c_scale,e_hue:80,w_200/v1493903802/
Redirect Chain

https://res.cloudinary.com/ovac/image/upload/c_scale,e_hue:80,w_200/v1493903802/download_gyaxfp.jpg
https://res.cloudinary.com/ovac/image/upload/c_scale,e_hue:80,w_200/v1493903802/download_gyaxfp.jpg

9 KB
0

186ms
186ms

Image
image/jpeg

2a04:4e42:3::393
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://res.cloudinary.com/ovac/image/upload/c_scale,e_hue:80,w_200/v1493903802/download_gyaxfp.jpg
Protocol: SPDY
Server: 2a04:4e42:3::393 , European Union, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: b8f746d314f136e2c4b46be7b95055eeb727fbd500148ad5f786fe4652cae709

Request headers

Response headers

date: Mon, 06 Aug 2018 18:21:15 GMT
via: 1.1 varnish
age: 0
edge-cache-tag: 213161460671180324681817561277233994544,372801705016432881308132351925104007997,b2452c9fa10f10fbae91b6eb2e68c1ac
status: 200
x-cache: MISS
content-length: 4608
x-served-by: cache-fra19123-FRA
last-modified: Thu, 04 May 2017 13:50:57 GMT
server: cloudinary
x-timer: S1533579675.135861,VS0,VE170
etag: "6d6419f6aba941320bd3eb274e0b3295"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0

GET
S 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v14/ 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81c::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v14/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Host: share.dmca.gripe
URL: https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html

Protocol

SPDY

Server

2a00:1450:4001:81c::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

52726fb580d6bffc46615863ddbf4c319524b5a68fb484be2972bdad4fd0310d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin
Origin: https://share.dmca.gripe

Response headers

date: Mon, 30 Jul 2018 07:08:29 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 18:23:20 GMT
server: sffe
age: 645166
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 13944
x-xss-protection: 1; mode=block
expires: Tue, 30 Jul 2019 07:08:29 GMT

GET
S 200 S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v14/ 14 KB
14 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:81c::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v14/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2

Requested by

Host: share.dmca.gripe
URL: https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html

Protocol

SPDY

Server

2a00:1450:4001:81c::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

a3b3c4f67bf2b44294215e2be76f12794e6b142edec201e199c93c38739f2bfc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin
Origin: https://share.dmca.gripe

Response headers

date: Fri, 27 Jul 2018 12:56:53 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 18:24:00 GMT
server: sffe
age: 883462
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 14076
x-xss-protection: 1; mode=block
expires: Sat, 27 Jul 2019 12:56:53 GMT

GET
S 200 / Show response
hackshit-jjgxlqddbv.now.sh/socket.io/ 101 B
618 B 178ms
119ms XHR
application/octet-stream 2400:cb00:2048:1::6812:7c90
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://hackshit-jjgxlqddbv.now.sh/socket.io/?EIO=3&transport=polling&t=MKGUCRM
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.7.1/socket.io.js
Protocol: SPDY
Server: 2400:cb00:2048:1::6812:7c90 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a4319b2621ec161ebff64fb0717f6b63dce0461de87fe907c82927b0b869a107

Request headers

Accept: */*
Referer: https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html
Origin: https://share.dmca.gripe
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 06 Aug 2018 18:21:15 GMT
content-encoding: gzip
cf-cache-status: MISS
x-now-id: f6t3f-1533579675488-of22ZY14DWzme9VwPYyRX3Y0
status: 200
now: 1
x-now-instance: 1701715471
x-now-trace: bru1
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: https://share.dmca.gripe
cache-control: s-maxage=0
access-control-allow-credentials: true
cf-ray: 446385ab5e6597da-FRA

GET
S 200 / Show response
hackshit-jjgxlqddbv.now.sh/socket.io/ 37 B
161 B 142ms
128ms XHR
application/octet-stream 2400:cb00:2048:1::6812:7c90
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://hackshit-jjgxlqddbv.now.sh/socket.io/?EIO=3&transport=polling&t=MKGUCUD&sid=XJbm5BalVnvUsWJSAGD8
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.7.1/socket.io.js
Protocol: SPDY
Server: 2400:cb00:2048:1::6812:7c90 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85628e2617b9fd60a037fe882be541c053453da72104474482f927b96b0dc50e

Request headers

Accept: */*
Referer: https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html
Origin: https://share.dmca.gripe
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 06 Aug 2018 18:21:15 GMT
content-encoding: gzip
cf-cache-status: MISS
x-now-id: krxsr-1533579675634-46ZQq8zaiErI1LqGItlWUKTh
status: 200
now: 1
x-now-instance: 1701715471
x-now-trace: bru1
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: https://share.dmca.gripe
cache-control: s-maxage=0
access-control-allow-credentials: true
cf-ray: 446385ac381397da-FRA

