eshop.candis.sk
Open in
urlscan Pro
37.9.175.18
Malicious Activity!
Public Scan
Effective URL: https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3o...
Submission: On December 07 via manual from IN
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on November 30th 2018. Valid for: 3 months.
This is the only time eshop.candis.sk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 177.11.51.173 177.11.51.173 | 53243 (Brasil Si...) (Brasil Site Informatica LTDA) | |
1 | 184.154.31.114 184.154.31.114 | 32475 (SINGLEHOP...) (SINGLEHOP-LLC - SingleHop LLC) | |
1 2 | 37.9.175.18 37.9.175.18 | 51013 (WEBSUPPOR...) (WEBSUPPORT-SRO-SK-AS) | |
1 | 2a02:26f0:6c0... 2a02:26f0:6c00:2bf::35c1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
7 | 2a02:26f0:6c0... 2a02:26f0:6c00:29f::34ef | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 13.107.42.13 13.107.42.13 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
17 | 7 |
ASN53243 (Brasil Site Informatica LTDA, BR)
PTR: host-51-173.sdmservidores.com
aldeiadigitalweb.com.br |
ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US)
PTR: sage.superdnssite.com
apartmentsforsaleinrasalkhaimah.com |
ASN51013 (WEBSUPPORT-SRO-SK-AS, SK)
PTR: lb-proxy-16.websupport.sk
eshop.candis.sk |
ASN20940 (AKAMAI-ASN1, US)
secure.aadcdn.microsoftonline-p.com |
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
onedrive.live.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
gfx.ms
auth.gfx.ms |
408 KB |
2 |
candis.sk
1 redirects
eshop.candis.sk |
7 KB |
1 |
live.com
onedrive.live.com |
|
1 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com |
18 KB |
1 |
apartmentsforsaleinrasalkhaimah.com
apartmentsforsaleinrasalkhaimah.com |
279 B |
1 |
aldeiadigitalweb.com.br
aldeiadigitalweb.com.br |
322 B |
0 |
google.com
Failed
google.com Failed |
|
0 |
gustem.com
Failed
www.gustem.com Failed |
|
17 | 8 |
Domain | Requested by | |
---|---|---|
7 | auth.gfx.ms |
eshop.candis.sk
|
2 | eshop.candis.sk |
1 redirects
apartmentsforsaleinrasalkhaimah.com
|
1 | onedrive.live.com |
eshop.candis.sk
|
1 | secure.aadcdn.microsoftonline-p.com |
eshop.candis.sk
|
1 | apartmentsforsaleinrasalkhaimah.com |
aldeiadigitalweb.com.br
|
1 | aldeiadigitalweb.com.br | |
0 | google.com Failed |
eshop.candis.sk
|
0 | www.gustem.com Failed |
eshop.candis.sk
|
17 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.gustem.com |
signup.live.com |
login.live.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
apartmentsforsaleinrasalkhaimah.com cPanel, Inc. Certification Authority |
2018-11-16 - 2019-02-14 |
3 months | crt.sh |
eshop.candis.sk Let's Encrypt Authority X3 |
2018-11-30 - 2019-02-28 |
3 months | crt.sh |
secure.aadcdn.microsoftonline-p.com Microsoft IT TLS CA 1 |
2017-08-15 - 2019-08-15 |
2 years | crt.sh |
msagfx.live.com Microsoft IT TLS CA 4 |
2017-07-27 - 2019-07-17 |
2 years | crt.sh |
onedrive.com Microsoft IT TLS CA 1 |
2017-08-02 - 2019-08-02 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
Frame ID: 65AC8C0A3882F622A96946F256528510
Requests: 16 HTTP requests in this frame
Frame:
https://onedrive.live.com/preload?view=Folders.All&id=250206&mkt=EN-US
Frame ID: B70DF5332C07F2B730A44B534B18EB84
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://aldeiadigitalweb.com.br/?x=&data=02|01|borge.hansen@maerskoil.com|132a9a14ff5148d9a6cc08d65bf1eb33|b... Page URL
- https://apartmentsforsaleinrasalkhaimah.com/?x= Page URL
-
https://eshop.candis.sk/i.php?uid=
HTTP 302
https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
webpack (Miscellaneous) Expand
Detected patterns
- env /^webpackJsonp$/i
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: OneDrive
Search URL Search Domain Scan URL
Title: Create one!
