bookezypersonalassistant.com.au

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 4 HTTP transactions. The main IP is 198.23.59.95, located in Pompano Beach, United States and belongs to STEADFAST - Steadfast, US. The main domain is bookezypersonalassistant.com.au.

This is the only time bookezypersonalassistant.com.au was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: US Universities (Education)

Domain & IP information

	IP Address	AS Autonomous System
3	198.23.59.95 198.23.59.95	32748 (STEADFAST) (STEADFAST - Steadfast)
1	132.236.101.10 132.236.101.10	26 (CORNELL) (CORNELL - Cornell University)
4	2

3 198.23.59.95 (Pompano Beach, United States)

ASN32748 (STEADFAST - Steadfast, US)
PTR: mail.server1615.mylogin.co

bookezypersonalassistant.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 132.236.101.10 (Ithaca, United States)

ASN26 (CORNELL - Cornell University, US)
PTR: adfs.ad.cornell.edu

adfs.ad.cornell.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	bookezypersonalassistant.com.au bookezypersonalassistant.com.au	38 KB
1	cornell.edu adfs.ad.cornell.edu	196 KB
4	2

	Domain	Requested by
3	bookezypersonalassistant.com.au	bookezypersonalassistant.com.au
1	adfs.ad.cornell.edu	bookezypersonalassistant.com.au
4	2

This site contains links to these domains. Also see Links.

Domain
www.it.cornell.edu
netid.cornell.edu
www.cit.cornell.edu
it.cornell.edu

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://bookezypersonalassistant.com.au/cornell/cornell.html
Frame ID: (323FC84E531BFEAC666E4B0954966A76)
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

UNIX (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Unix/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

4
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

235 kB
Transfer

252 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: http://www.it.cornell.edu/services/cuweblogin/about-adfs3.cfm
Title: What is this?

Search URL Search Domain Scan URL

URL: https://netid.cornell.edu/NetIDManagement/idtype.html
Title: I forgot my password!

Search URL Search Domain Scan URL

URL: http://www.cit.cornell.edu/services/netid/faq.cfm
Title: I don't have a NetID. Now what?

