urlscan.io logo urlscan.io
SecurityTrails logo

eshop.candis.sk Open in urlscan Pro
37.9.175.18  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://aldeiadigitalweb.com.br/?x=&data=02|01|borge.hansen@maerskoil.com|132a9a14ff5148d9a6cc08d65bf1eb33|b03c2b9a3015489198830...
Effective URL: https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3o...
Submission: On December 07 via manual from IN
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 8 domains to perform 17 HTTP transactions. The main IP is 37.9.175.18, located in Slovakia and belongs to WEBSUPPORT-SRO-SK-AS, SK. The main domain is eshop.candis.sk.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 30th 2018. Valid for: 3 months.
This is the only time eshop.candis.sk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 177.11.51.173 53243 (Brasil Si...)
1 184.154.31.114 32475 (SINGLEHOP...)
1 2 37.9.175.18 51013 (WEBSUPPOR...)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
7 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 13.107.42.13 8068 (MICROSOFT...)
17 7
1    177.11.51.173 (Brazil)

ASN53243 (Brasil Site Informatica LTDA, BR)
PTR: host-51-173.sdmservidores.com
aldeiadigitalweb.com.br
1    184.154.31.114 (Chicago, United States)

ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US)
PTR: sage.superdnssite.com
apartmentsforsaleinrasalkhaimah.com
2    37.9.175.18 (Slovakia)

ASN51013 (WEBSUPPORT-SRO-SK-AS, SK)
PTR: lb-proxy-16.websupport.sk
eshop.candis.sk
1    2a02:26f0:6c00:2bf::35c1 (European Union)

ASN20940 (AKAMAI-ASN1, US)
secure.aadcdn.microsoftonline-p.com
7    2a02:26f0:6c00:29f::34ef (European Union)

ASN20940 (AKAMAI-ASN1, US)
auth.gfx.ms
1    13.107.42.13 (Redmond, United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
onedrive.live.com
Domain Requested by
7 auth.gfx.ms eshop.candis.sk
2 eshop.candis.sk 1 redirects apartmentsforsaleinrasalkhaimah.com
1 onedrive.live.com eshop.candis.sk
1 secure.aadcdn.microsoftonline-p.com eshop.candis.sk
1 apartmentsforsaleinrasalkhaimah.com aldeiadigitalweb.com.br
1 aldeiadigitalweb.com.br
0 google.com Failed eshop.candis.sk
0 www.gustem.com Failed eshop.candis.sk
17 8

This site contains links to these domains. Also see Links.

Domain
www.gustem.com
signup.live.com
login.live.com
Subject Issuer Validity Valid
apartmentsforsaleinrasalkhaimah.com
cPanel, Inc. Certification Authority		 2018-11-16 -
2019-02-14		 3 months crt.sh
eshop.candis.sk
Let's Encrypt Authority X3		 2018-11-30 -
2019-02-28		 3 months crt.sh
secure.aadcdn.microsoftonline-p.com
Microsoft IT TLS CA 1		 2017-08-15 -
2019-08-15		 2 years crt.sh
msagfx.live.com
Microsoft IT TLS CA 4		 2017-07-27 -
2019-07-17		 2 years crt.sh
onedrive.com
Microsoft IT TLS CA 1		 2017-08-02 -
2019-08-02		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
Frame ID: 65AC8C0A3882F622A96946F256528510
Requests: 16 HTTP requests in this frame

Frame: https://onedrive.live.com/preload?view=Folders.All&id=250206&mkt=EN-US
Frame ID: B70DF5332C07F2B730A44B534B18EB84
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://aldeiadigitalweb.com.br/?x=&data=02|01|borge.hansen@maerskoil.com|132a9a14ff5148d9a6cc08d65bf1eb33|b... Page URL
  2. https://apartmentsforsaleinrasalkhaimah.com/?x= Page URL
  3. https://eshop.candis.sk/i.php?uid= HTTP 302
    https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • env /^webpackJsonp$/i

