packshot499.com Open in urlscan Pro
64.90.178.5 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://lowndesarms.com/0
Effective URL:
https://packshot499.com/.outlook/webnet.php?code=2018900
Submission: On May 08 via manual (May 8th 2019, 9:13:01 pm UTC) from US

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 18 HTTP transactions. The main IP is 64.90.178.5, located in Sunnyside, United States and belongs to NYINTERNET - NYI, US. The main domain is packshot499.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 7th 2019. Valid for: 3 months.

This is the only time packshot499.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook (Online)

Domain & IP information

	IP Address		AS Autonomous System
1 19	64.90.178.5 64.90.178.5		11403 (NYINTERNET) (NYINTERNET - NYI)
18	1

19 64.90.178.5 (Sunnyside, United States) 1 redirects

ASN11403 (NYINTERNET - NYI, US)
PTR: mapfig21.acuciva.com

lowndesarms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
packshot499.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	packshot499.com packshot499.com	68 KB
2	lowndesarms.com 1 redirects lowndesarms.com	893 B
18	2

	Domain	Requested by
17	packshot499.com	packshot499.com
2	lowndesarms.com	1 redirects
18	2

This site contains no links.

Subject Issuer	Validity	Valid
lowndesarms.com cPanel, Inc. Certification Authority	`2019-05-07` - `2019-08-05`	3 months	crt.sh
packshot499.com cPanel, Inc. Certification Authority	`2019-05-07` - `2019-08-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://packshot499.com/.outlook/webnet.php?code=2018900
Frame ID: 510CBD24F77F072A66D2D5A0C87F63B1
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://lowndesarms.com/0 HTTP 301
https://lowndesarms.com/0/ Page URL
https://packshot499.com/.outlook/webnet.php?code=2018900 Page URL

Detected technologies

Python (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:^|\s)Python(?:\/([\d.]+))?/i
headers server /mod_wsgi(?:\/([\d.]+))?/i

Ruby (Programming Languages) Expand

Overall confidence: 50%
Detected patterns

headers server /(?:mod_rails|mod_rack|Phusion(?:\.|_)Passenger)/i

Perl (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /mod_perl(?:\/([\d\.]+))?/i

UNIX (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Unix/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 50%
Detected patterns

headers server /(?:mod_rails|mod_rack|Phusion(?:\.|_)Passenger)/i

mod_perl (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /mod_perl(?:\/([\d\.]+))?/i

mod_ssl (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /mod_ssl(?:\/([\d.]+))?/i

mod_wsgi (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /mod_wsgi(?:\/([\d.]+))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
headers server /mod_perl(?:\/([\d\.]+))?/i
headers server /mod_ssl(?:\/([\d.]+))?/i
headers server /mod_wsgi(?:\/([\d.]+))?/i

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

69 kB
Transfer

65 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://lowndesarms.com/0 HTTP 301
https://lowndesarms.com/0/ Page URL
https://packshot499.com/.outlook/webnet.php?code=2018900 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://lowndesarms.com/0 HTTP 301
https://lowndesarms.com/0/

