cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Open in urlscan Pro
45.42.200.70 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://nt.embluemail.com/p/cl?data=UHnQewQ69B59Q7iV68ePPHNVuxWlwxkvViYNP0gR8oFGOEJapWkbITcB5AAoK21k6aXdF6hYrn5dEu0y%2FzdY...
Effective URL:
https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd
Submission Tags: falconsandbox
Submission: On October 07 via api (October 7th 2021, 12:16:01 pm UTC) from US — Scanned from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 45.42.200.70, located in Los Angeles, United States and belongs to AS40676, US. The main domain is cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph.
TLS certificate: Issued by R3 on October 5th 2021. Valid for: 3 months.

This is the only time cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.233.228.78 54.233.228.78	16509 (AMAZON-02) (AMAZON-02)
1 11	45.42.200.70 45.42.200.70	40676 (AS40676) (AS40676)
10	1

1 54.233.228.78 (São Paulo, Brazil) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-233-228-78.sa-east-1.compute.amazonaws.com

nt.embluemail.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 45.42.200.70 (Los Angeles, United States) 1 redirects

ASN40676 (AS40676, US)

xsqk2.triedmetals.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	cloudns.ph 1 redirects cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph	362 KB
1	triedmetals.com xsqk2.triedmetals.com	2 KB
1	embluemail.com 1 redirects nt.embluemail.com	230 B
10	3

	Domain	Requested by
10	cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph	1 redirects xsqk2.triedmetals.com cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph
1	xsqk2.triedmetals.com
1	nt.embluemail.com	1 redirects
10	3

This site contains no links.

Subject Issuer	Validity	Valid
xsqk2.triedmetals.com R3	`2021-10-05` - `2022-01-03`	3 months	crt.sh
cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph R3	`2021-10-05` - `2022-01-03`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd
Frame ID: 080455F47DFE1F7CF1A33AC9AC8DCAC4
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

E024889A9952B4ED64E3DF90738ED252615EE4FC288CB

Page URL History Show full URLs

https://nt.embluemail.com/p/cl?data=UHnQewQ69B59Q7iV68ePPHNVuxWlwxkvViYNP0gR8oFGOEJapWkbITcB5AAoK21k6a... HTTP 302
https://xsqk2.triedmetals.com/bWljaGFlbC5oYWxmbWFubkBjdXJyZW50YS5kZQ== Page URL
https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/$&uTt972STTQwmYia4kU6JI9m... HTTP 302
https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Page URL

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

363 kB
Transfer

606 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://nt.embluemail.com/p/cl?data=UHnQewQ69B59Q7iV68ePPHNVuxWlwxkvViYNP0gR8oFGOEJapWkbITcB5AAoK21k6aXdF6hYrn5dEu0y%2FzdYVjhFqM8cu1p%2FK7QxTUjcUH4%3D%21-%21be9hj9%21-%21https%3A%2F%2Fxsqk2.triedmetals.com%2FbWljaGFlbC5oYWxmbWFubkBjdXJyZW50YS5kZQ%3D%3D HTTP 302
https://xsqk2.triedmetals.com/bWljaGFlbC5oYWxmbWFubkBjdXJyZW50YS5kZQ== Page URL
https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/$&uTt972STTQwmYia4kU6JI9mG78KjdG10M856f1IRpRsv0xW6Fv7ygw8lqjxzkNwljIETgpj3mUQAP0UuxIeOMFPEewLN4B7LbrOBnS2WgfQbhfyoCDAvIptRFfUeecM4j4GNIzJ9M9kvTc3pnEKzIZYwwwzjafjktWKQs980tIz716MBiEynbq8TcsWOof3NFbDC8nXl?client=bWljaGFlbC5oYWxmbWFubkBjdXJyZW50YS5kZQ== HTTP 302
https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://nt.embluemail.com/p/cl?data=UHnQewQ69B59Q7iV68ePPHNVuxWlwxkvViYNP0gR8oFGOEJapWkbITcB5AAoK21k6aXdF6hYrn5dEu0y%2FzdYVjhFqM8cu1p%2FK7QxTUjcUH4%3D%21-%21be9hj9%21-%21https%3A%2F%2Fxsqk2.triedmetals.com%2FbWljaGFlbC5oYWxmbWFubkBjdXJyZW50YS5kZQ%3D%3D HTTP 302
https://xsqk2.triedmetals.com/bWljaGFlbC5oYWxmbWFubkBjdXJyZW50YS5kZQ==

