www.customwriting.us
Open in
urlscan Pro
107.180.41.13
Malicious Activity!
Public Scan
Submission: On July 26 via manual from AP
Summary
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on October 13th 2016. Valid for: 3 years.
This is the only time www.customwriting.us was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Rackspace (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 107.180.41.13 107.180.41.13 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
12 | 2 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-107-180-41-13.ip.secureserver.net
www.customwriting.us |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
customwriting.us
www.customwriting.us |
78 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
12 | 2 |
Domain | Requested by | |
---|---|---|
7 | www.customwriting.us |
www.customwriting.us
|
0 | fdcgdnkidjaadafnichfpabhfomcebme Failed |
www.customwriting.us
|
12 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.rackspace.com |
apps.rackspace.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.customwriting.us COMODO RSA Domain Validation Secure Server CA |
2016-10-13 - 2020-01-11 |
3 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.customwriting.us/orders/portal/
Frame ID: EE1628298973EF5CE27CF0759D743F11
Requests: 12 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Hosted by Rackspace
Search URL Search Domain Scan URL
Title: Privacy Statement
Search URL Search Domain Scan URL
Title: Website Terms
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.customwriting.us/orders/portal/ |
16 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
www.customwriting.us/ajax.googleapis.com/ajax/libs/jquery/1.10.2/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login329e.js
www.customwriting.us/apps.rackspace.com/a/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
www.customwriting.us/orders/portal/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
plus.png
www.customwriting.us/orders/portal/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
webrtc-patch.js
fdcgdnkidjaadafnichfpabhfomcebme/scripts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
webrtc-patch.js
fdcgdnkidjaadafnichfpabhfomcebme/scripts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
webrtc-patch.js
fdcgdnkidjaadafnichfpabhfomcebme/scripts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
webrtc-patch.js
fdcgdnkidjaadafnichfpabhfomcebme/scripts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
webrtc-patch.js
fdcgdnkidjaadafnichfpabhfomcebme/scripts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
plus-anytime_anywhere-190x294.png
www.customwriting.us/orders/portal/ |
31 KB 31 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_20141002.png
www.customwriting.us/orders/portal/ |
31 KB 31 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- fdcgdnkidjaadafnichfpabhfomcebme
- URL
- chrome-extension://fdcgdnkidjaadafnichfpabhfomcebme/scripts/webrtc-patch.js
- Domain
- fdcgdnkidjaadafnichfpabhfomcebme
- URL
- chrome-extension://fdcgdnkidjaadafnichfpabhfomcebme/scripts/webrtc-patch.js
- Domain
- fdcgdnkidjaadafnichfpabhfomcebme
- URL
- chrome-extension://fdcgdnkidjaadafnichfpabhfomcebme/scripts/webrtc-patch.js
- Domain
- fdcgdnkidjaadafnichfpabhfomcebme
- URL
- chrome-extension://fdcgdnkidjaadafnichfpabhfomcebme/scripts/webrtc-patch.js
- Domain
- fdcgdnkidjaadafnichfpabhfomcebme
- URL
- chrome-extension://fdcgdnkidjaadafnichfpabhfomcebme/scripts/webrtc-patch.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Rackspace (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| _wm_redirect number| google_conversion_id string| google_conversion_language string| google_conversion_format string| google_conversion_color string| google_conversion_label number| google_conversion_value function| NEplease0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fdcgdnkidjaadafnichfpabhfomcebme
www.customwriting.us
fdcgdnkidjaadafnichfpabhfomcebme
107.180.41.13
4bdf7074f02073fc70d2af76b89a1eaf2c558679c8f4d09a6568da7ee39e849c
57fe59673e7567bea71bc7b97d5a42cd93812dbcc6dc95dc68bef2c6bf6d1d1d
a6470767387139225acff510fd992aff96f9c91d9f60975d194e8ec6cd0462ad
db18ad437ed30b29a15bb4a394df2f29cd5073ccab904b6ed5e2cf870530dc62
f167dfd881b45166119fce39b1fa639e925f80e4e7391e3cbe83f843490b7b19