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response lowndesarms.com/0/ Redirect Chain https://lowndesarms.com/0 https://lowndesarms.com/0/	137 B 500 B	149ms 148ms	Document text/html	64.90.178.5 NYI
General Check archive.org Show headers Download Go to Full URL https://lowndesarms.com/0/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.90.178.5 Sunnyside, United States, ASN11403 (NYINTERNET - NYI, US), Reverse DNS mapfig21.acuciva.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 / PHP/5.4.45 Resource Hash `82cce19e92667e4c8d31edc9240d4a50affeff24b2e23188a70e01be9d85cc06` Request headers Host lowndesarms.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 08 May 2019 21:12:45 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 X-Powered-By PHP/5.4.45 Keep-Alive timeout=5, max=99 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html Redirect headers Date Wed, 08 May 2019 21:12:45 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 Location https://lowndesarms.com/0/ Content-Length 446 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	Primary Request webnet.php Show response packshot499.com/.outlook/	7 KB 8 KB	451ms 118ms	Document text/html	64.90.178.5 NYI
General Check archive.org Show headers Download Go to Full URL https://packshot499.com/.outlook/webnet.php?code=2018900 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.90.178.5 Sunnyside, United States, ASN11403 (NYINTERNET - NYI, US), Reverse DNS mapfig21.acuciva.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 / PHP/5.4.45 Resource Hash `9f955bc697647ed9934566809a0c7cfc2888e5878749f0b947c56709993a4676` Request headers Host packshot499.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Referer https://lowndesarms.com/0/ Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://lowndesarms.com/0/ Response headers Date Wed, 08 May 2019 21:12:46 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 X-Powered-By PHP/5.4.45 Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html
GET H/1.1	200 OK	style.css packshot499.com/.outlook/sys_files/	12 KB 13 KB	95ms 92ms	Stylesheet text/css	64.90.178.5 NYI
General Check archive.org Show headers Download Go to Full URL https://packshot499.com/.outlook/sys_files/style.css Requested by Host: packshot499.com URL: https://packshot499.com/.outlook/webnet.php?code=2018900 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.90.178.5 Sunnyside, United States, ASN11403 (NYINTERNET - NYI, US), Reverse DNS mapfig21.acuciva.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 / Resource Hash `357ad57ec2e6b786911147ce90a41f174113788ccab1344363af5e9d8bdd220f` Request headers Referer https://packshot499.com/.outlook/webnet.php?code=2018900 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 08 May 2019 21:12:46 GMT Last-Modified Wed, 30 Jan 2019 22:21:02 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 ETag "341a6d-3079-580b45334ef80" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 12409
GET H/1.1	200 OK	vipbox.css packshot499.com/.outlook/sys_files/	7 KB 7 KB	282ms 94ms	Stylesheet text/css	64.90.178.5 NYI
General Check archive.org Show headers Download Go to Full URL https://packshot499.com/.outlook/sys_files/vipbox.css Requested by Host: packshot499.com URL: https://packshot499.com/.outlook/webnet.php?code=2018900 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.90.178.5 Sunnyside, United States, ASN11403 (NYINTERNET - NYI, US), Reverse DNS mapfig21.acuciva.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 / Resource Hash `39844e2223b2d66d42606411851e196e945636b50d6733cfff841562504811b9` Request headers Referer https://packshot499.com/.outlook/webnet.php?code=2018900 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 08 May 2019 21:12:46 GMT Last-Modified Wed, 30 Jan 2019 12:25:40 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 ETag "341a6e-1bab-580ac02027900" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 7083
GET H/1.1	200 OK	vipbox2.css packshot499.com/.outlook/sys_files/	16 KB 16 KB	328ms 90ms	Stylesheet text/css	64.90.178.5 NYI
General Check archive.org Show headers Download Go to Full URL https://packshot499.com/.outlook/sys_files/vipbox2.css Requested by Host: packshot499.com URL: https://packshot499.com/.outlook/webnet.php?code=2018900 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.90.178.5 Sunnyside, United States, ASN11403 (NYINTERNET - NYI, US), Reverse DNS mapfig21.acuciva.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 / Resource Hash `2c81d1cc107ecb0f6cc3dd552db0d89ebf1316093f1a10f240448f1353528d40` Request headers Referer https://packshot499.com/.outlook/webnet.php?code=2018900 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 08 May 2019 21:12:46 GMT Last-Modified Wed, 30 Jan 2019 22:15:22 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 ETag "341a70-3e56-580b43ef0f280" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 15958
GET H/1.1	200 OK	vip_loader.gif packshot499.com/.outlook/sys_files/	11 KB 11 KB	328ms 90ms	Image image/gif	64.90.178.5 NYI
