urlscan.io logo urlscan.io
SecurityTrails logo

jdanielcook.net Open in urlscan Pro
208.97.150.110  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://win2003.verylegit.link/983spyware.gpg.docm
Effective URL: https://jdanielcook.net/myitems_422/excel/
Submission: On July 17 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 5 HTTP transactions. The main IP is 208.97.150.110, located in Brea, United States and belongs to DREAMHOST-AS - New Dream Network, LLC, US. The main domain is jdanielcook.net.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 9th 2018. Valid for: 3 months.
This is the only time jdanielcook.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 2400:cb00:204... 13335 (CLOUDFLAR...)
1 112.137.133.5 45542 (VNU-AS-VN...)
1 208.97.150.110 26347 (DREAMHOST-AS)
1 151.101.12.193 54113 (FASTLY)
1 3 151.101.112.193 54113 (FASTLY)
5 4
1    2400:cb00:2048:1::6812:2001 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
win2003.verylegit.link
1    112.137.133.5 (Hanoi, Viet Nam)

ASN45542 (VNU-AS-VN VietNam National University Ha Noi, VN)
www.cea.vnu.edu.vn
1    208.97.150.110 (Brea, United States)

ASN26347 (DREAMHOST-AS - New Dream Network, LLC, US)
PTR: apache2-jolly.pike.dreamhost.com
jdanielcook.net
1    151.101.12.193 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
i.imgur.com
3    151.101.112.193 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
i.imgur.com
Apex Domain
Subdomains		 Transfer
4 imgur.com
i.imgur.com
6 KB
1 jdanielcook.net
jdanielcook.net
8 KB
1 vnu.edu.vn
www.cea.vnu.edu.vn
349 B
1 verylegit.link
win2003.verylegit.link
354 B
5 4
Domain Requested by
4 i.imgur.com 1 redirects jdanielcook.net
1 jdanielcook.net www.cea.vnu.edu.vn
1 www.cea.vnu.edu.vn
1 win2003.verylegit.link 1 redirects
5 4

This site contains no links.

Subject Issuer Validity Valid
jdanielcook.net
Let's Encrypt Authority X3		 2018-07-09 -
2018-10-07		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://jdanielcook.net/myitems_422/excel/
Frame ID: AE1659F310939C1A74186EAF5433EC58
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://win2003.verylegit.link/983spyware.gpg.docm HTTP 302
    http://www.cea.vnu.edu.vn/misc/ui/ Page URL
  2. https://jdanielcook.net/myitems_422/excel/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /CentOS/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

5
Requests

20 %
HTTPS

20 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

14 kB
Transfer

12 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://win2003.verylegit.link/983spyware.gpg.docm HTTP 302
    http://www.cea.vnu.edu.vn/misc/ui/ Page URL
  2. https://jdanielcook.net/myitems_422/excel/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://win2003.verylegit.link/983spyware.gpg.docm HTTP 302
  • http://www.cea.vnu.edu.vn/misc/ui/
Request Chain 3
  • http://i.imgur.com/9K48krG.jpg HTTP 302
  • http://i.imgur.com/removed.png

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www.cea.vnu.edu.vn/misc/ui/
Redirect Chain
  • https://win2003.verylegit.link/983spyware.gpg.docm
  • http://www.cea.vnu.edu.vn/misc/ui/
105 B
349 B 		Document
General
Check archive.org
Download Go to
Full URL
http://www.cea.vnu.edu.vn/misc/ui/
Protocol
HTTP/1.1
Server
112.137.133.5 Hanoi, Viet Nam, ASN45542 (VNU-AS-VN VietNam National University Ha Noi, VN),
Reverse DNS
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
2cfaf8ee3674d1c07f59b2a5dbc8988d897759c2746d534b4e03320553e33ad3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Host
www.cea.vnu.edu.vn
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
AE1659F310939C1A74186EAF5433EC58

Response headers

Date
Tue, 17 Jul 2018 18:09:03 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
X-Content-Type-Options
nosniff
Connection
close
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

status
302
date
Tue, 17 Jul 2018 18:08:48 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d183cc5c321cc7317a1add64efc8c8b011531850928; expires=Wed, 17-Jul-19 18:08:48 GMT; path=/; domain=.verylegit.link; HttpOnly
location
http://www.cea.vnu.edu.vn/misc/ui/
x-cloud-trace-context
d9ae9b69a0f9281eac085a89ba99eb4d;o=1
vary
Accept-Encoding
cache-control
private
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
43bea7ed9bfb6511-FRA
Primary Request /
jdanielcook.net/myitems_422/excel/ 		7 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://jdanielcook.net/myitems_422/excel/
Requested by
Host: www.cea.vnu.edu.vn
URL: http://www.cea.vnu.edu.vn/misc/ui/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.97.150.110 Brea, United States, ASN26347 (DREAMHOST-AS - New Dream Network, LLC, US),
Reverse DNS
apache2-jolly.pike.dreamhost.com
Software
Apache /
Resource Hash
b77cea41e8253b5024beedbd43764cdaceca5cf1ca99624218b91def6e4afd09