Search URL Search Domain Scan URL

URL: http://it.cornell.edu/support/
Title: IT Service Desk

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request cornell.html Show response bookezypersonalassistant.com.au/cornell/	18 KB 6 KB	219ms 111ms	Document text/html	198.23.59.95 Steadfast
General Check archive.org Show headers Download Go to Full URL http://bookezypersonalassistant.com.au/cornell/cornell.html Protocol HTTP/1.1 Server 198.23.59.95 Pompano Beach, United States, ASN32748 (STEADFAST - Steadfast, US), Reverse DNS mail.server1615.mylogin.co Software Apache/2.4.27 (Unix) OpenSSL/1.0.2j / Resource Hash `f9a25e9771d23f59132a9ba73580e5da637ad990d68e6c7677d9fbaab9139f5f` Request headers Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Connection keep-alive Accept-Encoding gzip, deflate Host bookezypersonalassistant.com.au Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Thu, 01 Feb 2018 21:16:39 GMT Content-Encoding gzip Last-Modified Thu, 01 Feb 2018 20:00:56 GMT Server Apache/2.4.27 (Unix) OpenSSL/1.0.2j ETag "49f9-5642c0dce00d9-gzip" Vary Accept-Encoding,User-Agent Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 5759
GET H/1.1	200 OK	style.css bookezypersonalassistant.com.au/cornell/cornell_files/	8 KB 3 KB	110ms 110ms	Stylesheet text/css	198.23.59.95 Steadfast
General Check archive.org Show headers Download Go to Full URL http://bookezypersonalassistant.com.au/cornell/cornell_files/style.css Requested by Host: bookezypersonalassistant.com.au URL: http://bookezypersonalassistant.com.au/cornell/cornell.html Protocol HTTP/1.1 Server 198.23.59.95 Pompano Beach, United States, ASN32748 (STEADFAST - Steadfast, US), Reverse DNS mail.server1615.mylogin.co Software Apache/2.4.27 (Unix) OpenSSL/1.0.2j / Resource Hash `d1c0974b05e76d98dcd6a63d8f2745b4a5d19fe4486c8321b681cb3d21c51715` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host bookezypersonalassistant.com.au User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept text/css,/;q=0.1 Referer http://bookezypersonalassistant.com.au/cornell/cornell.html Connection keep-alive Cache-Control no-cache Referer http://bookezypersonalassistant.com.au/cornell/cornell.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Thu, 01 Feb 2018 21:16:39 GMT Content-Encoding gzip Last-Modified Thu, 01 Feb 2018 20:00:56 GMT Server Apache/2.4.27 (Unix) OpenSSL/1.0.2j ETag "205f-5642c0dce00d9-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 2261
GET H/1.1	200 OK	logo.jpg bookezypersonalassistant.com.au/cornell/cornell_files/	29 KB 29 KB	214ms 108ms	Image image/jpeg	198.23.59.95 Steadfast
General Check archive.org Show headers Download Go to Show image Full URL http://bookezypersonalassistant.com.au/cornell/cornell_files/logo.jpg Requested by Host: bookezypersonalassistant.com.au URL: http://bookezypersonalassistant.com.au/cornell/cornell.html Protocol HTTP/1.1 Server 198.23.59.95 Pompano Beach, United States, ASN32748 (STEADFAST - Steadfast, US), Reverse DNS mail.server1615.mylogin.co Software Apache/2.4.27 (Unix) OpenSSL/1.0.2j / Resource Hash `20e1d7b4ab695d11a2d9834597263be8ab2d397385f64a1d79aaead644fe3e8c` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host bookezypersonalassistant.com.au User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://bookezypersonalassistant.com.au/cornell/cornell.html Connection keep-alive Cache-Control no-cache Referer http://bookezypersonalassistant.com.au/cornell/cornell.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Thu, 01 Feb 2018 21:16:39 GMT Last-Modified Thu, 01 Feb 2018 20:00:56 GMT Server Apache/2.4.27 (Unix) OpenSSL/1.0.2j ETag "74ba-5642c0dce00d9" Vary User-Agent Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 29882
GET H/1.1	200 OK	illustration.jpg adfs.ad.cornell.edu/adfs/portal/illustration/	196 KB 196 KB	679ms 363ms	Image image/jpg	132.236.101.10 Cornell University
General Check archive.org Show headers Download Go to Show image Full URL https://adfs.ad.cornell.edu/adfs/portal/illustration/illustration.jpg?id=2B9017F290497056EE30C70B32F0E7AEF62A3176C910B0E7D95111D36A10C1E1 Requested by Host: bookezypersonalassistant.com.au URL: http://bookezypersonalassistant.com.au/cornell/cornell.html Protocol HTTP/1.1 Server 132.236.101.10 Ithaca, United States, ASN26 (CORNELL - Cornell University, US), Reverse DNS adfs.ad.cornell.edu Software Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 / Resource Hash `85076f77a3346ea1e681085bb2c175573b4748df7f1418d54388ec5b6213b1f1` Request headers Referer http://bookezypersonalassistant.com.au/cornell/cornell.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Thu, 01 Feb 2018 21:16:39 GMT Expires Sat, 03 Mar 2018 21:16:40 GMT Server Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 ETag 85076F77A3346EA1E681085BB2C175573B4748DF7F1418D54388EC5B6213B1F1 Content-Length 200925 Content-Type image/jpg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: US Universities (Education)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adfs.ad.cornell.edu
bookezypersonalassistant.com.au
132.236.101.10
198.23.59.95
20e1d7b4ab695d11a2d9834597263be8ab2d397385f64a1d79aaead644fe3e8c
85076f77a3346ea1e681085bb2c175573b4748df7f1418d54388ec5b6213b1f1
d1c0974b05e76d98dcd6a63d8f2745b4a5d19fe4486c8321b681cb3d21c51715
f9a25e9771d23f59132a9ba73580e5da637ad990d68e6c7677d9fbaab9139f5f

bookezypersonalassistant.com.au Open in urlscan Pro 198.23.59.95 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

4 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

235 kBTransfer

252 kBSize

0 Cookies

4 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

0 Cookies

Indicators

bookezypersonalassistant.com.au Open in urlscan Pro
198.23.59.95 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

235 kB
Transfer

252 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!