www.pluginwords.com Open in urlscan Pro
2400:cb00:2048:1::681b:a83c Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.pluginwords.com/image/banner/Office-outlook/
Submission: On January 25 via automatic, source openphish (January 25th 2017, 11:07:31 pm UTC)

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 2400:cb00:2048:1::681b:a83c, located in United States and belongs to CLOUDFLARENET - CloudFlare, Inc., US. The main domain is www.pluginwords.com.

This is the only time www.pluginwords.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

	IP Address	AS Autonomous System
4	2400:cb00:204... 2400:cb00:2048:1::681b:a83c	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
8	2400:cb00:204... 2400:cb00:2048:1::681b:a93c	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
12	2

4 2400:cb00:2048:1::681b:a83c (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

www.pluginwords.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2400:cb00:2048:1::681b:a93c (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

www.pluginwords.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	pluginwords.com www.pluginwords.com	297 KB
12	1

	Domain	Requested by
12	www.pluginwords.com	www.pluginwords.com
12	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://www.pluginwords.com/image/banner/Office-outlook/
Frame ID: 25348.1
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

12
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

297 kB
Transfer

561 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response www.pluginwords.com/image/banner/Office-outlook/	24 KB 7 KB	135ms 43ms	Document text/html	2400:cb00:2048:1::681b:a83c CloudFlare
General Check archive.org Show headers Download Go to Full URL http://www.pluginwords.com/image/banner/Office-outlook/ Protocol HTTP/1.1 Server 2400:cb00:2048:1::681b:a83c , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `7cc3cc7e95bcc27a4f3057b613aab180c42640f0fb3293e7699efdc8652ea59b` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Pragma no-cache Accept-Encoding gzip, deflate, sdch Host www.pluginwords.com Accept-Language en-US,en;q=0.8 Upgrade-Insecure-Requests 1 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Response headers Set-Cookie __cfduid=de1eabdd561b69cd310fa10a5c0d8c8581485385643; expires=Thu, 25-Jan-18 23:07:23 GMT; path=/; domain=.pluginwords.com; HttpOnly CF-RAY 326f6191d7e6647b-FRA Date Wed, 25 Jan 2017 23:07:23 GMT Content-Encoding gzip Server cloudflare-nginx Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Connection keep-alive
GET H/1.1	200 OK	login.ltr.css www.pluginwords.com/image/banner/Office-outlook/css/	29 KB 5 KB	42ms 36ms	Stylesheet text/css	2400:cb00:2048:1::681b:a93c CloudFlare
General Check archive.org Show headers Download Go to Full URL http://www.pluginwords.com/image/banner/Office-outlook/css/login.ltr.css Requested by Host: www.pluginwords.com URL: http://www.pluginwords.com/image/banner/Office-outlook/ Protocol HTTP/1.1 Server 2400:cb00:2048:1::681b:a93c , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `1e3690b37bff80fd8a060f01e926ca5799c1391508520601226d7007d3331b4d` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Accept text/css,/;q=0.1 Cookie __cfduid=de1eabdd561b69cd310fa10a5c0d8c8581485385643 Connection keep-alive Host www.pluginwords.com Accept-Language en-US,en;q=0.8 Referer http://www.pluginwords.com/image/banner/Office-outlook/ Cache-Control no-cache Referer http://www.pluginwords.com/image/banner/Office-outlook/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Response headers Last-Modified Tue, 03 Nov 2015 15:51:50 GMT Server cloudflare-nginx Vary Accept-Encoding Cache-Control public, max-age=14400 Transfer-Encoding chunked Date Wed, 25 Jan 2017 23:07:23 GMT Content-Encoding gzip CF-Cache-Status REVALIDATED CF-RAY 326f619224c4268a-FRA Content-Type text/css Connection keep-alive Expires Thu, 26 Jan 2017 03:07:23 GMT
GET H/1.1	200 OK	login.hover.css www.pluginwords.com/image/banner/Office-outlook/css/	332 B 190 B	38ms 31ms	Stylesheet text/css	2400:cb00:2048:1::681b:a93c CloudFlare
