www.customwriting.us Open in urlscan Pro
107.180.41.13 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.customwriting.us/orders/portal/
Submission: On July 26 via manual (July 26th 2018, 1:12:52 am UTC) from AP

Summary HTTP 12 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 12 HTTP transactions. The main IP is 107.180.41.13, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US. The main domain is www.customwriting.us.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on October 13th 2016. Valid for: 3 years.

This is the only time www.customwriting.us was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Rackspace (Online)

Domain & IP information

	IP Address		AS Autonomous System
7	107.180.41.13 107.180.41.13		26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com)
12	2

7 107.180.41.13 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-107-180-41-13.ip.secureserver.net

www.customwriting.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	customwriting.us www.customwriting.us	78 KB
0	Failed function sub() { [native code] }. Failed
12	2

	Domain	Requested by
7	www.customwriting.us	www.customwriting.us
0	fdcgdnkidjaadafnichfpabhfomcebme Failed	www.customwriting.us
12	2

This site contains links to these domains. Also see Links.

Domain
www.rackspace.com
apps.rackspace.com

Subject Issuer	Validity	Valid
www.customwriting.us COMODO RSA Domain Validation Secure Server CA	`2016-10-13` - `2020-01-11`	3 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.customwriting.us/orders/portal/
Frame ID: EE1628298973EF5CE27CF0759D743F11
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js/i

Page Statistics

12
Requests

58 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

78 kB
Transfer

88 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.rackspace.com/apps/
Title:

Search URL Search Domain Scan URL

URL: https://apps.rackspace.com/rackspace-email-plus?utm_source=webmail-login-ib&utm_medium=display&utm_campaign=rse-plus-growth-ib-13&utm_content=190x294-cloud-drive-affordability
Title:

Search URL Search Domain Scan URL

URL: https://www.rackspace.com/apps/email_hosting/rackspace_email
Title: Hosted by Rackspace

Search URL Search Domain Scan URL

URL: http://www.rackspace.com/information/legal/privacystatement
Title: Privacy Statement

Search URL Search Domain Scan URL

URL: http://www.rackspace.com/information/legal/websiteterms
Title: Website Terms

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response www.customwriting.us/orders/portal/	16 KB 5 KB	499ms 304ms	Document text/html	107.180.41.13 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL https://www.customwriting.us/orders/portal/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.41.13 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-107-180-41-13.ip.secureserver.net Software Apache / PHP/7.1.18 Resource Hash `a6470767387139225acff510fd992aff96f9c91d9f60975d194e8ec6cd0462ad` Request headers Host www.customwriting.us Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id EE1628298973EF5CE27CF0759D743F11 Response headers Date Thu, 26 Jul 2018 01:12:37 GMT Server Apache X-Powered-By PHP/7.1.18 Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 4406 Keep-Alive timeout=5 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	404 Not Found	jquery.min.js www.customwriting.us/ajax.googleapis.com/ajax/libs/jquery/1.10.2/	0 0	1948ms 1948ms	Script text/html	107.180.41.13 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL https://www.customwriting.us/ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js Requested by Host: www.customwriting.us URL: https://www.customwriting.us/orders/portal/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.41.13 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-107-180-41-13.ip.secureserver.net Software Apache / PHP/7.1.18 Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.customwriting.us User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer https://www.customwriting.us/orders/portal/ Connection keep-alive Cache-Control no-cache Referer https://www.customwriting.us/orders/portal/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 26 Jul 2018 01:12:37 GMT Content-Encoding gzip Server Apache X-Powered-By PHP/7.1.18 Vary Accept-Encoding,User-Agent Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Transfer-Encoding chunked Connection Keep-Alive Link <https://www.customwriting.us/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=5 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	login329e.js www.customwriting.us/apps.rackspace.com/a/js/	0 0	2110ms 1923ms	Script text/html	107.180.41.13 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL https://www.customwriting.us/apps.rackspace.com/a/js/login329e.js?2230 Requested by Host: www.customwriting.us URL: https://www.customwriting.us/orders/portal/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.41.13 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-107-180-41-13.ip.secureserver.net Software Apache / PHP/7.1.18 Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.customwriting.us User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer https://www.customwriting.us/orders/portal/ Connection keep-alive Cache-Control no-cache Referer https://www.customwriting.us/orders/portal/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 26 Jul 2018 01:12:37 GMT Content-Encoding gzip Server Apache X-Powered-By PHP/7.1.18 Vary Accept-Encoding,User-Agent Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Transfer-Encoding chunked Connection Keep-Alive Link <https://www.customwriting.us/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=5 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	200 OK	logo.png www.customwriting.us/orders/portal/	2 KB 2 KB	288ms 95ms	Image image/png	107.180.41.13 GoDaddy.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.customwriting.us/orders/portal/logo.png Requested by Host: www.customwriting.us URL: https://www.customwriting.us/orders/portal/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.41.13 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-107-180-41-13.ip.secureserver.net Software Apache / Resource Hash `f167dfd881b45166119fce39b1fa639e925f80e4e7391e3cbe83f843490b7b19` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.customwriting.us User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.customwriting.us/orders/portal/ Connection keep-alive Cache-Control no-cache Referer https://www.customwriting.us/orders/portal/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 26 Jul 2018 01:12:39 GMT Last-Modified Mon, 18 Jun 2018 22:58:31 GMT Server Apache ETag "44497b-820-56ef281271279" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 2080
GET H/1.1	200 OK	plus.png www.customwriting.us/orders/portal/	9 KB 9 KB	221ms 94ms	Image image/png	107.180.41.13 GoDaddy.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.customwriting.us/orders/portal/plus.png Requested by Host: www.customwriting.us URL: https://www.customwriting.us/orders/portal/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.41.13 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-107-180-41-13.ip.secureserver.net Software Apache / Resource Hash `db18ad437ed30b29a15bb4a394df2f29cd5073ccab904b6ed5e2cf870530dc62` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.customwriting.us User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.customwriting.us/orders/portal/ Connection keep-alive Cache-Control no-cache Referer https://www.customwriting.us/orders/portal/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 26 Jul 2018 01:12:39 GMT Last-Modified Mon, 18 Jun 2018 22:58:37 GMT Server Apache ETag "444ba9-23f9-56ef2817e3ef8" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 9209
GET		webrtc-patch.js fdcgdnkidjaadafnichfpabhfomcebme/scripts/	0 0

