www.guycoweb.com
Open in
urlscan Pro
2606:4700:3034::681c:544
Malicious Activity!
Public Scan
Submission Tags: 6549139
Submission: On May 05 via api from NL
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on December 12th 2019. Valid for: 10 months.
This is the only time www.guycoweb.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Excel / PDF download (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 2606:4700:303... 2606:4700:3034::681c:544 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2606:4700::68... 2606:4700::6810:5614 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
guycoweb.com
www.guycoweb.com |
413 KB |
4 |
jsdelivr.net
cdn.jsdelivr.net |
40 KB |
10 | 2 |
Domain | Requested by | |
---|---|---|
6 | www.guycoweb.com |
cdn.jsdelivr.net
www.guycoweb.com |
4 | cdn.jsdelivr.net |
www.guycoweb.com
|
10 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-12-12 - 2020-10-09 |
10 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php
Frame ID: FEF3B5106C3AC8C7B8D96E2BCEAECFF0
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php Page URL
- https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php Page URL
- https://www.guycoweb.com/wp-admin/js/widgets/order/pdf/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
login.php
www.guycoweb.com/wp-admin/js/widgets/order/pdf/ |
552 B 714 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdn.jsdelivr.net/gh/proginter/some@03a2555/ |
94 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
md5.js
cdn.jsdelivr.net/gh/proginter/some@ecdfb42/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
enc-base64-min.js
cdn.jsdelivr.net/gh/proginter/some@865099d/ |
869 B 662 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get.js
cdn.jsdelivr.net/gh/proginter/some@137ca4c/ |
15 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
login.php
www.guycoweb.com/wp-admin/js/widgets/order/pdf/ |
4 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
acro.jpg
www.guycoweb.com/wp-admin/js/widgets/order/pdf/ |
10 KB 11 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pdf.jpg
www.guycoweb.com/wp-admin/js/widgets/order/pdf/ |
45 KB 45 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
downn.jpg
www.guycoweb.com/wp-admin/js/widgets/order/pdf/ |
25 KB 25 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pdf-logo.png
www.guycoweb.com/wp-admin/js/widgets/order/pdf/ |
330 KB 330 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Excel / PDF download (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| validate number| myVar function| myFunction function| showPage4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.guycoweb.com/ | Name: ae1140df1a5084d861696a091c6ac0a2 Value: 6cfde3b39113b2b071fc9f6f01900d1b20354dd0 |
|
www.guycoweb.com/ | Name: c01742ac31fccff0af8be5cff4b30867 Value: a7f57894eed573ae2500b3873c7cc12691bbf61e |
|
www.guycoweb.com/ | Name: fe5fb2a83da611f14224ca59b228aee8 Value: 5c4aa20a8f0150e1e790771b9ff02add41fadb15f815739d2507eb1d2a3c25fe |
|
.guycoweb.com/ | Name: __cfduid Value: ded54255eb5ce3cb1f05e71a8391e4e381588716622 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
www.guycoweb.com
2606:4700:3034::681c:544
2606:4700::6810:5614
12d75addf14c5b37f4ddc288860b07b22451117b584176a44cc5204ed77dc5e8
173ccb5de106362df171d127b711be29c5b9d6c9bca6970ed1b13961584f8c3a
2c44890ce469cbeca3ad70e01db6f93bd516033fb717bf1f9989f2808093b621
38c3cb42358f48d84c3eceee6123ad3d0ba816c4d78699bcdf418cd5c530e6f8
3a8a21c7e55d7397e121193f4e1e06584e3c31377292d9a6490e78f4af100227
55df8e26dd7a916c7a835a194903916e0dbf6685ca03e1871f5fb45331262ac2
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
d48fb3cd525a7262fc275630b1c306ba4c21bd3802a6d5ff9e7b59748d603346
df61117d7806f863533acc213c4fdf87a667c109fc708eb4bedb9d35e30adb1a
e7b45f0e1218926abde3f4542a3de81cd2f014d46cd946dc7f1fdb36cf715f85