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	bWljaGFlbC5oYWxmbWFubkBjdXJyZW50YS5kZQ== xsqk2.triedmetals.com/ Redirect Chain https://nt.embluemail.com/p/cl?data=UHnQewQ69B59Q7iV68ePPHNVuxWlwxkvViYNP0gR8oFGOEJapWkbITcB5AAoK21k6aXdF6hYrn5dEu0y%2FzdYVjhFqM8cu1p%2FK7QxTUjcUH4%3D%21-%21be9hj9%21-%21https%3A%2F%2Fxsqk2.triedme... https://xsqk2.triedmetals.com/bWljaGFlbC5oYWxmbWFubkBjdXJyZW50YS5kZQ==	23 KB 2 KB	2638ms 1631ms	Document text/html	45.42.200.70 AS40676
General Check archive.org Show headers Download Go to Full URL https://xsqk2.triedmetals.com/bWljaGFlbC5oYWxmbWFubkBjdXJyZW50YS5kZQ== Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.42.200.70 Los Angeles, United States, ASN40676 (AS40676, US), Reverse DNS Software Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips / PHP/7.2.0 Resource Hash Request headers Host xsqk2.triedmetals.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Thu, 07 Oct 2021 12:15:50 GMT Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips X-Powered-By PHP/7.2.0 Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 2040 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8 Redirect headers date Thu, 07 Oct 2021 12:15:49 GMT content-type application/json content-length 0 location https://xsqk2.triedmetals.com/bWljaGFlbC5oYWxmbWFubkBjdXJyZW50YS5kZQ== x-amzn-requestid 0c7c98d7-80f1-45b0-b6c5-106b1cc795a0 x-amz-apigw-id G1i2YGDCGjQFgFw= x-amzn-trace-id Root=1-615ee4f5-5bf90880210fd1840aa1705a;Sampled=0
GET H/1.1	200 OK	Primary Request PS-615ee4fbe4afd Show response cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/ Redirect Chain https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/$&uTt972STTQwmYia4kU6JI9mG78KjdG10M856f1IRpRsv0xW6Fv7ygw8lqjxzkNwljIETgpj3mUQAP0UuxIeOMFPEe... https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd	38 KB 3 KB	230ms 230ms	Document text/html	45.42.200.70 AS40676
General Check archive.org Show headers Download Go to Full URL https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Requested by Host: xsqk2.triedmetals.com URL: https://xsqk2.triedmetals.com/bWljaGFlbC5oYWxmbWFubkBjdXJyZW50YS5kZQ== Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.42.200.70 Los Angeles, United States, ASN40676 (AS40676, US), Reverse DNS Software Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips / PHP/7.2.0 Resource Hash `528716f704a3bcd31e288fd946007c1e0530b2fd73c6435d73669fd37afc1201` Request headers Host cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer https://xsqk2.triedmetals.com/ Accept-Encoding gzip, deflate, br Cookie PHPSESSID=49950etbvm7csgn5e7r3ef9030 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://xsqk2.triedmetals.com/bWljaGFlbC5oYWxmbWFubkBjdXJyZW50YS5kZQ== Response headers Date Thu, 07 Oct 2021 12:15:56 GMT Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips X-Powered-By PHP/7.2.0 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 Pragma no-cache Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 3007 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html; charset=UTF-8 Redirect headers Date Thu, 07 Oct 2021 12:15:52 GMT Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips X-Powered-By PHP/7.2.0 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 Pragma no-cache Set-Cookie PHPSESSID=49950etbvm7csgn5e7r3ef9030; path=/ Location ./PS-615ee4fbe4afd Vary User-Agent Content-Length 0 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	f94eb5e72d08d2cee4288ec8d699a6921f80b452e3354 cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/APP-OUUH8W/	103 KB 18 KB	160ms 160ms	Stylesheet text/css	45.42.200.70 AS40676
General Check archive.org Show headers Download Go to Full URL https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/APP-OUUH8W/f94eb5e72d08d2cee4288ec8d699a6921f80b452e3354 Requested by Host: cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph URL: https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.42.200.70 Los Angeles, United States, ASN40676 (AS40676, US), Reverse DNS Software Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips / Resource Hash `a7057bebfff43e7281ca31da00d40bd88c8d02d1576b9c45891dd56a3853269a` Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode no-cors Accept text/css,/;q=0.1 Cache-Control no-cache Sec-Fetch-Dest style Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Cookie PHPSESSID=49950etbvm7csgn5e7r3ef9030 Connection keep-alive Accept-Language de-DE,de;q=0.9 Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 07 Oct 2021 12:15:56 GMT Content-Encoding gzip Last-Modified Fri, 20 Aug 2021 19:23:18 GMT Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips ETag "19b99-5ca0299861580-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 18548
GET H/1.1	200 OK	052928932442cb213d5aed958ec6e8eeebd6490f48f87 cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/o/	4 KB 2 KB	475ms 165ms	Image image/svg+xml	45.42.200.70 AS40676