Page Statistics

17
Requests

65 %
HTTPS

33 %
IPv6

8
Domains

8
Subdomains

7
IPs

4
Countries

433 kB
Transfer

819 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://aldeiadigitalweb.com.br/?x=&data=02|01|borge.hansen@maerskoil.com|132a9a14ff5148d9a6cc08d65bf1eb33|b03c2b9a30154891988305afa9100cc6|0|0|636797491924843584&sdata=9anvks9m7xjzkay/rtl+9yvjllpa9n4tuji8xlhs25a=&reserved=0 Page URL
  2. https://apartmentsforsaleinrasalkhaimah.com/?x= Page URL
  3. https://eshop.candis.sk/i.php?uid= HTTP 302
    https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
aldeiadigitalweb.com.br/ 		115 B
322 B 		Document
General
Check archive.org
Download Go to
Full URL
http://aldeiadigitalweb.com.br/?x=&data=02|01|borge.hansen@maerskoil.com|132a9a14ff5148d9a6cc08d65bf1eb33|b03c2b9a30154891988305afa9100cc6|0|0|636797491924843584&sdata=9anvks9m7xjzkay/rtl+9yvjllpa9n4tuji8xlhs25a=&reserved=0
Protocol
HTTP/1.1
Server
177.11.51.173 , Brazil, ASN53243 (Brasil Site Informatica LTDA, BR),
Reverse DNS
host-51-173.sdmservidores.com
Software
Apache /
Resource Hash

Request headers

Host
aldeiadigitalweb.com.br
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 07 Dec 2018 04:13:24 GMT
Server
Apache
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
/
apartmentsforsaleinrasalkhaimah.com/ 		102 B
279 B 		Document
General
Check archive.org
Download Go to
Full URL
https://apartmentsforsaleinrasalkhaimah.com/?x=
Requested by
Host: aldeiadigitalweb.com.br
URL: http://aldeiadigitalweb.com.br/?x=&data=02|01|borge.hansen@maerskoil.com|132a9a14ff5148d9a6cc08d65bf1eb33|b03c2b9a30154891988305afa9100cc6|0|0|636797491924843584&sdata=9anvks9m7xjzkay/rtl+9yvjllpa9n4tuji8xlhs25a=&reserved=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.154.31.114 Chicago, United States, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS
sage.superdnssite.com
Software
Apache / PHP/7.2.6
Resource Hash
991ce8513044220fc708d8b8bfb7b2c561c3000b4a9494c04ed98cc17609777b

Request headers

Host
apartmentsforsaleinrasalkhaimah.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://aldeiadigitalweb.com.br/?x=&data=02|01|borge.hansen@maerskoil.com|132a9a14ff5148d9a6cc08d65bf1eb33|b03c2b9a30154891988305afa9100cc6|0|0|636797491924843584&sdata=9anvks9m7xjzkay/rtl+9yvjllpa9n4tuji8xlhs25a=&reserved=0
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://aldeiadigitalweb.com.br/?x=&data=02|01|borge.hansen@maerskoil.com|132a9a14ff5148d9a6cc08d65bf1eb33|b03c2b9a30154891988305afa9100cc6|0|0|636797491924843584&sdata=9anvks9m7xjzkay/rtl+9yvjllpa9n4tuji8xlhs25a=&reserved=0

Response headers

Date
Fri, 07 Dec 2018 04:13:27 GMT
Server
Apache
X-Powered-By
PHP/7.2.6
Content-Length
102
Connection
close
Content-Type
text/html; charset=UTF-8
Primary Request mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php
eshop.candis.sk/
Redirect Chain
  • https://eshop.candis.sk/i.php?uid=
  • https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcod...
22 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
Requested by
Host: apartmentsforsaleinrasalkhaimah.com
URL: https://apartmentsforsaleinrasalkhaimah.com/?x=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.9.175.18 , Slovakia, ASN51013 (WEBSUPPORT-SRO-SK-AS, SK),
Reverse DNS
lb-proxy-16.websupport.sk
Software
openresty /
Resource Hash
f04238b0ca6572283c54a7e502d2783dab0ad5dd98cc88bd788ca5f764198344

Request headers

:method
GET
:authority
eshop.candis.sk
:scheme
https
:path
/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://apartmentsforsaleinrasalkhaimah.com/?x=
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://apartmentsforsaleinrasalkhaimah.com/?x=

Response headers

status
200
server
openresty
date
Fri, 07 Dec 2018 04:13:28 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
content-encoding
gzip

Redirect headers

status
302
server
openresty
date
Fri, 07 Dec 2018 04:13:28 GMT
content-type
text/html; charset=UTF-8
content-length
0
location
mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4#n=1252899642&fid=1&fav=1
converged.v2.login.min_t7iocdq0wq2qh0nv233jig2.css
secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/cdnbundles/ 		94 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/cdnbundles/converged.v2.login.min_t7iocdq0wq2qh0nv233jig2.css
Requested by
Host: eshop.candis.sk
URL: https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:2bf::35c1 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
190c090f07c94b7f907c4d4264d56d5ffba32d25706433847af09eda9fe8e5ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
Origin
https://eshop.candis.sk