General Check archive.org Show headers Download Go to Show image Full URL https://packshot499.com/.outlook/sys_files/vip_loader.gif Requested by Host: packshot499.com URL: https://packshot499.com/.outlook/webnet.php?code=2018900 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.90.178.5 Sunnyside, United States, ASN11403 (NYINTERNET - NYI, US), Reverse DNS mapfig21.acuciva.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 / Resource Hash `c25d862edf05673682a5b35125f0524fbe869e3483388ffb0cd2874e4111e710` Request headers Referer https://packshot499.com/.outlook/webnet.php?code=2018900 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 08 May 2019 21:12:46 GMT Last-Modified Wed, 30 Jan 2019 08:28:16 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 ETag "341a78-2a43-580a8b1004800" Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 10819
GET H/1.1	200 OK	obg.png packshot499.com/.outlook/sys_files/	8 KB 8 KB	310ms 91ms	Image image/png	64.90.178.5 NYI
General Check archive.org Show headers Download Go to Show image Full URL https://packshot499.com/.outlook/sys_files/obg.png Requested by Host: packshot499.com URL: https://packshot499.com/.outlook/webnet.php?code=2018900 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.90.178.5 Sunnyside, United States, ASN11403 (NYINTERNET - NYI, US), Reverse DNS mapfig21.acuciva.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 / Resource Hash `04536a7050299e4c85228efea665154c36cd7e5b4e7c5a15cadd1c568b5bdbd7` Request headers Referer https://packshot499.com/.outlook/webnet.php?code=2018900 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 08 May 2019 21:12:46 GMT Last-Modified Mon, 04 Feb 2019 09:51:36 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 ETag "341a6b-1ec1-5810e703b1a00" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 7873
GET H/1.1	200 OK	o.png packshot499.com/.outlook/sys_files/	3 KB 4 KB	320ms 93ms	Image image/png	64.90.178.5 NYI
General Check archive.org Show headers Download Go to Show image Full URL https://packshot499.com/.outlook/sys_files/o.png Requested by Host: packshot499.com URL: https://packshot499.com/.outlook/webnet.php?code=2018900 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.90.178.5 Sunnyside, United States, ASN11403 (NYINTERNET - NYI, US), Reverse DNS mapfig21.acuciva.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 / Resource Hash `723e6c54cc2dbefd9721adc01e58f839f678ff66f26e15efe72fc5a27b0b2c4c` Request headers Referer https://packshot499.com/.outlook/webnet.php?code=2018900 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 08 May 2019 21:12:46 GMT Last-Modified Wed, 30 Jan 2019 11:32:22 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 ETag "341a6a-d53-580ab4364dd80" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3411
GET H/1.1	404 Not Found	close-icon.png packshot499.com/.outlook/images/	559 B 559 B	92ms 91ms	Image text/html	64.90.178.5 NYI
General Check archive.org Show headers Download Go to Show image Full URL https://packshot499.com/.outlook/images/close-icon.png Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.90.178.5 Sunnyside, United States, ASN11403 (NYINTERNET - NYI, US), Reverse DNS mapfig21.acuciva.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 / Resource Hash `f38518a87128bb91c0e6c0f8765b12cf6bdea4604190dd7fcdd2a6d018eeafd9` Request headers Referer https://packshot499.com/.outlook/sys_files/vipbox2.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 08 May 2019 21:12:46 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 559 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	error-icon-medium.png packshot499.com/.outlook/images/	566 B 566 B	95ms 93ms	Image text/html	64.90.178.5 NYI
General Check archive.org Show headers Download Go to Show image Full URL https://packshot499.com/.outlook/images/error-icon-medium.png Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.90.178.5 Sunnyside, United States, ASN11403 (NYINTERNET - NYI, US), Reverse DNS mapfig21.acuciva.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 / Resource Hash `e5428d78f6c165834712d52f6723fb3b81aa2250f368109437528ed0441447da` Request headers Referer https://packshot499.com/.outlook/sys_files/vipbox2.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 08 May 2019 21:12:46 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 566 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	NotoSans-Light.woff2 packshot499.com/.outlook/fonts/	0 0	94ms 94ms	Font text/html	64.90.178.5 NYI
General Check archive.org Show headers Download Go to Full URL https://packshot499.com/.outlook/fonts/NotoSans-Light.woff2 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.90.178.5 Sunnyside, United States, ASN11403 (NYINTERNET - NYI, US), Reverse DNS mapfig21.acuciva.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://packshot499.com/.outlook/sys_files/vipbox2.css Origin https://packshot499.com Response headers Date Wed, 08 May 2019 21:12:46 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 564 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	symantec-logo-powerby.png packshot499.com/.outlook/images/	570 B 570 B	92ms 91ms	Image text/html	64.90.178.5 NYI
General Check archive.org Show headers Download Go to Show image Full URL https://packshot499.com/.outlook/images/symantec-logo-powerby.png Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.90.178.5 Sunnyside, United States, ASN11403 (NYINTERNET - NYI, US), Reverse DNS mapfig21.acuciva.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 / Resource Hash `81769ad7cf332fe7e2dec62fe9a3524eaa2e40aa9e2ef018550a049703e14a11` Request headers Referer https://packshot499.com/.outlook/sys_files/vipbox2.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 08 May 2019 21:12:46 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 570 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	Graphik-Medium-Web.woff2 packshot499.com/static/ls/css/font/	0 0	95ms 94ms	Font text/html	64.90.178.5 NYI
