www.guycoweb.com Open in urlscan Pro
2606:4700:3034::681c:544 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php
Submission Tags: 6549139
Submission: On May 05 via api (May 5th 2020, 10:10:41 pm UTC) from NL

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 2606:4700:3034::681c:544, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.guycoweb.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on December 12th 2019. Valid for: 10 months.

This is the only time www.guycoweb.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

	IP Address	AS Autonomous System
6	2606:4700:303... 2606:4700:3034::681c:544	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2

6 2606:4700:3034::681c:544 (United States)

ASN13335 (CLOUDFLARENET, US)

www.guycoweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	guycoweb.com www.guycoweb.com	413 KB
4	jsdelivr.net cdn.jsdelivr.net	40 KB
10	2

	Domain	Requested by
6	www.guycoweb.com	cdn.jsdelivr.net www.guycoweb.com
4	cdn.jsdelivr.net	www.guycoweb.com
10	2

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-12-12` - `2020-10-09`	10 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php
Frame ID: FEF3B5106C3AC8C7B8D96E2BCEAECFF0
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php Page URL
https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

10
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

454 kB
Transfer

531 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php Page URL
https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 login.php Show response
www.guycoweb.com/wp-admin/js/widgets/order/pdf/ 552 B
714 B 93ms
53ms Document
text/html 2606:4700:3034::681c:544
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::681c:544 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a8a21c7e55d7397e121193f4e1e06584e3c31377292d9a6490e78f4af100227

Request headers

:method: GET
:authority: www.guycoweb.com
:scheme: https
:path: /wp-admin/js/widgets/order/pdf/login.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Tue, 05 May 2020 22:10:22 GMT
content-type: text/html
set-cookie: __cfduid=ded54255eb5ce3cb1f05e71a8391e4e381588716622; expires=Thu, 04-Jun-20 22:10:22 GMT; path=/; domain=.guycoweb.com; HttpOnly; SameSite=Lax c01742ac31fccff0af8be5cff4b30867=a7f57894eed573ae2500b3873c7cc12691bbf61e; Max-Age=14400; Path=/ ae1140df1a5084d861696a091c6ac0a2=6cfde3b39113b2b071fc9f6f01900d1b20354dd0; Max-Age=14400; Path=/
expires: Tue, 05 May 2020 22:10:21 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 58edca8c7b5d2488-FRA
content-encoding: br
cf-request-id: 02887cebce000024886d8fb200000001

GET
H2 200 jquery.min.js Show response
cdn.jsdelivr.net/gh/proginter/some@03a2555/ 94 KB
32 KB 40ms
21ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/proginter/some@03a2555/jquery.min.js

Requested by

Host: www.guycoweb.com
URL: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 22:10:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 20130
x-cache: MISS
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-request-id: 02887cec1c0000bf1469b88200000001
x-served-by: cache-fra19163-FRA
timing-allow-origin: *
server: cloudflare
etag: W/"176f8-N7HbiLV0OPEHKo68dVnJCcnTpoI"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 58edca8cfa97bf14-FRA

GET
H2 200 md5.js Show response
cdn.jsdelivr.net/gh/proginter/some@ecdfb42/ 6 KB
3 KB 34ms
15ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/proginter/some@ecdfb42/md5.js

Requested by

Host: www.guycoweb.com
URL: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df61117d7806f863533acc213c4fdf87a667c109fc708eb4bedb9d35e30adb1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 22:10:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 20131
x-cache: HIT
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-request-id: 02887cec1c0000bf1469b89200000001
x-served-by: cache-fra19156-FRA
timing-allow-origin: *
server: cloudflare
etag: W/"187d-KSEwvOcmeWQCH2rtYeEUu76cxU4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 58edca8cfa9bbf14-FRA

GET
H2 200 enc-base64-min.js Show response
cdn.jsdelivr.net/gh/proginter/some@865099d/ 869 B
662 B 37ms
18ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/proginter/some@865099d/enc-base64-min.js

Requested by

Host: www.guycoweb.com
URL: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12d75addf14c5b37f4ddc288860b07b22451117b584176a44cc5204ed77dc5e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 22:10:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 20131
x-cache: MISS, HIT
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-request-id: 02887cec1c0000bf1469b8a200000001
x-served-by: cache-ams21049-AMS, cache-fra19144-FRA
timing-allow-origin: *
server: cloudflare
etag: W/"365-7O2mhBwNJx+2wwD+EsU+jyVYQe0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 58edca8cfa9dbf14-FRA

GET
H2 200 get.js Show response
cdn.jsdelivr.net/gh/proginter/some@137ca4c/ 15 KB
5 KB 35ms
16ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/proginter/some@137ca4c/get.js

Requested by

Host: www.guycoweb.com
URL: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c44890ce469cbeca3ad70e01db6f93bd516033fb717bf1f9989f2808093b621

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 22:10:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 14346
x-cache: HIT
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-request-id: 02887cec1c0000bf1469b8b200000001
x-served-by: cache-fra19168-FRA
timing-allow-origin: *
server: cloudflare
etag: W/"3dcc-D6+r/vSCFL2iTCsJT/tfHNfUaKE"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 58edca8cfa9ebf14-FRA

GET
H2 200 Primary Request login.php Show response
www.guycoweb.com/wp-admin/js/widgets/order/pdf/ 4 KB
1 KB 52ms
51ms Document
text/html 2606:4700:3034::681c:544
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/proginter/some@137ca4c/get.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::681c:544 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55df8e26dd7a916c7a835a194903916e0dbf6685ca03e1871f5fb45331262ac2