Response headers

Date
Fri, 07 Dec 2018 04:13:28 GMT
Content-Encoding
gzip
Last-Modified
Fri, 21 Sep 2018 23:12:43 GMT
Content-MD5
PPjUxRT1jqzNE8fzcJZLgA==
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
text/css
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
Cache-Control
public, max-age=204700
Strict-Transport-Security
max-age=31536000
Content-Length
18121
ConvergedLoginPaginatedStrings.EN.js
auth.gfx.ms/16.000.27683.1/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.gfx.ms/16.000.27683.1/ConvergedLoginPaginatedStrings.EN.js
Requested by
Host: eshop.candis.sk
URL: https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:29f::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
baf34bd46d7626c8656a48a9a51e875ad51dba1bd22a704dc0d3395a653df14e

Request headers

Referer
https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 07 Dec 2018 04:13:28 GMT
Content-Encoding
gzip
Last-Modified
Wed, 31 Jan 2018 07:44:33 GMT
PPServer
PPV: 30 H: BL2IDSPRTS1A002 V: 0
ETag
"80467655679ad31:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=337469
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4757
Server
Microsoft-IIS/8.5
ConvergedLogin_PCore.js
auth.gfx.ms/16.000.27683.1/ 		391 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.gfx.ms/16.000.27683.1/ConvergedLogin_PCore.js
Requested by
Host: eshop.candis.sk
URL: https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:29f::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
9ececbd5fc52b4c11307e2fb1cbe9eab972b2bfbcf058b484aa89c5be6740cd5

Request headers

Referer
https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 07 Dec 2018 04:13:28 GMT
Content-Encoding
gzip
Last-Modified
Wed, 31 Jan 2018 07:35:04 GMT
PPServer
PPV: 30 H: BL2IDSPRTS1A003 V: 0
ETag
"0c44f2669ad31:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=337469
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
109042
Server
Microsoft-IIS/8.5
microsoft_logo.svg
auth.gfx.ms/16.000.27683.1/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.gfx.ms/16.000.27683.1/images/microsoft_logo.svg?x=ee5c8d9fb6248c938fd0dc19370e90bd
Requested by
Host: eshop.candis.sk
URL: https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:29f::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer
https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 07 Dec 2018 04:13:28 GMT
Content-Encoding
gzip
Last-Modified
Wed, 31 Jan 2018 07:17:27 GMT
PPServer
PPV: 30 H: BL2IDSPRTS1A004 V: 0
ETag
"805d4a8c639ad31:0"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=337469
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1435
Server
Microsoft-IIS/8.5
ellipsis_white.svg
auth.gfx.ms/16.000.27683.1/images/ 		915 B
668 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.gfx.ms/16.000.27683.1/images/ellipsis_white.svg?x=5ac590ee72bfe06a7cecfd75b588ad73
Requested by
Host: eshop.candis.sk
URL: https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:29f::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea

Request headers

Referer
https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 07 Dec 2018 04:13:28 GMT
Content-Encoding
gzip
Last-Modified
Wed, 31 Jan 2018 07:17:27 GMT
PPServer
PPV: 30 H: BL2IDSPRTS1C004 V: 0
ETag
"805d4a8c639ad31:0"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=337469
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
263
Server
Microsoft-IIS/8.5
ellipsis_grey.svg
auth.gfx.ms/16.000.27683.1/images/ 		915 B
668 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.gfx.ms/16.000.27683.1/images/ellipsis_grey.svg?x=2b5d393db04a5e6e1f739cb266e65b4c
Requested by
Host: eshop.candis.sk
URL: https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:29f::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Request headers

Referer
https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 07 Dec 2018 04:13:28 GMT
Content-Encoding
gzip
Last-Modified
Wed, 31 Jan 2018 07:17:27 GMT
PPServer
PPV: 30 H: BL2IDSPRTS1C004 V: 0
ETag
"805d4a8c639ad31:0"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=337469
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
263
Server
Microsoft-IIS/8.5
ConvergedLoginPaginatedStrings.EN.js
www.gustem.com/https://msagfx.live.com/16.000.27683.1/ 		0
0
ConvergedLogin_PCore.js
www.gustem.com/https://msagfx.live.com/16.000.27683.1/ 		0
0
/
google.com/ 		0
0
ConvergedLogin_PCore.js
www.gustem.com/https://msagfx.live.com/16.000.27683.1/ 		0
0
/
google.com/ 		0
0
preload
onedrive.live.com/ Frame B70D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://onedrive.live.com/preload?view=Folders.All&id=250206&mkt=EN-US
Requested by
Host: eshop.candis.sk
URL: https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.107.42.13 Redmond, United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
onedrive.live.com
:scheme
https
:path
/preload?view=Folders.All&id=250206&mkt=EN-US
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4

