stilkom-jogi.com.mk Open in urlscan Pro
37.26.96.242 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://stilkom-jogi.com.mk/SupportNewSharePoint/
Submission: On July 14 via api (July 14th 2020, 5:49:55 am UTC) from TW

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 37.26.96.242, located in Kumanovo, Macedonia, The Former Yugoslav Republic Of and belongs to INEL-AS-, MK. The main domain is stilkom-jogi.com.mk.

This is the only time stilkom-jogi.com.mk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online) Excel / PDF download (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 4	37.26.96.242 37.26.96.242	49056 (INEL-AS-) (INEL-AS-)
2	52.206.44.31 52.206.44.31	14618 (AMAZON-AES) (AMAZON-AES)
3	2600:9000:21f... 2600:9000:21f3:a400:5:944f:ee00:93a1	16509 (AMAZON-02) (AMAZON-02)
8	3

4 37.26.96.242 (Kumanovo, Macedonia, The Former Yugoslav Republic Of) 1 redirects

ASN49056 (INEL-AS-, MK)

stilkom-jogi.com.mk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.206.44.31 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

app.smartsheet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:21f3:a400:5:944f:ee00:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.smartsheet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	smartsheet.com app.smartsheet.com s.smartsheet.com	5 KB
4	stilkom-jogi.com.mk 1 redirects stilkom-jogi.com.mk	145 KB
8	2

	Domain	Requested by
4	stilkom-jogi.com.mk	1 redirects stilkom-jogi.com.mk
3	s.smartsheet.com	stilkom-jogi.com.mk
2	app.smartsheet.com	stilkom-jogi.com.mk
8	3

This site contains no links.

Subject Issuer	Validity	Valid
app.smartsheet.com DigiCert SHA2 Secure Server CA	`2019-07-31` - `2021-08-04`	2 years	crt.sh
s.smartsheet.com DigiCert SHA2 Secure Server CA	`2019-10-13` - `2020-10-16`	a year	crt.sh

This page contains 2 frames:

Primary Page: http://stilkom-jogi.com.mk/SupportNewSharePoint/
Frame ID: 38493E602D735BAF6D31937D1CDC0001
Requests: 7 HTTP requests in this frame

Frame: https://s.smartsheet.com/b/htmlSandbox/gtm-iframe_v2.html?http%3A%2F%2Fstilkom-jogi.com.mk&GTM-5GPPFG&eventObject=login%20screen&eventNoun=Form%20-%20Login
Frame ID: F1512203B5E164F1A636A520C8ABF473
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://stilkom-jogi.com.mk/SupportNewSharePoint HTTP 301
http://stilkom-jogi.com.mk/SupportNewSharePoint/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

8
Requests

63 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

150 kB
Transfer

148 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://stilkom-jogi.com.mk/SupportNewSharePoint HTTP 301
http://stilkom-jogi.com.mk/SupportNewSharePoint/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response stilkom-jogi.com.mk/SupportNewSharePoint/ Redirect Chain http://stilkom-jogi.com.mk/SupportNewSharePoint http://stilkom-jogi.com.mk/SupportNewSharePoint/	10 KB 10 KB	64ms 64ms	Document text/html	37.26.96.242 INEL-AS-
General Check archive.org Show headers Download Go to Full URL http://stilkom-jogi.com.mk/SupportNewSharePoint/ Protocol HTTP/1.1 Server 37.26.96.242 Kumanovo, Macedonia, The Former Yugoslav Republic Of, ASN49056 (INEL-AS-, MK), Reverse DNS Software Apache / Resource Hash `42cf9477a35603bbe988a4de4a02d0b6c6911d88355bed02c6b49501299ba52b` Request headers Host stilkom-jogi.com.mk Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 14 Jul 2020 05:49:38 GMT Server Apache Content-Length 10412 Keep-Alive timeout=5, max=119 Connection Keep-Alive Content-Type text/html; charset=UTF-8 Redirect headers Date Tue, 14 Jul 2020 05:49:38 GMT Server Apache Location http://stilkom-jogi.com.mk/SupportNewSharePoint/ Content-Length 256 Keep-Alive timeout=5, max=120 Connection Keep-Alive Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	login.2x_59.2.3.css stilkom-jogi.com.mk/SupportNewSharePoint/	10 KB 10 KB	68ms 60ms	Stylesheet text/css	37.26.96.242 INEL-AS-
General Check archive.org Show headers Download Go to Full URL http://stilkom-jogi.com.mk/SupportNewSharePoint/login.2x_59.2.3.css Requested by Host: stilkom-jogi.com.mk URL: http://stilkom-jogi.com.mk/SupportNewSharePoint/ Protocol HTTP/1.1 Server 37.26.96.242 Kumanovo, Macedonia, The Former Yugoslav Republic Of, ASN49056 (INEL-AS-, MK), Reverse DNS Software Apache / Resource Hash `fbbb7bda18ada7a941d79335b49119595dc41d737fcd06a130c60283d5e16ee2` Request headers Referer http://stilkom-jogi.com.mk/SupportNewSharePoint/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 14 Jul 2020 05:49:39 GMT Last-Modified Thu, 08 Feb 2018 00:05:28 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=118 Content-Length 10178
GET H2	404	1_59.2.3.js app.smartsheet.com/b/javascript/	0 0	311ms 98ms	Script text/html	52.206.44.31 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://app.smartsheet.com/b/javascript/1_59.2.3.js Requested by Host: stilkom-jogi.com.mk URL: http://stilkom-jogi.com.mk/SupportNewSharePoint/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.206.44.31 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software / Resource Hash Request headers Referer http://stilkom-jogi.com.mk/SupportNewSharePoint/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers
GET H2	404	LG_59.2.3.js app.smartsheet.com/b/javascript/	0 0	311ms 99ms	Script text/html	52.206.44.31 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://app.smartsheet.com/b/javascript/LG_59.2.3.js Requested by Host: stilkom-jogi.com.mk URL: http://stilkom-jogi.com.mk/SupportNewSharePoint/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.206.44.31 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software / Resource Hash Request headers Referer http://stilkom-jogi.com.mk/SupportNewSharePoint/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers
GET H2	200	img_login_google2.2x.png s.smartsheet.com/b/images/	4 KB 4 KB	61ms 8ms	Image image/png	2600:9000:21f3:a400:5:944f:ee00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s.smartsheet.com/b/images/img_login_google2.2x.png Requested by Host: stilkom-jogi.com.mk URL: http://stilkom-jogi.com.mk/SupportNewSharePoint/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2600:9000:21f3:a400:5:944f:ee00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash `174b1cf225e5d72596d3d4b62880b4950c7a0bad706ada28b797e8a706cce0da` Request headers Referer http://stilkom-jogi.com.mk/SupportNewSharePoint/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 11 Jul 2020 01:42:26 GMT via 1.1 ac0e9b19969df989a920e6d1b834d009.cloudfront.net (CloudFront) last-modified Tue, 23 Jun 2020 22:40:04 GMT server nginx age 274032 etag "5ef284c4-e8b" x-cache Hit from cloudfront content-type image/png status 200 cache-control max-age=7776000 x-amz-cf-pop FRA2-C2 accept-ranges bytes content-length 3723 x-amz-cf-id ON5A_mrwKV3OmrWqJniMjHqlGzhjaKxKDqgCenNmfZ2nNl-99Cz0yg== expires Fri, 09 Oct 2020 01:42:26 GMT
GET H2	200	img_login_microsoft2.2x.png s.smartsheet.com/b/images/	455 B 811 B	62ms 9ms	Image image/png	2600:9000:21f3:a400:5:944f:ee00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s.smartsheet.com/b/images/img_login_microsoft2.2x.png Requested by Host: stilkom-jogi.com.mk URL: http://stilkom-jogi.com.mk/SupportNewSharePoint/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2600:9000:21f3:a400:5:944f:ee00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash `9864fdf995368063ea9a55fb0f6baa42cfb677c33d704f959459b0848dbda8b3` Request headers Referer http://stilkom-jogi.com.mk/SupportNewSharePoint/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 11 Jul 2020 01:42:26 GMT via 1.1 ac0e9b19969df989a920e6d1b834d009.cloudfront.net (CloudFront) last-modified Tue, 23 Jun 2020 22:40:04 GMT server nginx age 274032 etag "5ef284c4-1c7" x-cache Hit from cloudfront content-type image/png status 200 cache-control max-age=7776000 x-amz-cf-pop FRA2-C2 accept-ranges bytes content-length 455 x-amz-cf-id IwUzCCzloC3WNXGQtxvYIrIxFEBmIH0bXvLupOlXXCX4QMN6HuNGjA== expires Fri, 09 Oct 2020 01:42:26 GMT
GET H/1.1	200 OK	background.png stilkom-jogi.com.mk/SupportNewSharePoint/	124 KB 124 KB	60ms 60ms	Image image/png	37.26.96.242 INEL-AS-
General Check archive.org Show headers Download Go to Show image Full URL http://stilkom-jogi.com.mk/SupportNewSharePoint/background.png Requested by Host: stilkom-jogi.com.mk URL: http://stilkom-jogi.com.mk/SupportNewSharePoint/ Protocol HTTP/1.1 Server 37.26.96.242 Kumanovo, Macedonia, The Former Yugoslav Republic Of, ASN49056 (INEL-AS-, MK), Reverse DNS Software Apache / Resource Hash `c19c6bf692e65d94046ad86cf85f227ea8c6d6f54817d1022ee298fb5d7ba2a4` Request headers Referer http://stilkom-jogi.com.mk/SupportNewSharePoint/login.2x_59.2.3.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 14 Jul 2020 05:49:39 GMT Last-Modified Wed, 07 Feb 2018 23:54:58 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=117 Content-Length 127106
GET H2	200	gtm-iframe_v2.html s.smartsheet.com/b/htmlSandbox/ Frame F151	0 0	28ms 7ms	Document text/html	2600:9000:21f3:a400:5:944f:ee00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s.smartsheet.com/b/htmlSandbox/gtm-iframe_v2.html?http%3A%2F%2Fstilkom-jogi.com.mk&GTM-5GPPFG&eventObject=login%20screen&eventNoun=Form%20-%20Login Requested by Host: stilkom-jogi.com.mk URL: http://stilkom-jogi.com.mk/SupportNewSharePoint/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2600:9000:21f3:a400:5:944f:ee00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash Request headers :method GET :authority s.smartsheet.com :scheme https :path /b/htmlSandbox/gtm-iframe_v2.html?http%3A%2F%2Fstilkom-jogi.com.mk&GTM-5GPPFG&eventObject=login%20screen&eventNoun=Form%20-%20Login pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer http://stilkom-jogi.com.mk/SupportNewSharePoint/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://stilkom-jogi.com.mk/SupportNewSharePoint/ Response headers status 200 content-type text/html content-length 3351 date Tue, 14 Jul 2020 01:40:50 GMT server nginx last-modified Tue, 23 Jun 2020 22:40:06 GMT etag "5ef284c6-d17" accept-ranges bytes x-cache Hit from cloudfront via 1.1 ac0e9b19969df989a920e6d1b834d009.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C2 x-amz-cf-id JSIKlEoqGsgYRYzYEkGiA1VJcCFop51i1YrWbfTazu_4gcpE66z4Ng== age 14929

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online) Excel / PDF download (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.smartsheet.com/	1970-01-19 10:58:25	Name: _gat_UA-315244-6 Value: 1
.smartsheet.com/	1970-01-19 10:58:25	Name: _dc_gtm_UA-315244-6 Value: 1
.smartsheet.com/	1970-01-19 10:59:52	Name: _gid Value: GA1.2.1179169977.1594705779
.smartsheet.com/	1970-01-20 04:29:37	Name: _ga Value: GA1.2.1331812084.1594705779

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.smartsheet.com
s.smartsheet.com
stilkom-jogi.com.mk
2600:9000:21f3:a400:5:944f:ee00:93a1
37.26.96.242
52.206.44.31
174b1cf225e5d72596d3d4b62880b4950c7a0bad706ada28b797e8a706cce0da
42cf9477a35603bbe988a4de4a02d0b6c6911d88355bed02c6b49501299ba52b
9864fdf995368063ea9a55fb0f6baa42cfb677c33d704f959459b0848dbda8b3
c19c6bf692e65d94046ad86cf85f227ea8c6d6f54817d1022ee298fb5d7ba2a4
fbbb7bda18ada7a941d79335b49119595dc41d737fcd06a130c60283d5e16ee2

stilkom-jogi.com.mk Open in urlscan Pro 37.26.96.242 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

63 %HTTPS

33 %IPv6

2 Domains

3 Subdomains

3 IPs

2 Countries

150 kBTransfer

148 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

4 Cookies

Indicators

stilkom-jogi.com.mk Open in urlscan Pro
37.26.96.242 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

63 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

150 kB
Transfer

148 kB
Size

4
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!