Request headers

:method: GET
:authority: www.guycoweb.com
:scheme: https
:path: /wp-admin/js/widgets/order/pdf/login.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=ded54255eb5ce3cb1f05e71a8391e4e381588716622; c01742ac31fccff0af8be5cff4b30867=a7f57894eed573ae2500b3873c7cc12691bbf61e; ae1140df1a5084d861696a091c6ac0a2=6cfde3b39113b2b071fc9f6f01900d1b20354dd0; fe5fb2a83da611f14224ca59b228aee8=5c4aa20a8f0150e1e790771b9ff02add41fadb15f815739d2507eb1d2a3c25fe
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php

Response headers

status: 200
date: Tue, 05 May 2020 22:10:22 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
x-cache-status: BYPASS
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 58edca8d5d2f2488-FRA
content-encoding: br
cf-request-id: 02887cec57000024886d903200000001

GET
H2 200 acro.jpg
www.guycoweb.com/wp-admin/js/widgets/order/pdf/ 10 KB
11 KB 54ms
53ms Image
image/jpeg 2606:4700:3034::681c:544
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/acro.jpg
Requested by: Host: www.guycoweb.com
URL: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::681c:544 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38c3cb42358f48d84c3eceee6123ad3d0ba816c4d78699bcdf418cd5c530e6f8

Request headers

Referer: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 22:10:23 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 03 May 2020 23:33:16 GMT
server: cloudflare
etag: "5eaf54bc-2996"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 58edca8dbde32488-FRA
content-length: 10646
cf-request-id: 02887cec91000024886d90b200000001

GET
H2 200 pdf.jpg
www.guycoweb.com/wp-admin/js/widgets/order/pdf/ 45 KB
45 KB 55ms
54ms Image
image/jpeg 2606:4700:3034::681c:544
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/pdf.jpg
Requested by: Host: www.guycoweb.com
URL: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::681c:544 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7b45f0e1218926abde3f4542a3de81cd2f014d46cd946dc7f1fdb36cf715f85

Request headers

Referer: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 22:10:23 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 03 May 2020 23:33:16 GMT
server: cloudflare
etag: "5eaf54bc-b3f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 58edca8dbde52488-FRA
content-length: 46065
cf-request-id: 02887cec92000024886d90c200000001

GET
H2 200 downn.jpg
www.guycoweb.com/wp-admin/js/widgets/order/pdf/ 25 KB
25 KB 49ms
48ms Image
image/jpeg 2606:4700:3034::681c:544
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/downn.jpg
Requested by: Host: www.guycoweb.com
URL: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::681c:544 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d48fb3cd525a7262fc275630b1c306ba4c21bd3802a6d5ff9e7b59748d603346

Request headers

Referer: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 22:10:23 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 03 May 2020 23:33:16 GMT
server: cloudflare
etag: "5eaf54bc-645b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 58edca8dbde62488-FRA
content-length: 25691
cf-request-id: 02887cec92000024886d90d200000001

GET
H2 200 pdf-logo.png
www.guycoweb.com/wp-admin/js/widgets/order/pdf/ 330 KB
330 KB 57ms
56ms Image
image/png 2606:4700:3034::681c:544
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/pdf-logo.png
Requested by: Host: www.guycoweb.com
URL: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::681c:544 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 173ccb5de106362df171d127b711be29c5b9d6c9bca6970ed1b13961584f8c3a

Request headers

Referer: https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 22:10:23 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 03 May 2020 23:33:16 GMT
server: cloudflare
etag: "5eaf54bc-52783"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 58edca8dbde72488-FRA
content-length: 337795
cf-request-id: 02887cec92000024886d90e200000001

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.guycoweb.com/	1970-01-19 09:18:51	Name: ae1140df1a5084d861696a091c6ac0a2 Value: 6cfde3b39113b2b071fc9f6f01900d1b20354dd0
www.guycoweb.com/	1970-01-19 09:18:51	Name: c01742ac31fccff0af8be5cff4b30867 Value: a7f57894eed573ae2500b3873c7cc12691bbf61e
www.guycoweb.com/	1970-02-02 18:54:36	Name: fe5fb2a83da611f14224ca59b228aee8 Value: 5c4aa20a8f0150e1e790771b9ff02add41fadb15f815739d2507eb1d2a3c25fe
.guycoweb.com/	1970-01-19 10:01:48	Name: __cfduid Value: ded54255eb5ce3cb1f05e71a8391e4e381588716622

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
www.guycoweb.com
2606:4700:3034::681c:544
2606:4700::6810:5614
12d75addf14c5b37f4ddc288860b07b22451117b584176a44cc5204ed77dc5e8
173ccb5de106362df171d127b711be29c5b9d6c9bca6970ed1b13961584f8c3a
2c44890ce469cbeca3ad70e01db6f93bd516033fb717bf1f9989f2808093b621
38c3cb42358f48d84c3eceee6123ad3d0ba816c4d78699bcdf418cd5c530e6f8
3a8a21c7e55d7397e121193f4e1e06584e3c31377292d9a6490e78f4af100227
55df8e26dd7a916c7a835a194903916e0dbf6685ca03e1871f5fb45331262ac2
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
d48fb3cd525a7262fc275630b1c306ba4c21bd3802a6d5ff9e7b59748d603346
df61117d7806f863533acc213c4fdf87a667c109fc708eb4bedb9d35e30adb1a
e7b45f0e1218926abde3f4542a3de81cd2f014d46cd946dc7f1fdb36cf715f85

www.guycoweb.com Open in urlscan Pro 2606:4700:3034::681c:544 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

454 kBTransfer

531 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

4 Cookies

Indicators

www.guycoweb.com Open in urlscan Pro
2606:4700:3034::681c:544 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

454 kB
Transfer

531 kB
Size

4
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!