![](/screenshots/9816382c-64e6-44ca-8f5c-6c0f7d782483.png)
pec-india.com
Open in
urlscan Pro
94.23.202.50
Malicious Activity!
Public Scan
Submission: On March 27 via manual from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 17th 2020. Valid for: 3 months.
This is the only time pec-india.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Excel / PDF download (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 94.23.202.50 94.23.202.50 | 16276 (OVH) (OVH) | |
2 | 185.199.110.153 185.199.110.153 | 54113 (FASTLY) (FASTLY) | |
2 | 2600:9000:215... 2600:9000:2156:b800:19:3e7c:3500:21 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 103.244.8.105 103.244.8.105 | 56308 (TELIN-NET...) (TELIN-NET-SG TELEKOMUNIKASI INDONESIA INTERNATIONAL) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:2b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
3 | 2606:4700::68... 2606:4700::6811:4004 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:303... 2606:4700:3038::681f:cb6 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 8 |
ASN16509 (AMAZON-02, US)
d19m59y37dris4.cloudfront.net |
ASN56308 (TELIN-NET-SG TELEKOMUNIKASI INDONESIA INTERNATIONAL, PTE.LTD, SG)
PTR: diana.nodens.net
scottawoodward.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
cloudflare.com
cdnjs.cloudflare.com |
82 KB |
2 |
cloudfront.net
d19m59y37dris4.cloudfront.net |
83 KB |
2 |
github.io
lipis.github.io |
11 KB |
1 |
githack.com
raw.githack.com |
13 KB |
1 |
jquery.com
code.jquery.com |
24 KB |
1 |
scottawoodward.com
scottawoodward.com |
17 KB |
1 |
pec-india.com
pec-india.com |
248 KB |
11 | 7 |
Domain | Requested by | |
---|---|---|
3 | cdnjs.cloudflare.com |
pec-india.com
|
2 | d19m59y37dris4.cloudfront.net |
pec-india.com
|
2 | lipis.github.io |
pec-india.com
|
1 | raw.githack.com |
pec-india.com
|
1 | code.jquery.com |
pec-india.com
|
1 | scottawoodward.com |
pec-india.com
|
1 | pec-india.com | |
11 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
pec-india.com cPanel, Inc. Certification Authority |
2020-01-17 - 2020-04-16 |
3 months | crt.sh |
www.github.com DigiCert SHA2 High Assurance Server CA |
2018-06-27 - 2020-06-20 |
2 years | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2019-07-17 - 2020-07-05 |
a year | crt.sh |
scottawoodward.com cPanel, Inc. Certification Authority |
2020-02-27 - 2020-05-27 |
3 months | crt.sh |
jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
cloudflare.com CloudFlare Inc ECC CA-2 |
2020-01-07 - 2020-10-09 |
9 months | crt.sh |
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2020-02-13 - 2020-10-09 |
8 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://pec-india.com/COVID19/file/invoice.php
Frame ID: F0E44FAE3D1EC613193AC22218F9BAE7
Requests: 12 HTTP requests in this frame
Screenshot
![](/screenshots/9816382c-64e6-44ca-8f5c-6c0f7d782483.png)
Detected technologies
Detected patterns
- url /\.php(?:$|\?)/i
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
invoice.php
pec-india.com/COVID19/file/ |
248 KB 248 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.css
lipis.github.io/bootstrap-social/assets/css/ |
34 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-social.css
lipis.github.io/bootstrap-social/ |
27 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
d19m59y37dris4.cloudfront.net/universal/2-0-1/vendor/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Adobe.png
scottawoodward.com/wp-content/uploads/2016/01/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.2.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
raw.githack.com/soulbreakerr/atch/master/ |
48 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
socket.io.js
cdnjs.cloudflare.com/ajax/libs/socket.io/1.7.1/ |
207 KB 47 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/ |
85 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
73 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff2
d19m59y37dris4.cloudfront.net/universal/2-0-1/vendor/font-awesome/fonts/ |
75 KB 76 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Excel / PDF download (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| Popper object| bootstrap function| io0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
code.jquery.com
d19m59y37dris4.cloudfront.net
lipis.github.io
pec-india.com
raw.githack.com
scottawoodward.com
103.244.8.105
185.199.110.153
2001:4de0:ac19::1:b:2b
2600:9000:2156:b800:19:3e7c:3500:21
2606:4700:3038::681f:cb6
2606:4700::6811:4004
94.23.202.50
0db96d1cb5aa1f3d20006eb09a40a9bd9980a5a57f95fb2d915acad64c33e70f
0fbade78bbd7df1292d1ac6595dffb1cd06e05b2429cfd553ef5d79974c0b84d
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
34f195f17d62b4789625aa8cb3535024a72d40fc4d88ee1383154688b9bfaa27
6aad6b37faab1c0a254af7a1e665470621426a942fd02a9fae9ef3a4351c9683
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
ae799b5fe65766697dc5b3542adfea5df8290a2eb32c95fbaaa47eeef5ffd596
bfb7362b6a5d508578ebe4f1884a92dba530b76fbe6be8db4a7b771c6aacaccf
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b