musi.com.au Open in urlscan Pro
27.121.64.147 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://musi.com.au/morenews/files/login-desktop.php
Submission: On December 05 via api (December 5th 2017, 3:53:54 am UTC) from CA

Summary HTTP 8 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 8 HTTP transactions. The main IP is 27.121.64.147, located in Brisbane, Australia and belongs to NETREGISTRY-AS-AP NetRegistry Pty Ltd., AU. The main domain is musi.com.au.

This is the only time musi.com.au was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Apple (Online)

Domain & IP information

	IP Address		AS Autonomous System
4	27.121.64.147 27.121.64.147		24446 (NETREGIST...) (NETREGISTRY-AS-AP NetRegistry Pty Ltd.)
1	151.139.237.113 151.139.237.113		54104 (AS-STACKPATH) (AS-STACKPATH - netDNA)
3 5	2a02:26f0:78:... 2a02:26f0:78:193::1aca		20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:78:... 2a02:26f0:78:18c::1aca		20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8	4

4 27.121.64.147 (Brisbane, Australia)

ASN24446 (NETREGISTRY-AS-AP NetRegistry Pty Ltd., AU)
PTR: cp147.ezyreg.com

musi.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.237.113 (Dallas, United States)

ASN54104 (AS-STACKPATH - netDNA, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:78:193::1aca (European Union) 3 redirects

ASN20940 (AKAMAI-ASN1, US)

www.apple.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:78:18c::1aca (European Union)

ASN20940 (AKAMAI-ASN1, US)

www.apple.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	apple.com 3 redirects www.apple.com	3 KB
4	musi.com.au musi.com.au	4 KB
1	jquery.com code.jquery.com	95 KB
8	3

	Domain	Requested by
6	www.apple.com	3 redirects musi.com.au
4	musi.com.au	musi.com.au
1	code.jquery.com	musi.com.au
8	3

This site contains no links.

Subject Issuer	Validity	Valid
www.apple.com Symantec Class 3 EV SSL CA - G3	`2017-10-02` - `2019-10-15`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://musi.com.au/morenews/files/login-desktop.php
Frame ID: 12585.1
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

UNIX (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Unix/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

mod_ssl (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /mod_ssl(?:\/([\d.]+))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
headers server /mod_ssl(?:\/([\d.]+))?/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js/i

Page Statistics

8
Requests

38 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

101 kB
Transfer

270 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

http://www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/apple/image_large.svg HTTP 301
https://www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/apple/image_large.svg

Request Chain 5

http://www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/search/image_large.svg HTTP 301
https://www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/search/image_large.svg

Request Chain 6

http://www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/bag/image_large.svg HTTP 301
https://www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/bag/image_large.svg