General Check archive.org Show headers Download Go to Full URL http://www.pluginwords.com/image/banner/Office-outlook/css/login.hover.css Requested by Host: www.pluginwords.com URL: http://www.pluginwords.com/image/banner/Office-outlook/ Protocol HTTP/1.1 Server 2400:cb00:2048:1::681b:a93c , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `b13c62ced0284d26df5d1ce5d05effe4ed8d9d04e1d9dfc0cc4c40db39c884bd` Request headers Cache-Control no-cache Referer http://www.pluginwords.com/image/banner/Office-outlook/ Connection keep-alive Host www.pluginwords.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Accept text/css,/;q=0.1 Cookie __cfduid=de1eabdd561b69cd310fa10a5c0d8c8581485385643 Pragma no-cache Accept-Encoding gzip, deflate, sdch Referer http://www.pluginwords.com/image/banner/Office-outlook/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Response headers Content-Type text/css Connection keep-alive CF-RAY 326f619222a02678-FRA Expires Thu, 26 Jan 2017 03:07:23 GMT Last-Modified Tue, 03 Nov 2015 15:51:52 GMT Content-Encoding gzip CF-Cache-Status REVALIDATED Server cloudflare-nginx Vary Accept-Encoding Cache-Control public, max-age=14400 Transfer-Encoding chunked Date Wed, 25 Jan 2017 23:07:23 GMT
GET H/1.1	200 OK	jquery-1.11.2.min.js Show response www.pluginwords.com/image/banner/Office-outlook/js/	94 KB 33 KB	47ms 40ms	Script application/javascript	2400:cb00:2048:1::681b:a93c CloudFlare
General Check archive.org Show headers Download Go to Full URL http://www.pluginwords.com/image/banner/Office-outlook/js/jquery-1.11.2.min.js Requested by Host: www.pluginwords.com URL: http://www.pluginwords.com/image/banner/Office-outlook/ Protocol HTTP/1.1 Server 2400:cb00:2048:1::681b:a93c , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `a271a3f9e3cae897ced669d6652699e947928ef095e56384c4f9dd04bbb942ec` Request headers Cookie __cfduid=de1eabdd561b69cd310fa10a5c0d8c8581485385643 Connection keep-alive Host www.pluginwords.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Accept-Language en-US,en;q=0.8 Accept / Referer http://www.pluginwords.com/image/banner/Office-outlook/ Cache-Control no-cache Pragma no-cache Accept-Encoding gzip, deflate, sdch User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Referer http://www.pluginwords.com/image/banner/Office-outlook/ Response headers Connection keep-alive CF-RAY 326f619220b3650b-FRA Expires Thu, 26 Jan 2017 03:07:23 GMT Content-Encoding gzip CF-Cache-Status REVALIDATED Vary Accept-Encoding Cache-Control public, max-age=14400 Transfer-Encoding chunked Date Wed, 25 Jan 2017 23:07:23 GMT Last-Modified Tue, 03 Nov 2015 15:51:52 GMT Server cloudflare-nginx Content-Type application/javascript
GET H/1.1	200 OK	jquery-migrate-1.2.1.min.js Show response www.pluginwords.com/image/banner/Office-outlook/js/	7 KB 3 KB	44ms 37ms	Script application/javascript	2400:cb00:2048:1::681b:a93c CloudFlare
General Check archive.org Show headers Download Go to Full URL http://www.pluginwords.com/image/banner/Office-outlook/js/jquery-migrate-1.2.1.min.js Requested by Host: www.pluginwords.com URL: http://www.pluginwords.com/image/banner/Office-outlook/ Protocol HTTP/1.1 Server 2400:cb00:2048:1::681b:a93c , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `c4d24f6b27cc7ceea56fbec786bb1f486fdad9a1f998f760f76d1f44671e105c` Request headers Accept / Cookie __cfduid=de1eabdd561b69cd310fa10a5c0d8c8581485385643 Connection keep-alive Cache-Control no-cache Pragma no-cache Accept-Encoding gzip, deflate, sdch Host www.pluginwords.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Referer http://www.pluginwords.com/image/banner/Office-outlook/ Referer http://www.pluginwords.com/image/banner/Office-outlook/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Response headers Connection keep-alive Expires Thu, 26 Jan 2017 03:07:23 GMT Date Wed, 25 Jan 2017 23:07:23 GMT Cache-Control public, max-age=14400 Transfer-Encoding chunked Server cloudflare-nginx Vary Accept-Encoding Content-Type application/javascript CF-RAY 326f619220e7270e-FRA Content-Encoding gzip CF-Cache-Status REVALIDATED Last-Modified Tue, 03 Nov 2015 15:51:52 GMT
GET H/1.1	200 OK	jquery.easing.1.3.js Show response www.pluginwords.com/image/banner/Office-outlook/js/	6 KB 2 KB	42ms 35ms	Script application/javascript	2400:cb00:2048:1::681b:a93c CloudFlare
