download.army Open in urlscan Pro
162.213.251.230 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://download.army/downloads/Banners/images/main/account/
Submission: On September 30 via automatic, source openphish (September 30th 2020, 1:17:57 am UTC)

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 162.213.251.230, located in Los Angeles, United States and belongs to NAMECHEAP-NET, US. The main domain is download.army.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 14th 2020. Valid for: a year.

This is the only time download.army was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address		AS Autonomous System
12	162.213.251.230 162.213.251.230		22612 (NAMECHEAP...) (NAMECHEAP-NET)
12	1

12 162.213.251.230 (Los Angeles, United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: premium87-5.web-hosting.com

download.army	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	download.army download.army	39 KB
12	1

	Domain	Requested by
12	download.army	download.army
12	1

This site contains no links.

Subject Issuer	Validity	Valid
download.army Sectigo RSA Domain Validation Secure Server CA	`2020-01-14` - `2021-01-13`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://download.army/downloads/Banners/images/main/account/
Frame ID: 8B744526B5DF81CDB91B673F28D64E7D
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

39 kB
Transfer

350 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response download.army/downloads/Banners/images/main/account/	9 KB 3 KB	513ms 182ms	Document text/html	162.213.251.230 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://download.army/downloads/Banners/images/main/account/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.251.230 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium87-5.web-hosting.com Software Apache / PHP/7.2.33 Resource Hash `6c4e1831778241207ea3ab8bad2c2c73af623ee9797d1713d49c14414d6ea9b4` Request headers :method GET :authority download.army :scheme https :path /downloads/Banners/images/main/account/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Wed, 30 Sep 2020 01:17:41 GMT server Apache x-powered-by PHP/7.2.33 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache set-cookie PHPSESSID=ccf66836807753603171b5d01d22476c; path=/ vary Accept-Encoding content-encoding gzip content-length 2711 content-type text/html; charset=UTF-8
GET H2	200	master.css download.army/downloads/Banners/images/main/account/assets/css/	8 KB 2 KB	172ms 170ms	Stylesheet text/css	162.213.251.230 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://download.army/downloads/Banners/images/main/account/assets/css/master.css?rand=184038150 Requested by Host: download.army URL: https://download.army/downloads/Banners/images/main/account/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.251.230 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium87-5.web-hosting.com Software Apache / Resource Hash `00988c4a2d389c085c15f02fb2db2a28d8ebe71dfa3d33b8751559fd708e6ed8` Request headers Referer https://download.army/downloads/Banners/images/main/account/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 30 Sep 2020 01:17:41 GMT content-encoding gzip last-modified Tue, 29 Sep 2020 13:02:16 GMT server Apache vary Accept-Encoding content-type text/css status 200 accept-ranges bytes content-length 1835
GET H2	200	loading.css download.army/downloads/Banners/images/main/account/assets/css/	189 KB 11 KB	321ms 319ms	Stylesheet text/css	162.213.251.230 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://download.army/downloads/Banners/images/main/account/assets/css/loading.css Requested by Host: download.army URL: https://download.army/downloads/Banners/images/main/account/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.251.230 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium87-5.web-hosting.com Software Apache / Resource Hash `b4ea3f56351395b7528c9049014f2e33442f8620f0b5e0bcae9d6aae234e87fe` Request headers Referer https://download.army/downloads/Banners/images/main/account/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 30 Sep 2020 01:17:41 GMT content-encoding gzip last-modified Tue, 29 Sep 2020 13:02:16 GMT server Apache vary Accept-Encoding content-type text/css status 200 accept-ranges bytes content-length 10708
GET H2	200	loading-btn.css download.army/downloads/Banners/images/main/account/assets/css/	3 KB 748 B	173ms 171ms	Stylesheet text/css	162.213.251.230 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://download.army/downloads/Banners/images/main/account/assets/css/loading-btn.css Requested by Host: download.army URL: https://download.army/downloads/Banners/images/main/account/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.251.230 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium87-5.web-hosting.com Software Apache / Resource Hash `3c925403eeb24cf057851003097e8bbc81f8baf6467c4748571cd440d20a7d12` Request headers Referer https://download.army/downloads/Banners/images/main/account/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 30 Sep 2020 01:17:41 GMT content-encoding gzip last-modified Tue, 29 Sep 2020 13:02:16 GMT server Apache vary Accept-Encoding content-type text/css status 200 accept-ranges bytes content-length 592
GET H2	200	icon.ico download.army/downloads/Banners/images/main/assets/img/	17 KB 2 KB	172ms 170ms	Stylesheet image/x-icon	162.213.251.230 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://download.army/downloads/Banners/images/main/assets/img/icon.ico Requested by Host: download.army URL: https://download.army/downloads/Banners/images/main/account/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.251.230 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium87-5.web-hosting.com Software Apache / Resource Hash `c8d904d2bb3904ebc2e3e6dfe37872553e2b5b41642111b9c97906b0c8b82386` Request headers Referer https://download.army/downloads/Banners/images/main/account/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 30 Sep 2020 01:17:41 GMT content-encoding gzip last-modified Tue, 29 Sep 2020 13:02:16 GMT server Apache vary Accept-Encoding content-type image/x-icon status 200 accept-ranges bytes content-length 1559