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://aldeiadigitalweb.com.br/?x=&data=02|01|borge.hansen@maerskoil.com|132a9a14ff5148d9a6cc08d65bf1eb33|b03c2b9a30154891988305afa9100cc6|0|0|636797491924843584&sdata=9anvks9m7xjzkay/rtl+9yvjllpa9n4tuji8xlhs25a=&reserved=0 Page URL
- https://apartmentsforsaleinrasalkhaimah.com/?x= Page URL
-
https://eshop.candis.sk/i.php?uid=
HTTP 302
https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
aldeiadigitalweb.com.br/ |
115 B 322 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
apartmentsforsaleinrasalkhaimah.com/ |
102 B 279 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php
eshop.candis.sk/ Redirect Chain
|
22 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
converged.v2.login.min_t7iocdq0wq2qh0nv233jig2.css
secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/cdnbundles/ |
94 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ConvergedLoginPaginatedStrings.EN.js
auth.gfx.ms/16.000.27683.1/ |
15 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ConvergedLogin_PCore.js
auth.gfx.ms/16.000.27683.1/ |
391 KB 107 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.svg
auth.gfx.ms/16.000.27683.1/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ellipsis_white.svg
auth.gfx.ms/16.000.27683.1/images/ |
915 B 668 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ellipsis_grey.svg
auth.gfx.ms/16.000.27683.1/images/ |
915 B 668 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ConvergedLoginPaginatedStrings.EN.js
www.gustem.com/https://msagfx.live.com/16.000.27683.1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ConvergedLogin_PCore.js
www.gustem.com/https://msagfx.live.com/16.000.27683.1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
google.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ConvergedLogin_PCore.js
www.gustem.com/https://msagfx.live.com/16.000.27683.1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
google.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
preload
onedrive.live.com/ Frame B70D |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0.jpg
auth.gfx.ms/16.000.27683.1/images/Backgrounds/ |
291 KB 291 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0-small.jpg
auth.gfx.ms/16.000.27683.1/images/Backgrounds/ |
1 KB 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.gustem.com
- URL
- https://www.gustem.com/https://msagfx.live.com/16.000.27683.1/ConvergedLoginPaginatedStrings.EN.js
- Domain
- www.gustem.com
- URL
- https://www.gustem.com/https://msagfx.live.com/16.000.27683.1/ConvergedLogin_PCore.js
- Domain
- google.com
- URL
- http://google.com/
- Domain
- www.gustem.com
- URL
- https://www.gustem.com/https://msagfx.live.com/16.000.27683.1/ConvergedLogin_PCore.js
- Domain
- google.com
- URL
- http://google.com/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| PROOF object| g_dtFirstByte object| g_objPageMode number| g_iSRSFailed string| g_sSRSSuccess function| SRSRetry object| StringRepository boolean| __ConvergedLoginPaginatedStrings function| webpackJsonp5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.live.com/ | Name: xidseq Value: 1 |
|
.live.com/ | Name: xid Value: 7bd1a815-ac41-4084-a0a4-2f3a89e60c38&&RD0003FF9AEA07&391 |
|
.live.com/ | Name: E Value: P:un+IV/pb1og=:WQEDAsUUS0laDOYT4tHkrl4pRxL4VuGz2AwxtyKGILA=:F |
|
.live.com/ | Name: wla42 Value: |
|
.live.com/ | Name: mkt Value: en-US |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aldeiadigitalweb.com.br
apartmentsforsaleinrasalkhaimah.com
auth.gfx.ms
eshop.candis.sk
google.com
onedrive.live.com
secure.aadcdn.microsoftonline-p.com
www.gustem.com
google.com
www.gustem.com
13.107.42.13
177.11.51.173
184.154.31.114
2a02:26f0:6c00:29f::34ef
2a02:26f0:6c00:2bf::35c1
37.9.175.18
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
190c090f07c94b7f907c4d4264d56d5ffba32d25706433847af09eda9fe8e5ed
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214
991ce8513044220fc708d8b8bfb7b2c561c3000b4a9494c04ed98cc17609777b
9ececbd5fc52b4c11307e2fb1cbe9eab972b2bfbcf058b484aa89c5be6740cd5
baf34bd46d7626c8656a48a9a51e875ad51dba1bd22a704dc0d3395a653df14e
c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b
f04238b0ca6572283c54a7e502d2783dab0ad5dd98cc88bd788ca5f764198344