www.cumyn.com
Open in
urlscan Pro
160.153.48.201
Malicious Activity!
Public Scan
Effective URL: https://www.cumyn.com/newdocattachedment/americansviewer/docsxussignx/padfdcument/index.php
Submission: On March 26 via manual from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on March 20th 2018. Valid for: 3 months.
This is the only time www.cumyn.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DocuSign (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.10 67.199.248.10 | 395224 (BITLY-AS) (BITLY-AS - Bitly Inc) | |
1 | 160.153.36.0 160.153.36.0 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
1 | 184.25.158.226 184.25.158.226 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 160.153.48.201 160.153.48.201 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
1 | 162.248.186.53 162.248.186.53 | 62856 (DOCUS-6-PROD) (DOCUS-6-PROD - Docusign) | |
3 | 151.101.112.193 151.101.112.193 | 54113 (FASTLY) (FASTLY - Fastly) | |
8 | 6 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
industrailcoverage.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a184-25-158-226.deploy.static.akamaitechnologies.com
img1.wsimg.com |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-160-153-48-201.ip.secureserver.net
www.cumyn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
imgur.com
i.imgur.com |
58 KB |
1 |
docusign.com
account.docusign.com |
5 KB |
1 |
cumyn.com
www.cumyn.com |
1 KB |
1 |
wsimg.com
img1.wsimg.com |
5 KB |
1 |
industrailcoverage.com
industrailcoverage.com |
681 B |
1 |
bit.ly
1 redirects
bit.ly |
398 B |
0 |
secureserver.net
Failed
img.secureserver.net Failed |
|
8 | 7 |
Domain | Requested by | |
---|---|---|
3 | i.imgur.com |
www.cumyn.com
|
1 | account.docusign.com |
www.cumyn.com
|
1 | www.cumyn.com | |
1 | img1.wsimg.com |
industrailcoverage.com
|
1 | industrailcoverage.com | |
1 | bit.ly | 1 redirects |
0 | img.secureserver.net Failed | |
8 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
industrailcoverage.com Let's Encrypt Authority X3 |
2018-01-17 - 2018-04-17 |
3 months | crt.sh |
cumyn.com Let's Encrypt Authority X3 |
2018-03-20 - 2018-06-18 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.cumyn.com/newdocattachedment/americansviewer/docsxussignx/padfdcument/index.php
Frame ID: 447207897A6E6DD3D4AC5A78FF2EFA9B
Requests: 8 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://bit.ly/2G8rx0b
HTTP 301
https://industrailcoverage.com/bestmidocsseen/jejelayere/omologo/document.php Page URL
- https://www.cumyn.com/newdocattachedment/americansviewer/docsxussignx/padfdcument/index.php Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bit.ly/2G8rx0b
HTTP 301
https://industrailcoverage.com/bestmidocsseen/jejelayere/omologo/document.php Page URL
- https://www.cumyn.com/newdocattachedment/americansviewer/docsxussignx/padfdcument/index.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://bit.ly/2G8rx0b HTTP 301
- https://industrailcoverage.com/bestmidocsseen/jejelayere/omologo/document.php
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
document.php
industrailcoverage.com/bestmidocsseen/jejelayere/omologo/ Redirect Chain
|
595 B 681 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
tcc_l.combined.1.0.6.min.js
img1.wsimg.com/tcc/ |
12 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
event
img.secureserver.net/t/1/tl/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
index.php
www.cumyn.com/newdocattachedment/americansviewer/docsxussignx/padfdcument/ |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
docusign_logo_small.png
account.docusign.com/LoginAppNext/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
No8iYwi.png
i.imgur.com/ |
158 B 447 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
N3KfZUq.png
i.imgur.com/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
Qf10q3i.png
i.imgur.com/ |
34 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- img.secureserver.net
- URL
- https://img.secureserver.net/t/1/tl/event?cts=1522088559652&tce=1522088559257&tcs=1522088558794&tdc=1522088559446&tdclee=1522088559446&tdcles=1522088559446&tdi=1522088559446&tdl=1522088559412&tdle=1522088558794&tdls=1522088558794&tfs=1522088559411&tns=1522088558229&trqs=1522088559257&tre=1522088559411&trps=1522088559409&tles=1522088559446&tlee=1522088559446&ht=perf&dh=industrailcoverage.com&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_12_6)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F63.0.3239.84%20Safari%2F537.36&vci=338922127&cv=1.0.6&z=611512464&vg=1f1e7070-9653-40bc-aa00-0bdbedfa7087&vtg=1f1e7070-9653-40bc-aa00-0bdbedfa7087&ap=cpsh&trfd=%7B%22cts%22%3A1522088559445%2C%22tccl.baseHost%22%3A%22secureserver.net%22%2C%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22p3plcpnl0734%22%7D&dp=%2Fbestmidocsseen%2Fjejelayere%2Fomologo%2Fdocument.php
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DocuSign (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| validateusername function| validate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
account.docusign.com
bit.ly
i.imgur.com
img.secureserver.net
img1.wsimg.com
industrailcoverage.com
www.cumyn.com
img.secureserver.net
151.101.112.193
160.153.36.0
160.153.48.201
162.248.186.53
184.25.158.226
67.199.248.10
3adf7face2787c5f9d2eeb60b86d0e2e1908815cbcf240f1826a461b96fa1e1c
5d97f53304358270782fb098eef9091bfbd9c82af65955504c1803cfa601c2e4
68724dab76f9a0a226c16b9e14cd4bcc8b5084346cf99a624e3139aa4c388450
8322ebdf92bc3b7eb75528414f128c6418c322f912d0d322d225f59066f165e6
9c88cb294974ac5b7d2852e606f6ece1dfcaf8934809590af3f244eed7a63246
ee3cec3c33913424b8a94f2ba811277a4aaf0a8476d61653769c5d953ddeecbd