GET H2	200	animate.css download.army/downloads/Banners/images/main/account/assets/css/	79 KB 5 KB	174ms 172ms	Stylesheet text/css	162.213.251.230 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://download.army/downloads/Banners/images/main/account/assets/css/animate.css Requested by Host: download.army URL: https://download.army/downloads/Banners/images/main/account/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.251.230 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium87-5.web-hosting.com Software Apache / Resource Hash `ed229a57e697e1eee579a1bbf898693bbf6f4b2acfa05f29bf30081db504fcca` Request headers Referer https://download.army/downloads/Banners/images/main/account/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 30 Sep 2020 01:17:41 GMT content-encoding gzip last-modified Tue, 29 Sep 2020 13:02:16 GMT server Apache vary Accept-Encoding content-type text/css status 200 accept-ranges bytes content-length 4811
GET H2	200	cleve.js Show response download.army/downloads/Banners/images/main/account/assets/js/	18 KB 6 KB	323ms 322ms	Script application/javascript	162.213.251.230 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://download.army/downloads/Banners/images/main/account/assets/js/cleve.js Requested by Host: download.army URL: https://download.army/downloads/Banners/images/main/account/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.251.230 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium87-5.web-hosting.com Software Apache / Resource Hash `4df05297cede46f8c179649f69573fee7322aadbbdbac3c2427c888cfc436adf` Request headers Referer https://download.army/downloads/Banners/images/main/account/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 30 Sep 2020 01:17:41 GMT content-encoding gzip last-modified Tue, 29 Sep 2020 13:02:16 GMT server Apache vary Accept-Encoding content-type application/javascript status 200 accept-ranges bytes content-length 5518
GET H2	200	main.js Show response download.army/downloads/Banners/images/main/account/assets/js/	20 KB 3 KB	324ms 322ms	Script application/javascript	162.213.251.230 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://download.army/downloads/Banners/images/main/account/assets/js/main.js?rand=952820904 Requested by Host: download.army URL: https://download.army/downloads/Banners/images/main/account/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.251.230 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium87-5.web-hosting.com Software Apache / Resource Hash `c2b96c6f17f8c548bfadb33a8e11b77f155d8e1e985e37c07d2ce23bd24c380a` Request headers Referer https://download.army/downloads/Banners/images/main/account/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 30 Sep 2020 01:17:41 GMT content-encoding gzip last-modified Tue, 29 Sep 2020 13:02:16 GMT server Apache vary Accept-Encoding content-type application/javascript status 200 accept-ranges bytes content-length 3244
GET H2	200	shield.png download.army/downloads/Banners/images/main/account/assets/img/	3 KB 4 KB	172ms 172ms	Image image/png	162.213.251.230 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://download.army/downloads/Banners/images/main/account/assets/img/shield.png Requested by Host: download.army URL: https://download.army/downloads/Banners/images/main/account/assets/css/master.css?rand=184038150 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.251.230 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium87-5.web-hosting.com Software Apache / Resource Hash `43a600f9e33d65f6596e98057dbf0ae18b049671749b19a6c59058bfc975a196` Request headers Referer https://download.army/downloads/Banners/images/main/account/assets/css/master.css?rand=184038150 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Wed, 30 Sep 2020 01:17:41 GMT last-modified Tue, 29 Sep 2020 13:02:16 GMT server Apache accept-ranges bytes content-length 3535 content-type image/png
GET H2	200	tick.png download.army/downloads/Banners/images/main/account/assets/img/	686 B 798 B	172ms 171ms	Image image/png	162.213.251.230 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://download.army/downloads/Banners/images/main/account/assets/img/tick.png Requested by Host: download.army URL: https://download.army/downloads/Banners/images/main/account/assets/css/master.css?rand=184038150 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.251.230 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium87-5.web-hosting.com Software Apache / Resource Hash `4801bf781679e30457faed26adaa4522c403d74d9f06d1d63233fee1e4868bfc` Request headers Referer https://download.army/downloads/Banners/images/main/account/assets/css/master.css?rand=184038150 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Wed, 30 Sep 2020 01:17:41 GMT last-modified Tue, 29 Sep 2020 13:02:16 GMT server Apache accept-ranges bytes content-length 686 content-type image/png
GET H2	200	globe.png download.army/downloads/Banners/images/main/account/assets/img/	2 KB 3 KB	171ms 170ms	Image image/png	162.213.251.230 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://download.army/downloads/Banners/images/main/account/assets/img/globe.png Requested by Host: download.army URL: https://download.army/downloads/Banners/images/main/account/assets/css/master.css?rand=184038150 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.251.230 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium87-5.web-hosting.com Software Apache / Resource Hash `61534c5fc273f1d899927470c30ee2419258f28ff6b584553e2543a551732a87` Request headers Referer https://download.army/downloads/Banners/images/main/account/assets/css/master.css?rand=184038150 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Wed, 30 Sep 2020 01:17:41 GMT last-modified Tue, 29 Sep 2020 13:02:16 GMT server Apache accept-ranges bytes content-length 2499 content-type image/png
GET H2	200	drop.png download.army/downloads/Banners/images/main/account/assets/img/	478 B 590 B	170ms 170ms	Image image/png	162.213.251.230 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://download.army/downloads/Banners/images/main/account/assets/img/drop.png Requested by Host: download.army URL: https://download.army/downloads/Banners/images/main/account/assets/css/master.css?rand=184038150 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.213.251.230 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium87-5.web-hosting.com Software Apache / Resource Hash `d20ca4c5f157e2475bdc2cd10843b8e4bc7b5e99f925f9d6c2441dda958596b6` Request headers Referer https://download.army/downloads/Banners/images/main/account/assets/css/master.css?rand=184038150 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Wed, 30 Sep 2020 01:17:41 GMT last-modified Tue, 29 Sep 2020 13:02:16 GMT server Apache accept-ranges bytes content-length 478 content-type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			download.army/	1969-12-31 23:59:59	Name: PHPSESSID Value: ccf66836807753603171b5d01d22476c