POST
S 200 / Show response
hackshit-jjgxlqddbv.now.sh/socket.io/ 2 B
113 B 109ms
109ms XHR
text/html 2400:cb00:2048:1::6812:7c90
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://hackshit-jjgxlqddbv.now.sh/socket.io/?EIO=3&transport=polling&t=MKGUCWW&sid=XJbm5BalVnvUsWJSAGD8
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.7.1/socket.io.js
Protocol: SPDY
Server: 2400:cb00:2048:1::6812:7c90 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept: */*
Referer: https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html
Origin: https://share.dmca.gripe
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: text/plain;charset=UTF-8

Response headers

x-now-instance: 1701715471
date: Mon, 06 Aug 2018 18:21:15 GMT
x-now-trace: bru1
x-now-id: 1w5rm-1533579675751-DdmrXd1ChbHzsTQd2fKWcNMH
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: text/html
access-control-allow-origin: https://share.dmca.gripe
cache-control: s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 446385ad099a97da-FRA
content-length: 2
now: 1
server: cloudflare

GET
S 200 / Show response
hackshit-jjgxlqddbv.now.sh/socket.io/ 4 B
104 B 203ms
203ms XHR
application/octet-stream 2400:cb00:2048:1::6812:7c90
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://hackshit-jjgxlqddbv.now.sh/socket.io/?EIO=3&transport=polling&t=MKGUCWX&sid=XJbm5BalVnvUsWJSAGD8
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.7.1/socket.io.js
Protocol: SPDY
Server: 2400:cb00:2048:1::6812:7c90 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474

Request headers

Accept: */*
Referer: https://share.dmca.gripe/GW0e4sNiyMx5PCEF.html
Origin: https://share.dmca.gripe
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 06 Aug 2018 18:21:15 GMT
cf-cache-status: MISS
x-now-id: pt7jc-1533579675748-d0dAYhWz9I0okxW3B5gUSb6E
status: 200
content-length: 4
now: 1
x-now-instance: 1701715471
x-now-trace: bru1
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: https://share.dmca.gripe
cache-control: s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 446385ad099b97da-FRA

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.dmca.gripe/	1970-01-19 02:45:15	Name: __cfduid Value: d2b0255d6aaf8d58308935a6b737dcf591533579674

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.cloudflare.com
cdnjs.cloudflare.com
deceased.gq
fonts.googleapis.com
fonts.gstatic.com
hackshit-jjgxlqddbv.now.sh
res.cloudinary.com
share.dmca.gripe
142.93.24.151
2400:cb00:2048:1::6812:7c90
2400:cb00:2048:1::6813:c797
2400:cb00:2048:1::681f:5e50
2a00:1450:4001:81c::2003
2a00:1450:4001:81c::200a
2a04:4e42:3::393
0fbade78bbd7df1292d1ac6595dffb1cd06e05b2429cfd553ef5d79974c0b84d
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
3493abbdef3202f502f59b11be045f3b4df6d94f047d882da751dc36087a31b0
52726fb580d6bffc46615863ddbf4c319524b5a68fb484be2972bdad4fd0310d
7900a6daf04859fef2501b2cf08851772deae586328d56d79a36e86c689851c5
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
85628e2617b9fd60a037fe882be541c053453da72104474482f927b96b0dc50e
88aec064ced76b8da2b9445d31da35b29dfc95dfc92777c3b52d39db718aa9d9
9e01cd9d5c99f2550fff5002f1b7fcc1402aa88b84f471214b032a7cde0f42b2
a235dfede6424d9334cb64f46399b850ea104a734adf38a3f5bda17ab9d9f2aa
a3b3c4f67bf2b44294215e2be76f12794e6b142edec201e199c93c38739f2bfc
a4319b2621ec161ebff64fb0717f6b63dce0461de87fe907c82927b0b869a107
a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474
b8f746d314f136e2c4b46be7b95055eeb727fbd500148ad5f786fe4652cae709
d96f22ce6c5ba3d03c9f61ad215634c5726a71851886aa878b94f334099280f2
f52b1d9da25ece2ba4a1e6add1a4a2cf8ba9851b21c8d00dd6a6e02605ee2a99

share.dmca.gripe Open in urlscan Pro 2400:cb00:2048:1::681f:5e50 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

7 %HTTPS

86 %IPv6

7 Domains

8 Subdomains

7 IPs

4 Countries

213 kBTransfer

895 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

1 Cookies

Indicators

share.dmca.gripe Open in urlscan Pro
2400:cb00:2048:1::681f:5e50 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

7 %
HTTPS

86 %
IPv6

7
Domains

8
Subdomains

7
IPs

4
Countries

213 kB
Transfer

895 kB
Size

1
Cookies

14 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!