General Check archive.org Show headers Download Go to Full URL http://www.pluginwords.com/image/banner/Office-outlook/js/jquery.easing.1.3.js Requested by Host: www.pluginwords.com URL: http://www.pluginwords.com/image/banner/Office-outlook/ Protocol HTTP/1.1 Server 2400:cb00:2048:1::681b:a93c , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `bb18ea88abb17318fe8ac13deb7c7115480a6f489ab16f4951ad9627ab18f7da` Request headers Referer http://www.pluginwords.com/image/banner/Office-outlook/ Cookie __cfduid=de1eabdd561b69cd310fa10a5c0d8c8581485385643 Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Accept / Connection keep-alive Cache-Control no-cache Pragma no-cache Accept-Encoding gzip, deflate, sdch Host www.pluginwords.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Referer http://www.pluginwords.com/image/banner/Office-outlook/ Response headers Cache-Control public, max-age=14400 Transfer-Encoding chunked Connection keep-alive Date Wed, 25 Jan 2017 23:07:23 GMT CF-Cache-Status REVALIDATED Last-Modified Tue, 03 Nov 2015 15:51:52 GMT Server cloudflare-nginx Vary Accept-Encoding Content-Type application/javascript CF-RAY 326f619221150893-FRA Expires Thu, 26 Jan 2017 03:07:23 GMT Content-Encoding gzip
GET H/1.1	200 OK	aad.login.min.js Show response www.pluginwords.com/image/banner/Office-outlook/js/	184 KB 36 KB	50ms 41ms	Script application/javascript	2400:cb00:2048:1::681b:a83c CloudFlare
General Check archive.org Show headers Download Go to Full URL http://www.pluginwords.com/image/banner/Office-outlook/js/aad.login.min.js Requested by Host: www.pluginwords.com URL: http://www.pluginwords.com/image/banner/Office-outlook/ Protocol HTTP/1.1 Server 2400:cb00:2048:1::681b:a83c , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `31fbb36adc6347fb5d501e45be2d6786d7c235d23761fc2693135e8a24edd8e3` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host www.pluginwords.com Accept / Cookie __cfduid=de1eabdd561b69cd310fa10a5c0d8c8581485385643 Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Referer http://www.pluginwords.com/image/banner/Office-outlook/ Connection keep-alive Cache-Control no-cache Referer http://www.pluginwords.com/image/banner/Office-outlook/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Response headers Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive CF-Cache-Status REVALIDATED Last-Modified Tue, 03 Nov 2015 16:04:26 GMT Server cloudflare-nginx Cache-Control public, max-age=14400 CF-RAY 326f6192300d647b-FRA Expires Thu, 26 Jan 2017 03:07:23 GMT Date Wed, 25 Jan 2017 23:07:23 GMT Content-Encoding gzip Vary Accept-Encoding
GET H/1.1	200 OK	heroillustration.jpg www.pluginwords.com/image/banner/Office-outlook/img/	199 KB 199 KB	30ms 30ms	Image image/jpeg	2400:cb00:2048:1::681b:a83c CloudFlare
General Check archive.org Show headers Download Go to Show image Full URL http://www.pluginwords.com/image/banner/Office-outlook/img/heroillustration.jpg Requested by Host: www.pluginwords.com URL: http://www.pluginwords.com/image/banner/Office-outlook/ Protocol HTTP/1.1 Server 2400:cb00:2048:1::681b:a83c , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b` Request headers Accept-Language en-US,en;q=0.8 Cookie __cfduid=de1eabdd561b69cd310fa10a5c0d8c8581485385643 Cache-Control no-cache Accept-Encoding gzip, deflate, sdch Host www.pluginwords.com Accept image/webp,image/,/;q=0.8 Referer* http://www.pluginwords.com/image/banner/Office-outlook/ Connection keep-alive Pragma no-cache User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Referer http://www.pluginwords.com/image/banner/Office-outlook/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Response headers Accept-Ranges bytes Date Wed, 25 Jan 2017 23:07:23 GMT Last-Modified Sun, 24 Apr 2016 23:05:28 GMT Server cloudflare-nginx Vary Accept-Encoding Content-Type image/jpeg Cache-Control public, max-age=14400 Connection keep-alive CF-Cache-Status REVALIDATED CF-RAY 326f61927027647b-FRA Content-Length 203294 Expires Thu, 26 Jan 2017 03:07:23 GMT
GET H/1.1	200 OK	ad_glyph_footer_30x30.png www.pluginwords.com/image/banner/Office-outlook/img/	4 KB 4 KB	580ms 580ms	Image image/png	2400:cb00:2048:1::681b:a93c CloudFlare
