packshot499.com
Open in
urlscan Pro
64.90.178.5
Malicious Activity!
Public Scan
Effective URL: https://packshot499.com/.outlook/webnet.php?code=2018900
Submission: On May 08 via manual from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 7th 2019. Valid for: 3 months.
This is the only time packshot499.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 19 | 64.90.178.5 64.90.178.5 | 11403 (NYINTERNET) (NYINTERNET - NYI) | |
18 | 1 |
ASN11403 (NYINTERNET - NYI, US)
PTR: mapfig21.acuciva.com
lowndesarms.com | |
packshot499.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
packshot499.com
packshot499.com |
68 KB |
2 |
lowndesarms.com
1 redirects
lowndesarms.com |
893 B |
18 | 2 |
Domain | Requested by | |
---|---|---|
17 | packshot499.com |
packshot499.com
|
2 | lowndesarms.com | 1 redirects |
18 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
lowndesarms.com cPanel, Inc. Certification Authority |
2019-05-07 - 2019-08-05 |
3 months | crt.sh |
packshot499.com cPanel, Inc. Certification Authority |
2019-05-07 - 2019-08-05 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://packshot499.com/.outlook/webnet.php?code=2018900
Frame ID: 510CBD24F77F072A66D2D5A0C87F63B1
Requests: 18 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://lowndesarms.com/0
HTTP 301
https://lowndesarms.com/0/ Page URL
- https://packshot499.com/.outlook/webnet.php?code=2018900 Page URL
Detected technologies
Python (Programming Languages) ExpandDetected patterns
- headers server /(?:^|\s)Python(?:\/([\d.]+))?/i
- headers server /mod_wsgi(?:\/([\d.]+))?/i
Ruby (Programming Languages) Expand
Detected patterns
- headers server /(?:mod_rails|mod_rack|Phusion(?:\.|_)Passenger)/i
Perl (Programming Languages) Expand
Detected patterns
- headers server /mod_perl(?:\/([\d\.]+))?/i
UNIX (Operating Systems) Expand
Detected patterns
- headers server /Unix/i
OpenSSL (Web Server Extensions) Expand
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Ruby on Rails (Web Frameworks) Expand
Detected patterns
- headers server /(?:mod_rails|mod_rack|Phusion(?:\.|_)Passenger)/i
mod_perl (Web Server Extensions) Expand
Detected patterns
- headers server /mod_perl(?:\/([\d\.]+))?/i
mod_ssl (Web Server Extensions) Expand
Detected patterns
- headers server /mod_ssl(?:\/([\d.]+))?/i
mod_wsgi (Web Server Extensions) Expand
Detected patterns
- headers server /mod_wsgi(?:\/([\d.]+))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
- headers server /mod_perl(?:\/([\d\.]+))?/i
- headers server /mod_ssl(?:\/([\d.]+))?/i
- headers server /mod_wsgi(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://lowndesarms.com/0
HTTP 301
https://lowndesarms.com/0/ Page URL
- https://packshot499.com/.outlook/webnet.php?code=2018900 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://lowndesarms.com/0 HTTP 301
- https://lowndesarms.com/0/
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
lowndesarms.com/0/ Redirect Chain
|
137 B 500 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
webnet.php
packshot499.com/.outlook/ |
7 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
packshot499.com/.outlook/sys_files/ |
12 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vipbox.css
packshot499.com/.outlook/sys_files/ |
7 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vipbox2.css
packshot499.com/.outlook/sys_files/ |
16 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vip_loader.gif
packshot499.com/.outlook/sys_files/ |
11 KB 11 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
obg.png
packshot499.com/.outlook/sys_files/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
o.png
packshot499.com/.outlook/sys_files/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
close-icon.png
packshot499.com/.outlook/images/ |
559 B 559 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
error-icon-medium.png
packshot499.com/.outlook/images/ |
566 B 566 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NotoSans-Light.woff2
packshot499.com/.outlook/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
symantec-logo-powerby.png
packshot499.com/.outlook/images/ |
570 B 570 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Graphik-Medium-Web.woff2
packshot499.com/static/ls/css/font/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Graphik-Regular-Web.woff2
packshot499.com/static/ls/css/font/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NotoSans-Light.woff
packshot499.com/.outlook/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Graphik-Medium-Web.woff
packshot499.com/static/ls/css/font/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Graphik-Regular-Web.woff
packshot499.com/static/ls/css/font/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NotoSans-Light.ttf
packshot499.com/.outlook/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook (Online)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
lowndesarms.com
packshot499.com
64.90.178.5
04536a7050299e4c85228efea665154c36cd7e5b4e7c5a15cadd1c568b5bdbd7
2c81d1cc107ecb0f6cc3dd552db0d89ebf1316093f1a10f240448f1353528d40
357ad57ec2e6b786911147ce90a41f174113788ccab1344363af5e9d8bdd220f
39844e2223b2d66d42606411851e196e945636b50d6733cfff841562504811b9
723e6c54cc2dbefd9721adc01e58f839f678ff66f26e15efe72fc5a27b0b2c4c
81769ad7cf332fe7e2dec62fe9a3524eaa2e40aa9e2ef018550a049703e14a11
82cce19e92667e4c8d31edc9240d4a50affeff24b2e23188a70e01be9d85cc06
9f955bc697647ed9934566809a0c7cfc2888e5878749f0b947c56709993a4676
c25d862edf05673682a5b35125f0524fbe869e3483388ffb0cd2874e4111e710
e5428d78f6c165834712d52f6723fb3b81aa2250f368109437528ed0441447da
f38518a87128bb91c0e6c0f8765b12cf6bdea4604190dd7fcdd2a6d018eeafd9