GET		webrtc-patch.js fdcgdnkidjaadafnichfpabhfomcebme/scripts/	0 0

GET		webrtc-patch.js fdcgdnkidjaadafnichfpabhfomcebme/scripts/	0 0

GET		webrtc-patch.js fdcgdnkidjaadafnichfpabhfomcebme/scripts/	0 0

GET		webrtc-patch.js fdcgdnkidjaadafnichfpabhfomcebme/scripts/	0 0

GET H/1.1	404 Not Found	plus-anytime_anywhere-190x294.png www.customwriting.us/orders/portal/	31 KB 31 KB	2282ms 2099ms	Image text/html	107.180.41.13 GoDaddy.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.customwriting.us/orders/portal/plus-anytime_anywhere-190x294.png Requested by Host: www.customwriting.us URL: https://www.customwriting.us/orders/portal/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.41.13 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-107-180-41-13.ip.secureserver.net Software Apache / PHP/7.1.18 Resource Hash `4bdf7074f02073fc70d2af76b89a1eaf2c558679c8f4d09a6568da7ee39e849c` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.customwriting.us User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.customwriting.us/orders/portal/ Connection keep-alive Cache-Control no-cache Referer https://www.customwriting.us/orders/portal/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 26 Jul 2018 01:12:39 GMT Content-Encoding gzip Server Apache X-Powered-By PHP/7.1.18 Vary Accept-Encoding,User-Agent Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Transfer-Encoding chunked Connection Keep-Alive Link <https://www.customwriting.us/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=5 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	logo_20141002.png www.customwriting.us/orders/portal/	31 KB 31 KB	2220ms 2035ms	Image text/html	107.180.41.13 GoDaddy.com
General Check archive.org Show headers Download Go to Show image Full URL https://www.customwriting.us/orders/portal/logo_20141002.png Requested by Host: www.customwriting.us URL: https://www.customwriting.us/orders/portal/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.41.13 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-107-180-41-13.ip.secureserver.net Software Apache / PHP/7.1.18 Resource Hash `57fe59673e7567bea71bc7b97d5a42cd93812dbcc6dc95dc68bef2c6bf6d1d1d` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.customwriting.us User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.customwriting.us/orders/portal/ Connection keep-alive Cache-Control no-cache Referer https://www.customwriting.us/orders/portal/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 26 Jul 2018 01:12:39 GMT Content-Encoding gzip Server Apache X-Powered-By PHP/7.1.18 Vary Accept-Encoding,User-Agent Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Transfer-Encoding chunked Connection Keep-Alive Link <https://www.customwriting.us/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=5 Expires Wed, 11 Jan 1984 05:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fdcgdnkidjaadafnichfpabhfomcebme
URL: chrome-extension://fdcgdnkidjaadafnichfpabhfomcebme/scripts/webrtc-patch.js

Domain: fdcgdnkidjaadafnichfpabhfomcebme
URL: chrome-extension://fdcgdnkidjaadafnichfpabhfomcebme/scripts/webrtc-patch.js

Domain: fdcgdnkidjaadafnichfpabhfomcebme
URL: chrome-extension://fdcgdnkidjaadafnichfpabhfomcebme/scripts/webrtc-patch.js

Domain: fdcgdnkidjaadafnichfpabhfomcebme
URL: chrome-extension://fdcgdnkidjaadafnichfpabhfomcebme/scripts/webrtc-patch.js

Domain: fdcgdnkidjaadafnichfpabhfomcebme
URL: chrome-extension://fdcgdnkidjaadafnichfpabhfomcebme/scripts/webrtc-patch.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Rackspace (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fdcgdnkidjaadafnichfpabhfomcebme
www.customwriting.us
fdcgdnkidjaadafnichfpabhfomcebme
107.180.41.13
4bdf7074f02073fc70d2af76b89a1eaf2c558679c8f4d09a6568da7ee39e849c
57fe59673e7567bea71bc7b97d5a42cd93812dbcc6dc95dc68bef2c6bf6d1d1d
a6470767387139225acff510fd992aff96f9c91d9f60975d194e8ec6cd0462ad
db18ad437ed30b29a15bb4a394df2f29cd5073ccab904b6ed5e2cf870530dc62
f167dfd881b45166119fce39b1fa639e925f80e4e7391e3cbe83f843490b7b19

www.customwriting.us Open in urlscan Pro 107.180.41.13 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

12 Requests

58 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

78 kBTransfer

88 kBSize

0 Cookies

5 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

Indicators

www.customwriting.us Open in urlscan Pro
107.180.41.13 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

58 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

78 kB
Transfer

88 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!