General Check archive.org Show headers Download Go to Show image Full URL http://www.pluginwords.com/image/banner/Office-outlook/img/ad_glyph_footer_30x30.png Requested by Host: www.pluginwords.com URL: http://www.pluginwords.com/image/banner/Office-outlook/ Protocol HTTP/1.1 Server 2400:cb00:2048:1::681b:a93c , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `b3c4fd39a0c96930c595c60d3bd41ed0fb032380017fb367db5e7c4c9cf0bf52` Request headers Pragma no-cache Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Accept image/webp,image/,/;q=0.8 Connection* keep-alive Cache-Control no-cache Accept-Encoding gzip, deflate, sdch Host www.pluginwords.com Referer http://www.pluginwords.com/image/banner/Office-outlook/ Cookie __cfduid=de1eabdd561b69cd310fa10a5c0d8c8581485385643 Referer http://www.pluginwords.com/image/banner/Office-outlook/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Response headers Last-Modified Tue, 03 Nov 2015 15:51:52 GMT Vary Accept-Encoding Date Wed, 25 Jan 2017 23:07:24 GMT Server cloudflare-nginx Content-Type image/png Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 326f6192b122270e-FRA Content-Length 3863 CF-Cache-Status REVALIDATED Expires Thu, 26 Jan 2017 03:07:24 GMT
GET H/1.1	200 OK	login1.hover.css www.pluginwords.com/image/banner/Office-outlook/css/	332 B 190 B	28ms 27ms	Stylesheet text/css	2400:cb00:2048:1::681b:a93c CloudFlare
General Check archive.org Show headers Download Go to Full URL http://www.pluginwords.com/image/banner/Office-outlook/css/login1.hover.css Requested by Host: www.pluginwords.com URL: http://www.pluginwords.com/image/banner/Office-outlook/ Protocol HTTP/1.1 Server 2400:cb00:2048:1::681b:a93c , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `b13c62ced0284d26df5d1ce5d05effe4ed8d9d04e1d9dfc0cc4c40db39c884bd` Request headers Accept text/css,/;q=0.1 Cookie __cfduid=de1eabdd561b69cd310fa10a5c0d8c8581485385643 Connection keep-alive Cache-Control no-cache Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Host www.pluginwords.com Referer http://www.pluginwords.com/image/banner/Office-outlook/ Pragma no-cache Accept-Encoding gzip, deflate, sdch Referer http://www.pluginwords.com/image/banner/Office-outlook/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Response headers CF-RAY 326f61927106270e-FRA Expires Thu, 26 Jan 2017 03:07:23 GMT Date Wed, 25 Jan 2017 23:07:23 GMT Content-Encoding gzip Last-Modified Tue, 03 Nov 2015 15:55:54 GMT Server cloudflare-nginx Transfer-Encoding chunked CF-Cache-Status MISS Vary Accept-Encoding Content-Type text/css Cache-Control public, max-age=14400 Connection keep-alive
GET H/1.1	200 OK	bannerlogo www.pluginwords.com/image/banner/Office-outlook/img/	4 KB 4 KB	19ms 18ms	Image image/png	2400:cb00:2048:1::681b:a83c CloudFlare
General Check archive.org Show headers Download Go to Show image Full URL http://www.pluginwords.com/image/banner/Office-outlook/img/bannerlogo Requested by Host: www.pluginwords.com URL: http://www.pluginwords.com/image/banner/Office-outlook/ Protocol HTTP/1.1 Server 2400:cb00:2048:1::681b:a83c , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Accept image/webp,image/,/;q=0.8 Referer* http://www.pluginwords.com/image/banner/Office-outlook/ Connection keep-alive Cache-Control no-cache Host www.pluginwords.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Cookie __cfduid=de1eabdd561b69cd310fa10a5c0d8c8581485385643 Referer http://www.pluginwords.com/image/banner/Office-outlook/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Response headers Connection keep-alive Accept-Ranges bytes CF-RAY 326f6192f057647b-FRA Content-Length 4585 Date Wed, 25 Jan 2017 23:07:24 GMT Last-Modified Tue, 03 Nov 2015 15:51:52 GMT Server cloudflare-nginx
GET H/1.1	200 OK	favicon_a.ico www.pluginwords.com/image/banner/Office-outlook/img/	11 KB 4 KB	995ms 995ms	Other image/x-icon	2400:cb00:2048:1::681b:a93c CloudFlare
General Check archive.org Show headers Download Go to Full URL http://www.pluginwords.com/image/banner/Office-outlook/img/favicon_a.ico Protocol HTTP/1.1 Server 2400:cb00:2048:1::681b:a93c , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `ab40e2c4c2163172c7f5285238114a54ede2ce8a3497c10049988e4515b9a608` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Referer http://www.pluginwords.com/image/banner/Office-outlook/ Cache-Control no-cache Host www.pluginwords.com Accept image/webp,image/,/;q=0.8 Cookie* __cfduid=de1eabdd561b69cd310fa10a5c0d8c8581485385643 Connection keep-alive Referer http://www.pluginwords.com/image/banner/Office-outlook/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Response headers Content-Type image/x-icon Connection keep-alive Expires Thu, 26 Jan 2017 03:07:25 GMT Date Wed, 25 Jan 2017 23:07:25 GMT CF-Cache-Status REVALIDATED Vary Accept-Encoding Cache-Control public, max-age=14400 Transfer-Encoding chunked CF-RAY 326f619652f0270e-FRA Content-Encoding gzip Last-Modified Tue, 03 Nov 2015 15:55:02 GMT Server cloudflare-nginx