General Check archive.org Show headers Download Go to Full URL https://packshot499.com/static/ls/css/font/Graphik-Medium-Web.woff2 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.90.178.5 Sunnyside, United States, ASN11403 (NYINTERNET - NYI, US), Reverse DNS mapfig21.acuciva.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://packshot499.com/.outlook/sys_files/style.css Origin https://packshot499.com Response headers Date Wed, 08 May 2019 21:12:46 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 Connection Keep-Alive Keep-Alive timeout=5, max=97 Content-Length 572 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	Graphik-Regular-Web.woff2 packshot499.com/static/ls/css/font/	0 0	95ms 94ms	Font text/html	64.90.178.5 NYI
General Check archive.org Show headers Download Go to Full URL https://packshot499.com/static/ls/css/font/Graphik-Regular-Web.woff2 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.90.178.5 Sunnyside, United States, ASN11403 (NYINTERNET - NYI, US), Reverse DNS mapfig21.acuciva.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://packshot499.com/.outlook/sys_files/style.css Origin https://packshot499.com Response headers Date Wed, 08 May 2019 21:12:46 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 573 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	NotoSans-Light.woff packshot499.com/.outlook/fonts/	0 0	97ms 93ms	Font text/html	64.90.178.5 NYI
General Check archive.org Show headers Download Go to Full URL https://packshot499.com/.outlook/fonts/NotoSans-Light.woff Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.90.178.5 Sunnyside, United States, ASN11403 (NYINTERNET - NYI, US), Reverse DNS mapfig21.acuciva.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://packshot499.com/.outlook/sys_files/vipbox2.css Origin https://packshot499.com Response headers Date Wed, 08 May 2019 21:12:47 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 563 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	Graphik-Medium-Web.woff packshot499.com/static/ls/css/font/	0 0	94ms 93ms	Font text/html	64.90.178.5 NYI
General Check archive.org Show headers Download Go to Full URL https://packshot499.com/static/ls/css/font/Graphik-Medium-Web.woff Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.90.178.5 Sunnyside, United States, ASN11403 (NYINTERNET - NYI, US), Reverse DNS mapfig21.acuciva.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://packshot499.com/.outlook/sys_files/style.css Origin https://packshot499.com Response headers Date Wed, 08 May 2019 21:12:47 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 Connection Keep-Alive Keep-Alive timeout=5, max=96 Content-Length 571 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	Graphik-Regular-Web.woff packshot499.com/static/ls/css/font/	0 0	94ms 90ms	Font text/html	64.90.178.5 NYI
General Check archive.org Show headers Download Go to Full URL https://packshot499.com/static/ls/css/font/Graphik-Regular-Web.woff Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.90.178.5 Sunnyside, United States, ASN11403 (NYINTERNET - NYI, US), Reverse DNS mapfig21.acuciva.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://packshot499.com/.outlook/sys_files/style.css Origin https://packshot499.com Response headers Date Wed, 08 May 2019 21:12:47 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 572 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	NotoSans-Light.ttf packshot499.com/.outlook/fonts/	0 0	95ms 89ms	Font text/html	64.90.178.5 NYI
General Check archive.org Show headers Download Go to Full URL https://packshot499.com/.outlook/fonts/NotoSans-Light.ttf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 64.90.178.5 Sunnyside, United States, ASN11403 (NYINTERNET - NYI, US), Reverse DNS mapfig21.acuciva.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://packshot499.com/.outlook/sys_files/vipbox2.css Origin https://packshot499.com Response headers Date Wed, 08 May 2019 21:12:47 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Phusion_Passenger/5.0.25 mod_wsgi/3.3 Python/2.6.6 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 Connection Keep-Alive Keep-Alive timeout=5, max=97 Content-Length 562 Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lowndesarms.com
packshot499.com
64.90.178.5
04536a7050299e4c85228efea665154c36cd7e5b4e7c5a15cadd1c568b5bdbd7
2c81d1cc107ecb0f6cc3dd552db0d89ebf1316093f1a10f240448f1353528d40
357ad57ec2e6b786911147ce90a41f174113788ccab1344363af5e9d8bdd220f
39844e2223b2d66d42606411851e196e945636b50d6733cfff841562504811b9
723e6c54cc2dbefd9721adc01e58f839f678ff66f26e15efe72fc5a27b0b2c4c
81769ad7cf332fe7e2dec62fe9a3524eaa2e40aa9e2ef018550a049703e14a11
82cce19e92667e4c8d31edc9240d4a50affeff24b2e23188a70e01be9d85cc06
9f955bc697647ed9934566809a0c7cfc2888e5878749f0b947c56709993a4676
c25d862edf05673682a5b35125f0524fbe869e3483388ffb0cd2874e4111e710
e5428d78f6c165834712d52f6723fb3b81aa2250f368109437528ed0441447da
f38518a87128bb91c0e6c0f8765b12cf6bdea4604190dd7fcdd2a6d018eeafd9

packshot499.com Open in urlscan Pro 64.90.178.5 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

1 Countries

69 kBTransfer

65 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

packshot499.com Open in urlscan Pro
64.90.178.5 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

69 kB
Transfer

65 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!