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

download.army
162.213.251.230
00988c4a2d389c085c15f02fb2db2a28d8ebe71dfa3d33b8751559fd708e6ed8
3c925403eeb24cf057851003097e8bbc81f8baf6467c4748571cd440d20a7d12
43a600f9e33d65f6596e98057dbf0ae18b049671749b19a6c59058bfc975a196
4801bf781679e30457faed26adaa4522c403d74d9f06d1d63233fee1e4868bfc
4df05297cede46f8c179649f69573fee7322aadbbdbac3c2427c888cfc436adf
61534c5fc273f1d899927470c30ee2419258f28ff6b584553e2543a551732a87
6c4e1831778241207ea3ab8bad2c2c73af623ee9797d1713d49c14414d6ea9b4
b4ea3f56351395b7528c9049014f2e33442f8620f0b5e0bcae9d6aae234e87fe
c2b96c6f17f8c548bfadb33a8e11b77f155d8e1e985e37c07d2ce23bd24c380a
c8d904d2bb3904ebc2e3e6dfe37872553e2b5b41642111b9c97906b0c8b82386
d20ca4c5f157e2475bdc2cd10843b8e4bc7b5e99f925f9d6c2441dda958596b6
ed229a57e697e1eee579a1bbf898693bbf6f4b2acfa05f29bf30081db504fcca

download.army Open in urlscan Pro 162.213.251.230 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

39 kBTransfer

350 kBSize

1 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

1 Cookies

Indicators

download.army Open in urlscan Pro
162.213.251.230 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

39 kB
Transfer

350 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!