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set login-desktop.php Show response musi.com.au/morenews/files/	4 KB 4 KB	1422ms 1422ms	Document text/html	27.121.64.147 NETREGISTRY-AS-AP...
General Check archive.org Show headers Download Go to Full URL http://musi.com.au/morenews/files/login-desktop.php Protocol HTTP/1.1 Server 27.121.64.147 Brisbane, Australia, ASN24446 (NETREGISTRY-AS-AP NetRegistry Pty Ltd., AU), Reverse DNS cp147.ezyreg.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 / PHP/5.3.29 Resource Hash `fe717ecf4d3324285a2004a606d76a11aa6f5b11fd93ca7ab94cd0710dd428c9` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host musi.com.au Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Pragma no-cache Date Tue, 05 Dec 2017 03:53:42 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 X-Powered-By PHP/5.3.29 Transfer-Encoding chunked Content-Type text/html Set-Cookie PHPSESSID=d68l2agm62qqo70v5d7m7atqa7; path=/ Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection Keep-Alive Keep-Alive timeout=3, max=98 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	404 Not Found	style-login-desktop.css musi.com.au/morenews/files/files/css/	0 0	310ms 309ms	Stylesheet text/html	27.121.64.147 NETREGISTRY-AS-AP...
General Check archive.org Show headers Download Go to Full URL http://musi.com.au/morenews/files/files/css/style-login-desktop.css Requested by Host: musi.com.au URL: http://musi.com.au/morenews/files/login-desktop.php Protocol HTTP/1.1 Server 27.121.64.147 Brisbane, Australia, ASN24446 (NETREGISTRY-AS-AP NetRegistry Pty Ltd., AU), Reverse DNS cp147.ezyreg.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host musi.com.au User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept text/css,/;q=0.1 Referer http://musi.com.au/morenews/files/login-desktop.php Cookie PHPSESSID=d68l2agm62qqo70v5d7m7atqa7 Connection keep-alive Cache-Control no-cache Referer http://musi.com.au/morenews/files/login-desktop.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 03:53:44 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Connection Keep-Alive Keep-Alive timeout=3, max=98 Content-Length 365 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	script-login-desktop.js musi.com.au/morenews/files/files/js/	0 0	310ms 309ms	Script text/html	27.121.64.147 NETREGISTRY-AS-AP...
General Check archive.org Show headers Download Go to Full URL http://musi.com.au/morenews/files/files/js/script-login-desktop.js Requested by Host: musi.com.au URL: http://musi.com.au/morenews/files/login-desktop.php Protocol HTTP/1.1 Server 27.121.64.147 Brisbane, Australia, ASN24446 (NETREGISTRY-AS-AP NetRegistry Pty Ltd., AU), Reverse DNS cp147.ezyreg.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host musi.com.au User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept / Referer http://musi.com.au/morenews/files/login-desktop.php Cookie PHPSESSID=d68l2agm62qqo70v5d7m7atqa7 Connection keep-alive Cache-Control no-cache Referer http://musi.com.au/morenews/files/login-desktop.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 03:53:44 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Connection Keep-Alive Keep-Alive timeout=3, max=100 Content-Length 364 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	jquery-1.9.1.js Show response code.jquery.com/	262 KB 95 KB	7ms 7ms	Script application/javascript	151.139.237.113 netDNA
General Check archive.org Show headers Download Go to Full URL http://code.jquery.com/jquery-1.9.1.js Requested by Host: musi.com.au URL: http://musi.com.au/morenews/files/login-desktop.php Protocol HTTP/1.1 Server 151.139.237.113 Dallas, United States, ASN54104 (AS-STACKPATH - netDNA, US), Reverse DNS Software NetDNA-cache/2.2 / Resource Hash `7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host code.jquery.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept / Referer http://musi.com.au/morenews/files/login-desktop.php Connection keep-alive Cache-Control no-cache Referer http://musi.com.au/morenews/files/login-desktop.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 03:53:44 GMT Content-Encoding gzip Last-Modified Fri, 24 Oct 2014 00:16:07 GMT Server NetDNA-cache/2.2 ETag W/"54499a47-4185d" Vary Accept-Encoding X-Cache HIT Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control max-age=315360000 public Transfer-Encoding chunked Connection keep-alive Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	404 Not Found	login-desktop.png musi.com.au/morenews/files/files/img/	359 B 0	309ms 309ms	Image text/html	27.121.64.147 NETREGISTRY-AS-AP...
General Check archive.org Show headers Download Go to Show image Full URL http://musi.com.au/morenews/files/files/img/login-desktop.png Requested by Host: musi.com.au URL: http://musi.com.au/morenews/files/login-desktop.php Protocol HTTP/1.1 Server 27.121.64.147 Brisbane, Australia, ASN24446 (NETREGISTRY-AS-AP NetRegistry Pty Ltd., AU), Reverse DNS cp147.ezyreg.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 / Resource Hash `d3fc79daaadcefd6dc74f2e3895fe6239d69250273504072b98e6f2b62ad36cb` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host musi.com.au User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://musi.com.au/morenews/files/login-desktop.php Cookie PHPSESSID=d68l2agm62qqo70v5d7m7atqa7 Connection keep-alive Cache-Control no-cache Referer http://musi.com.au/morenews/files/login-desktop.