Response headers

status
200
cache-control
private, max-age=14400
content-type
text/html; charset=utf-8
content-encoding
gzip
expires
Fri, 07 Dec 2018 08:13:29 GMT
vary
Accept-Encoding
set-cookie
mkt=en-US; domain=.live.com; expires=Sat, 07-Dec-2019 00:00:00 GMT; path=/ E=P:un+IV/pb1og=:WQEDAsUUS0laDOYT4tHkrl4pRxL4VuGz2AwxtyKGILA=:F; domain=.live.com; path=/ xid=7bd1a815-ac41-4084-a0a4-2f3a89e60c38&&RD0003FF9AEA07&391; domain=.live.com; path=/ xidseq=1; domain=.live.com; path=/ LD=; domain=.live.com; expires=Fri, 07-Dec-2018 02:33:28 GMT; path=/ wla42=; domain=live.com; expires=Fri, 14-Dec-2018 04:13:28 GMT; path=/
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-msnserver
RD0003FF9AEA07
x-odwebserver
centralus0-ODWebpl
x-msedge-ref
Ref A: 814694870349400C9A7F8804D79FF5D2 Ref B: FRAEDGE0810 Ref C: 2018-12-07T04:13:29Z
date
Fri, 07 Dec 2018 04:13:28 GMT
0.jpg
auth.gfx.ms/16.000.27683.1/images/Backgrounds/ 		291 KB
291 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.gfx.ms/16.000.27683.1/images/Backgrounds/0.jpg?x=f5a9a9531b8f4bcc86eabb19472d15d5
Requested by
Host: eshop.candis.sk
URL: https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:29f::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214

Request headers

Referer
https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 07 Dec 2018 04:13:28 GMT
Last-Modified
Wed, 31 Jan 2018 07:17:27 GMT
PPServer
PPV: 30 H: BL2IDSPRTS1A002 V: 0
ETag
"805d4a8c639ad31:0"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=337469
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
298105
Server
Microsoft-IIS/8.5
0-small.jpg
auth.gfx.ms/16.000.27683.1/images/Backgrounds/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.gfx.ms/16.000.27683.1/images/Backgrounds/0-small.jpg?x=12f4b8b543125cc986c79cd85320812f
Requested by
Host: eshop.candis.sk
URL: https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:29f::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b

Request headers

Referer
https://eshop.candis.sk/mggie75ekcn6dvcvvskzdf8oj6beq1wchcuvk094dxaqtmmpf7osmxh63sltth6bu17e1hieet58grxvzmolj5snydgrun3ooa3qrm46.php?=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rdcode=&fid.1252899642&fid.1&fav.1&uid=&submit=13InboxLight.aspx?n=1774256418&fid=4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 07 Dec 2018 04:13:28 GMT
Last-Modified
Wed, 31 Jan 2018 07:17:27 GMT
PPServer
PPV: 30 H: BL2IDSPRTS1A003 V: 0
ETag
"805d4a8c639ad31:0"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=337469
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1029
Server
Microsoft-IIS/8.5

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.gustem.com
URL
https://www.gustem.com/https://msagfx.live.com/16.000.27683.1/ConvergedLoginPaginatedStrings.EN.js
Domain
www.gustem.com
URL
https://www.gustem.com/https://msagfx.live.com/16.000.27683.1/ConvergedLogin_PCore.js
Domain
google.com
URL
http://google.com/
Domain
www.gustem.com
URL
https://www.gustem.com/https://msagfx.live.com/16.000.27683.1/ConvergedLogin_PCore.js
Domain
google.com
URL
http://google.com/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| PROOF object| g_dtFirstByte object| g_objPageMode number| g_iSRSFailed string| g_sSRSSuccess function| SRSRetry object| StringRepository boolean| __ConvergedLoginPaginatedStrings function| webpackJsonp

5 Cookies

Domain/Path Name / Value
.live.com/ Name: xidseq
Value: 1
.live.com/ Name: xid
Value: 7bd1a815-ac41-4084-a0a4-2f3a89e60c38&&RD0003FF9AEA07&391
.live.com/ Name: E
Value: P:un+IV/pb1og=:WQEDAsUUS0laDOYT4tHkrl4pRxL4VuGz2AwxtyKGILA=:F
.live.com/ Name: wla42
Value:
.live.com/ Name: mkt
Value: en-US