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.pluginwords.com/	2018-01-25 23:07:23	Name: __cfduid Value: de1eabdd561b69cd310fa10a5c0d8c8581485385643

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.pluginwords.com
2400:cb00:2048:1::681b:a83c
2400:cb00:2048:1::681b:a93c
1e3690b37bff80fd8a060f01e926ca5799c1391508520601226d7007d3331b4d
31fbb36adc6347fb5d501e45be2d6786d7c235d23761fc2693135e8a24edd8e3
7cc3cc7e95bcc27a4f3057b613aab180c42640f0fb3293e7699efdc8652ea59b
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
a271a3f9e3cae897ced669d6652699e947928ef095e56384c4f9dd04bbb942ec
ab40e2c4c2163172c7f5285238114a54ede2ce8a3497c10049988e4515b9a608
b13c62ced0284d26df5d1ce5d05effe4ed8d9d04e1d9dfc0cc4c40db39c884bd
b3c4fd39a0c96930c595c60d3bd41ed0fb032380017fb367db5e7c4c9cf0bf52
bb18ea88abb17318fe8ac13deb7c7115480a6f489ab16f4951ad9627ab18f7da
c4d24f6b27cc7ceea56fbec786bb1f486fdad9a1f998f760f76d1f44671e105c
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603

www.pluginwords.com Open in urlscan Pro 2400:cb00:2048:1::681b:a83c Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

12 Requests

0 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

297 kBTransfer

561 kBSize

1 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

www.pluginwords.com Open in urlscan Pro
2400:cb00:2048:1::681b:a83c Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

297 kB
Transfer

561 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!