General Check archive.org Show headers Download Go to Show image Full URL https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/o/052928932442cb213d5aed958ec6e8eeebd6490f48f87 Requested by Host: cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph URL: https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.42.200.70 Los Angeles, United States, ASN40676 (AS40676, US), Reverse DNS Software Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips / Resource Hash `04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a` Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode no-cors Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Cache-Control* no-cache Sec-Fetch-Dest image Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Cookie PHPSESSID=49950etbvm7csgn5e7r3ef9030 Connection keep-alive Accept-Language de-DE,de;q=0.9 Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 07 Oct 2021 12:15:56 GMT Content-Encoding gzip Last-Modified Sat, 23 Nov 2019 23:10:04 GMT Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips ETag "e43-5980ba16eab00-gzip" Vary Accept-Encoding,User-Agent Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1435
GET H/1.1	200 OK	a28d9e93645808095f4edb2f8812275ceec9236d44bee cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/e/	513 B 646 B	474ms 166ms	Image image/svg+xml	45.42.200.70 AS40676
General Check archive.org Show headers Download Go to Show image Full URL https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/e/a28d9e93645808095f4edb2f8812275ceec9236d44bee Requested by Host: cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph URL: https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.42.200.70 Los Angeles, United States, ASN40676 (AS40676, US), Reverse DNS Software Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips / Resource Hash `34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58` Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode no-cors Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Cache-Control* no-cache Sec-Fetch-Dest image Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Cookie PHPSESSID=49950etbvm7csgn5e7r3ef9030 Connection keep-alive Accept-Language de-DE,de;q=0.9 Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 07 Oct 2021 12:15:56 GMT Content-Encoding gzip Last-Modified Sun, 24 Nov 2019 06:44:20 GMT Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips ETag "201-59811fa043900-gzip" Vary Accept-Encoding,User-Agent Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 276
GET H/1.1	200 OK	590ea96280c3e7df52e4e93b4422f8491e8d6d5ec8b82 Show response cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/jq/	84 KB 29 KB	463ms 158ms	Script application/javascript	45.42.200.70 AS40676
General Check archive.org Show headers Download Go to Full URL https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/jq/590ea96280c3e7df52e4e93b4422f8491e8d6d5ec8b82 Requested by Host: cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph URL: https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.42.200.70 Los Angeles, United States, ASN40676 (AS40676, US), Reverse DNS Software Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips / Resource Hash `05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e` Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode no-cors Accept / Cache-Control no-cache Sec-Fetch-Dest script Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Cookie PHPSESSID=49950etbvm7csgn5e7r3ef9030 Connection keep-alive Accept-Language de-DE,de;q=0.9 Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 07 Oct 2021 12:15:56 GMT Content-Encoding gzip Last-Modified Mon, 17 May 2021 20:23:14 GMT Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips ETag "14e4a-5c28c5cf01080-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 29822
GET H/1.1	200 OK	0c7286dc54f55304eea2849be61e9d92e2e9288b384fd Show response cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/boot/	50 KB 14 KB	468ms 162ms	Script application/javascript	45.42.200.70 AS40676
General Check archive.org Show headers Download Go to Full URL https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/boot/0c7286dc54f55304eea2849be61e9d92e2e9288b384fd Requested by Host: cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph URL: https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.42.200.70 Los Angeles, United States, ASN40676 (AS40676, US), Reverse DNS Software Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips / Resource Hash `56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4` Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode no-cors Accept / Cache-Control no-cache Sec-Fetch-Dest script Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Cookie PHPSESSID=49950etbvm7csgn5e7r3ef9030 Connection keep-alive Accept-Language de-DE,de;q=0.9 Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 07 Oct 2021 12:15:56 GMT Content-Encoding gzip Last-Modified Mon, 17 May 2021 20:23:24 GMT Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips ETag "c75f-5c28c5d88a700-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 14085
GET H/1.1	200 OK	5eecb449485e263b20a014e8d5836ddf229ee898c792f Show response cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/jm/	5 KB 2 KB	470ms 163ms	Script application/javascript	45.42.200.70 AS40676
General Check archive.org Show headers Download Go to Full URL https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/jm/5eecb449485e263b20a014e8d5836ddf229ee898c792f Requested by Host: cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph URL: https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.42.200.70 Los Angeles, United States, ASN40676 (AS40676, US), Reverse DNS Software Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips / Resource Hash `fb23209dbc5709c625b8103fdbc6914f5cb8df714c88e4dbc99f22cd18ebcde7` Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode no-cors Accept / Cache-Control no-cache Sec-Fetch-Dest script Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Cookie PHPSESSID=49950etbvm7csgn5e7r3ef9030 Connection keep-alive Accept-Language de-DE,de;q=0.9 Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 07 Oct 2021 12:15:56 GMT Content-Encoding gzip Last-Modified Fri, 03 Sep 2021 22:38:14 GMT Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips ETag "121c-5cb1ef4702180-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1260
GET H/1.1	200 OK	api-e5c950c38ee4e7894d3addf28e28e22446012b98b6f95 cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/	2 KB 2 KB	2304ms 2304ms	Image image/jpeg	45.42.200.70 AS40676
General Check archive.org Show headers Download Go to Show image Full URL https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/api-e5c950c38ee4e7894d3addf28e28e22446012b98b6f95?email=michael.halfmann@currenta.de&data=logo Requested by Host: cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph URL: https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.42.200.70 Los Angeles, United States, ASN40676 (AS40676, US), Reverse DNS Software Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips / PHP/7.2.0 Resource Hash `175986272200fb72da9a598d30016bbda9ddcaa9e6e3f07eb94bc74196d4b805` Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode no-cors Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Cache-Control* no-cache Sec-Fetch-Dest image Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Cookie PHPSESSID=49950etbvm7csgn5e7r3ef9030 Connection keep-alive Accept-Language de-DE,de;q=0.9 Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Pragma no-cache Date Thu, 07 Oct 2021 12:15:56 GMT Content-Encoding gzip Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips X-Powered-By PHP/7.2.0 Vary Accept-Encoding,User-Agent Content-Type image/jpeg; Cache-Control no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 1261 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	api-6955842b42d8723d00e9b94ca3812fee8e9e62cf4ed85 cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/	299 KB 290 KB	1031ms 1031ms	Image image/jpeg	45.42.200.70 AS40676
General Check archive.org Show headers Download Go to Show image Full URL https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/api-6955842b42d8723d00e9b94ca3812fee8e9e62cf4ed85?email=michael.halfmann@currenta.de&data=background Requested by Host: cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph URL: https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.42.200.70 Los Angeles, United States, ASN40676 (AS40676, US), Reverse DNS Software Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips / PHP/7.2.0 Resource Hash `345f500582fb5cfc20df5426c6b54bb0bcaa62eb0249a4a661dc9716a9edc006` Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode no-cors Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Cache-Control* no-cache Sec-Fetch-Dest image Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd Cookie PHPSESSID=49950etbvm7csgn5e7r3ef9030 Connection keep-alive Accept-Language de-DE,de;q=0.9 Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ee4fbe4afd User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Pragma no-cache Date Thu, 07 Oct 2021 12:15:56 GMT Content-Encoding gzip Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips X-Powered-By PHP/7.2.0 Vary Accept-Encoding,User-Agent Content-Type image/jpeg; Cache-Control no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 Transfer-Encoding chunked Connection Keep-Alive Keep-Alive timeout=5, max=99 Expires Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/	1969-12-31 23:59:59	Name: PHPSESSID Value: 49950etbvm7csgn5e7r3ef9030

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph
nt.embluemail.com
xsqk2.triedmetals.com
45.42.200.70
54.233.228.78
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
175986272200fb72da9a598d30016bbda9ddcaa9e6e3f07eb94bc74196d4b805
345f500582fb5cfc20df5426c6b54bb0bcaa62eb0249a4a661dc9716a9edc006
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
528716f704a3bcd31e288fd946007c1e0530b2fd73c6435d73669fd37afc1201
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
a7057bebfff43e7281ca31da00d40bd88c8d02d1576b9c45891dd56a3853269a
fb23209dbc5709c625b8103fdbc6914f5cb8df714c88e4dbc99f22cd18ebcde7

cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Open in urlscan Pro 45.42.200.70 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

1 IPs

2 Countries

363 kBTransfer

606 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

Indicators

cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Open in urlscan Pro
45.42.200.70 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

363 kB
Transfer

606 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!