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 03:53:44 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Connection Keep-Alive Keep-Alive timeout=3, max=97 Content-Length 359 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	image_large.svg www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/apple/ Redirect Chain http://www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/apple/image_large.svg https://www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/apple/image_large.svg	2 KB 977 B	8ms 8ms	Image image/svg+xml	2a02:26f0:78:193::1aca AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/apple/image_large.svg Requested by Host: musi.com.au URL: http://musi.com.au/morenews/files/login-desktop.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:78:193::1aca , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `f674d38daae4a3e966f218fbd0c6384af4ac3996f6797952b264e495e740152f` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.apple.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://musi.com.au/morenews/files/login-desktop.php Connection keep-alive Cache-Control no-cache Referer http://musi.com.au/morenews/files/login-desktop.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 03:53:44 GMT Content-Encoding gzip Last-Modified Thu, 04 Aug 2016 19:55:23 GMT Server Apache Access-Control-Allow-Origin https://www.apple.com Vary Accept-Encoding Content-Type image/svg+xml nnCoection close Cache-Control max-age=440 Connection keep-alive Accept-Ranges bytes Content-Length 977 Expires Tue, 05 Dec 2017 04:01:04 GMT Redirect headers Location https://www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/apple/image_large.svg Date Tue, 05 Dec 2017 03:53:44 GMT Cache-Control max-age=0 Server AkamaiGHost Connection keep-alive Content-Length 0 Expires Tue, 05 Dec 2017 03:53:44 GMT
GET H/1.1	200 OK	image_large.svg www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/search/ Redirect Chain http://www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/search/image_large.svg https://www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/search/image_large.svg	1 KB 598 B	8ms 7ms	Image image/svg+xml	2a02:26f0:78:193::1aca AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/search/image_large.svg Requested by Host: musi.com.au URL: http://musi.com.au/morenews/files/login-desktop.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:78:193::1aca , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `98e256b4b96b4c80754ee598e4724e736d6241714f2c2bb1a4b88dac0cbf02c1` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.apple.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://musi.com.au/morenews/files/login-desktop.php Connection keep-alive Cache-Control no-cache Referer http://musi.com.au/morenews/files/login-desktop.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 03:53:44 GMT Content-Encoding gzip Last-Modified Thu, 04 Aug 2016 19:55:26 GMT Server Apache Access-Control-Allow-Origin https://www.apple.com Vary Accept-Encoding Content-Type image/svg+xml nnCoection close Cache-Control max-age=343 Connection keep-alive Accept-Ranges bytes Content-Length 598 Expires Tue, 05 Dec 2017 03:59:27 GMT Redirect headers Location https://www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/search/image_large.svg Date Tue, 05 Dec 2017 03:53:44 GMT Cache-Control max-age=0 Server AkamaiGHost Connection keep-alive Content-Length 0 Expires Tue, 05 Dec 2017 03:53:44 GMT
GET H/1.1	200 OK	image_large.svg www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/bag/ Redirect Chain http://www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/bag/image_large.svg https://www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/bag/image_large.svg	464 B 464 B	6ms 6ms	Image image/svg+xml	2a02:26f0:78:18c::1aca AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/bag/image_large.svg Requested by Host: musi.com.au URL: http://musi.com.au/morenews/files/login-desktop.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:78:18c::1aca , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `2b00b7da17f4f98eb6a5e85cadff1b7dcf089842136c1d8fc2f73071cb135e9f` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.apple.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://musi.com.au/morenews/files/login-desktop.php Connection keep-alive Cache-Control no-cache Referer http://musi.com.au/morenews/files/login-desktop.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Tue, 05 Dec 2017 03:53:44 GMT Last-Modified Thu, 04 Aug 2016 19:55:23 GMT Server Apache Access-Control-Allow-Origin https://www.apple.com Content-Type image/svg+xml nnCoection close Cache-Control max-age=150 Connection keep-alive Accept-Ranges bytes Content-Length 464 Expires Tue, 05 Dec 2017 03:56:14 GMT Redirect headers Location https://www.apple.com/ac/globalnav/2.0/en_US/images/globalnav/bag/image_large.svg Date Tue, 05 Dec 2017 03:53:44 GMT Cache-Control max-age=0 Server AkamaiGHost Connection keep-alive Content-Length 0 Expires Tue, 05 Dec 2017 03:53:44 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Apple (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| jQuery19107170842590791253

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			musi.com.au/	1970-01-01 00:00:00	Name: PHPSESSID Value: d68l2agm62qqo70v5d7m7atqa7

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
musi.com.au
www.apple.com
151.139.237.113
27.121.64.147
2a02:26f0:78:18c::1aca
2a02:26f0:78:193::1aca
2b00b7da17f4f98eb6a5e85cadff1b7dcf089842136c1d8fc2f73071cb135e9f
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40
98e256b4b96b4c80754ee598e4724e736d6241714f2c2bb1a4b88dac0cbf02c1
d3fc79daaadcefd6dc74f2e3895fe6239d69250273504072b98e6f2b62ad36cb
f674d38daae4a3e966f218fbd0c6384af4ac3996f6797952b264e495e740152f
fe717ecf4d3324285a2004a606d76a11aa6f5b11fd93ca7ab94cd0710dd428c9