Request headers

Host
jdanielcook.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://www.cea.vnu.edu.vn/misc/ui/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
AE1659F310939C1A74186EAF5433EC58
Referer
http://www.cea.vnu.edu.vn/misc/ui/

Response headers

Date
Tue, 17 Jul 2018 18:08:49 GMT
Server
Apache
Content-Length
7655
Keep-Alive
timeout=2, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
v2dKDaf.png
i.imgur.com/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://i.imgur.com/v2dKDaf.png
Requested by
Host: jdanielcook.net
URL: https://jdanielcook.net/myitems_422/excel/
Protocol
HTTP/1.1
Server
151.101.12.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
7900a6daf04859fef2501b2cf08851772deae586328d56d79a36e86c689851c5

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 17 Jul 2018 18:08:50 GMT
Age
6804006
X-Cache
HIT, HIT
Connection
keep-alive
Content-Length
3432
X-Served-By
cache-iad2130-IAD, cache-fra19143-FRA
Last-Modified
Thu, 08 Dec 2016 14:15:11 GMT
Server
cat factory 1.0
X-Timer
S1531850930.044769,VS0,VE0
ETag
"75099623c84266df9d4613b6caa88969"
Access-Control-Allow-Methods
GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
cache-control
public, max-age=31536000
Accept-Ranges
bytes
X-Cache-Hits
1, 3
I7G94LL.gif
i.imgur.com/ 		543 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://i.imgur.com/I7G94LL.gif
Requested by
Host: jdanielcook.net
URL: https://jdanielcook.net/myitems_422/excel/
Protocol
HTTP/1.1
Server
151.101.112.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
1a99a5a5bc47565a8b69c76e5f6469fc2361ad01c2c1db013dcab55300020e95

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 17 Jul 2018 18:08:50 GMT
Age
8051438
X-Cache
HIT, HIT
Connection
keep-alive
Content-Length
543
X-Served-By
cache-iad2122-IAD, cache-hhn1522-HHN
Last-Modified
Thu, 08 Dec 2016 14:18:49 GMT
Server
cat factory 1.0
X-Timer
S1531850930.050724,VS0,VE1
ETag
"b6a0113af4e29fe6693004e7ce659bd4"
Access-Control-Allow-Methods
GET, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
*
cache-control
public, max-age=31536000
Accept-Ranges
bytes
X-Cache-Hits
1, 1
removed.png
i.imgur.com/
Redirect Chain
  • http://i.imgur.com/9K48krG.jpg
  • http://i.imgur.com/removed.png
503 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://i.imgur.com/removed.png
Requested by
Host: jdanielcook.net
URL: https://jdanielcook.net/myitems_422/excel/
Protocol
HTTP/1.1
Server
151.101.112.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
9b5936f4006146e4e1e9025b474c02863c0b5614132ad40db4b925a10e8bfbb9

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 17 Jul 2018 18:08:50 GMT
Age
25833390
X-Cache
HIT, HIT
Connection
keep-alive
Content-Length
503
X-Served-By
cache-iad2123-IAD, cache-hhn1530-HHN
Last-Modified
Wed, 14 May 2014 05:44:36 GMT
Server
cat factory 1.0
X-Timer
S1531850930.155538,VS0,VE0
ETag
"d835884373f4d6c8f24742ceabe74946"
Access-Control-Allow-Methods
GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
cache-control
public, max-age=31536000
Accept-Ranges
bytes
X-Cache-Hits
96781, 204801

Redirect headers

Date
Tue, 17 Jul 2018 18:08:50 GMT
Server
cat factory 1.0
Age
0
X-Served-By
cache-iad2149-IAD, cache-hhn1530-HHN
Access-Control-Allow-Methods
GET, OPTIONS
Location
http://i.imgur.com/removed.png
X-Cache
MISS, MISS
Connection
keep-alive
Accept-Ranges
bytes
X-Timer
S1531850930.052649,VS0,VE96
Access-Control-Allow-Origin
*
Content-Length
0
Retry-After
0
X-Cache-Hits
0, 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| validateForm

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff