urlscan.io logo urlscan.io
SecurityTrails logo

vectorgroupdoo.com Open in urlscan Pro
31.220.4.139  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://vectorgroupdoo.com/aeryon/
Submission: On February 23 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 2 domains to perform 7 HTTP transactions. The main IP is 31.220.4.139, located in Amsterdam, Netherlands and belongs to HOSTHATCH - HostHatch, Inc, US. The main domain is vectorgroupdoo.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 26th 2017. Valid for: 3 months.
This is the only time vectorgroupdoo.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online) Excel / PDF download (Online)

Domain & IP information

IP Address AS Autonomous System
1 4 31.220.4.139 63473 (HOSTHATCH)
2 204.141.99.67 2914 (NTT-COMMU...)
2 117.121.250.12 22822 (LLNW)
7 3
Apex Domain
Subdomains		 Transfer
4 smartsheet.com
app.smartsheet.com
s.smartsheet.com
92 KB
4 vectorgroupdoo.com
vectorgroupdoo.com
131 KB
7 2
Domain Requested by
4 vectorgroupdoo.com 1 redirects vectorgroupdoo.com
2 s.smartsheet.com vectorgroupdoo.com
2 app.smartsheet.com vectorgroupdoo.com
7 3

This site contains no links.

Subject Issuer Validity Valid
vectorgroupdoo.com
cPanel, Inc. Certification Authority		 2017-11-26 -
2018-02-24		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://vectorgroupdoo.com/aeryon/
Frame ID: (9FEE4DEB1D2C777127B2ED1ABFDCC092)
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://vectorgroupdoo.com/aeryon HTTP 301
    https://vectorgroupdoo.com/aeryon/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

7
Requests

43 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

3
Countries

223 kB
Transfer

477 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://vectorgroupdoo.com/aeryon HTTP 301
    https://vectorgroupdoo.com/aeryon/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
vectorgroupdoo.com/aeryon/
Redirect Chain
  • https://vectorgroupdoo.com/aeryon
  • https://vectorgroupdoo.com/aeryon/
11 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vectorgroupdoo.com/aeryon/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
31.220.4.139 Amsterdam, Netherlands, ASN63473 (HOSTHATCH - HostHatch, Inc, US),
Reverse DNS
mail.3fd.me
Software
nginx /
Resource Hash
bd922bd69d779feef96ed74fc3e13c495819263f63962b393d75388e9f5f1cd2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Connection
keep-alive
Accept-Encoding
gzip, deflate
Host
vectorgroupdoo.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 23 Feb 2018 19:52:18 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
Vary
Accept-Encoding Accept-Encoding,User-Agent
X-Nginx-Cache-Status
EXPIRED
Transfer-Encoding
chunked
X-Server-Powered-By
Engintron
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
X-XSS-Protection
1; mode=block

Redirect headers

Date
Fri, 23 Feb 2018 19:52:18 GMT
X-Content-Type-Options
nosniff
Server
nginx
X-Nginx-Cache-Status
MISS
Location
https://vectorgroupdoo.com/aeryon/
X-Server-Powered-By
Engintron
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
242
X-XSS-Protection
1; mode=block
login.2x_59.2.3.css
vectorgroupdoo.com/aeryon/ 		10 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://vectorgroupdoo.com/aeryon/login.2x_59.2.3.css
Requested by
Host: vectorgroupdoo.com
URL: https://vectorgroupdoo.com/aeryon/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
31.220.4.139 Amsterdam, Netherlands, ASN63473 (HOSTHATCH - HostHatch, Inc, US),
Reverse DNS
mail.3fd.me
Software
nginx /
Resource Hash
fbbb7bda18ada7a941d79335b49119595dc41d737fcd06a130c60283d5e16ee2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
vectorgroupdoo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://vectorgroupdoo.com/aeryon/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://vectorgroupdoo.com/aeryon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Pragma
public
Date
Fri, 23 Feb 2018 19:52:18 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 08 Feb 2018 05:05:28 GMT
Server
nginx
Vary
Accept-Encoding
X-Nginx-Cache-Status
REVALIDATED
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
X-Server-Powered-By
Engintron
Connection
keep-alive
Content-Type
text/css
X-XSS-Protection
1; mode=block
Expires
Sun, 25 Mar 2018 19:52:18 GMT
1_59.2.3.js
app.smartsheet.com/b/javascript/ 		235 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.smartsheet.com/b/javascript/1_59.2.3.js
Requested by
Host: vectorgroupdoo.com
URL: https://vectorgroupdoo.com/aeryon/
Protocol
HTTP/1.1
Server
204.141.99.67 Englewood, United States, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US),
Reverse DNS
Software
Apache/2.2.15 (CentOS) /
Resource Hash
55b0b36451145bef2b6057fd6abec53ad2c8836e8535e5d36b72ba45aafd2ff8

Request headers

Referer
https://vectorgroupdoo.com/aeryon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 23 Feb 2018 19:52:18 GMT
Content-Encoding
gzip
Last-Modified
Wed, 21 Feb 2018 21:06:11 GMT
Server
Apache/2.2.15 (CentOS)
ETag
"3bd1f5-3aae1-565bf4bf416c0"
Vary
Accept-Encoding
Content-Type
text/javascript
Access-Control-Allow-Origin
https://appsmartsheet.com
Cache-Control
max-age=7776000, public
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=30
Expires
Thu, 24 May 2018 19:52:18 GMT
LG_59.2.3.js
app.smartsheet.com/b/javascript/ 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.smartsheet.com/b/javascript/LG_59.2.3.js
Requested by
Host: vectorgroupdoo.com
URL: https://vectorgroupdoo.com/aeryon/
Protocol
HTTP/1.1
Server
204.141.99.67 Englewood, United States, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US),
Reverse DNS
Software
Apache/2.2.15 (CentOS) /
Resource Hash
81dc7a1aa67f1fcfa4c2a82220cfb1dd17b0b709d1e993f8f30cb1ee667398d0

Request headers

Referer
https://vectorgroupdoo.com/aeryon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 23 Feb 2018 19:52:18 GMT
Content-Encoding
gzip
Last-Modified
Wed, 21 Feb 2018 21:06:21 GMT
Server
Apache/2.2.15 (CentOS)
ETag
"2b4271-17696-565bf4c8cad40"
Vary
Accept-Encoding
Content-Type
text/javascript
Access-Control-Allow-Origin
https://appsmartsheet.com
Cache-Control
max-age=7776000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=30
Content-Length
33604
Expires
Thu, 24 May 2018 19:52:18 GMT
img_login_google2.2x.png
s.smartsheet.com/b/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.smartsheet.com/b/images/img_login_google2.2x.png
Requested by
Host: vectorgroupdoo.com
URL: https://vectorgroupdoo.com/aeryon/
Protocol
HTTP/1.1
Server
117.121.250.12 , Australia, ASN22822 (LLNW - Limelight Networks, Inc., US),
Reverse DNS
https-117-121-250-12.sin.llnw.net
Software
Apache/2.2.15 (CentOS) /
Resource Hash
174b1cf225e5d72596d3d4b62880b4950c7a0bad706ada28b797e8a706cce0da

Request headers

Referer
https://vectorgroupdoo.com/aeryon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 23 Feb 2018 19:52:19 GMT
Content-Encoding
gzip
Last-Modified
Tue, 19 Dec 2017 21:48:51 GMT
Server
Apache/2.2.15 (CentOS)
Age
5673983
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=7776000, public
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3746
Expires
Tue, 20 Mar 2018 03:45:56 GMT
img_login_microsoft2.2x.png
s.smartsheet.com/b/images/ 		455 B
666 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.smartsheet.com/b/images/img_login_microsoft2.2x.png
Requested by
Host: vectorgroupdoo.com
URL: https://vectorgroupdoo.com/aeryon/
Protocol
HTTP/1.1
Server
117.121.250.12 , Australia, ASN22822 (LLNW - Limelight Networks, Inc., US),
Reverse DNS
https-117-121-250-12.sin.llnw.net
Software
Apache/2.2.15 (CentOS) /
Resource Hash
9864fdf995368063ea9a55fb0f6baa42cfb677c33d704f959459b0848dbda8b3

Request headers

Referer
https://vectorgroupdoo.com/aeryon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 23 Feb 2018 19:52:19 GMT
Content-Encoding
gzip
Last-Modified
Wed, 31 Jan 2018 23:56:44 GMT
Server
Apache/2.2.15 (CentOS)
Age
1890086
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=7776000, public
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
299
Expires
Wed, 02 May 2018 22:50:53 GMT
background.png
vectorgroupdoo.com/aeryon/ 		124 KB
125 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://vectorgroupdoo.com/aeryon/background.png
Requested by
Host: vectorgroupdoo.com
URL: https://vectorgroupdoo.com/aeryon/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
31.220.4.139 Amsterdam, Netherlands, ASN63473 (HOSTHATCH - HostHatch, Inc, US),
Reverse DNS
mail.3fd.me
Software
nginx /
Resource Hash
c19c6bf692e65d94046ad86cf85f227ea8c6d6f54817d1022ee298fb5d7ba2a4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
vectorgroupdoo.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://vectorgroupdoo.com/aeryon/login.2x_59.2.3.css
Connection
keep-alive
Cache-Control
no-cache
Referer
https://vectorgroupdoo.com/aeryon/login.2x_59.2.3.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Pragma
public
Date
Fri, 23 Feb 2018 19:52:19 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 08 Feb 2018 04:54:58 GMT
Server
nginx
X-Nginx-Cache-Status
REVALIDATED
Cache-Control
max-age=5184000
X-Server-Powered-By
Engintron
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
127106
X-XSS-Protection
1; mode=block
Expires
Tue, 24 Apr 2018 19:52:19 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online) Excel / PDF download (Online)

232 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ZQ function| ACL function| EFH object| MI boolean| CTD boolean| DMD boolean| FHB boolean| HBU boolean| YXZ function| ACS number| SND number| ATNS object| BU object| BHNC undefined| ENP undefined| NKX function| NIG function| BQHB function| AWOH function| BKFT function| BCSX function| BPSP function| BKPQ function| BPUV function| BBXQ function| BWAM function| LEB function| BRG function| SRB function| AVGG function| removeNode function| BKPT function| EVS function| toHtml function| BXDG function| ALUK function| NPW function| QGW function| ETM function| HFJ function| FGH function| BDZK function| KML function| BIOM function| EM function| AYX function| QRC function| HNN function| AUJ function| DIA function| HNO function| ACZG function| YQR function| YQP function| YQQ function| ASOU function| ASOS function| ASOT function| DEZ function| JW function| DHZ function| ACZD function| ASS function| AGH function| HBF function| BEQX function| VFT function| ASNZ function| SSR function| YPP function| YPQ function| YPR function| ASPP function| OTO function| AJBB function| AJBD function| AJBC function| IBK function| YPY function| KYB function| EZJ function| AJBH function| BDTD function| ASBL function| AUUM function| EUH function| BHYY function| BHYT function| trim function| IYG function| BXEP function| normalize function| ACDW function| PDG function| AUUS function| YZJ function| GIC function| YKO function| APVK function| XBP function| ANP function| EMX function| ARUA function| BHG function| DYT function| DQE function| TXH function| AXDW function| ETS function| ZCN function| HL function| BCBE function| AVPE function| KYP function| AMAX function| LVE function| AQQE function| BKCP function| AFU function| JIK function| YIM function| AMJE function| AJNQ function| AMBU function| EN function| YYC function| BWQA function| QG function| KUW function| XRH function| AVX function| AHMT function| ACSP function| NLC function| BESR function| BJXW function| BFOZ function| VJT function| ATET function| ACSO function| BKCL function| CFL function| ABM function| ACUJ function| MBK function| EGN function| UMY function| LSN function| AFW function| AQPJ function| GC function| IWQ function| JR function| NSL function| BQMR function| QUR function| YZG function| ALYV function| ARN function| isArray function| ISH function| VKK function| NMC function| BTZ function| BDDS function| GDH function| ARDN function| PMJ function| BGD function| QDR function| BIBR function| ALQG function| BCHT function| isEqual function| BQEW function| ABIP function| BYE function| RCM function| BCDN function| BFQO function| loadScript function| ADBB function| SQX function| ALVC function| VEK function| HVA function| Iterator function| GVK function| GHL function| ZTS function| contains function| IYS object| JI object| VW function| BOS function| GVS function| DKA function| EWW undefined| BK function| BMQD function| AOLS function| BMQF function| BMQE function| AZT function| AXUU function| RSO function| OBK function| EKP function| BWAQ function| ALHE function| BFMS function| BPIB function| WYA object| BFHE function| CEW function| delayedLinkWithFunction function| logExternalGTMEvent object| AZW object| AVC function| addPlaceholderSupport function| addPlaceholderElements function| placeholderKeyupHandler function| $ function| jQuery function| showTooltips function| hideTooltips function| loadLoginBody function| downloadApp function| loggedFailures object| frame number| end object| test

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block