urlscan.io logo urlscan.io
SecurityTrails logo

check-info-session96.ga Open in urlscan Pro
89.40.4.76  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://monzywui.gq/sets
Effective URL: http://check-info-session96.ga/
Submission Tags: https://phish.report @phish_report Search All
Submission: On June 22 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 6 HTTP transactions. The main IP is 89.40.4.76, located in Vilnius, Lithuania and belongs to INTERNETO-VIZIJA, LT. The main domain is check-info-session96.ga.
This is the only time check-info-session96.ga was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 162.240.68.177 46606 (UNIFIEDLA...)
1 89.40.4.76 212531 (INTERNETO...)
5 2a02:26f0:ef:... 20940 (AKAMAI-ASN1)
6 3
Apex Domain
Subdomains		 Transfer
5 office365.com
r4.res.office365.com — Cisco Umbrella Rank: 140
646 KB
1 check-info-session96.ga
check-info-session96.ga
482 KB
1 monzywui.gq
monzywui.gq
100 B
6 3
Domain Requested by
5 r4.res.office365.com srcdoc
1 check-info-session96.ga
1 monzywui.gq 1 redirects
6 3

This site contains links to these domains. Also see Links.

Domain
outlook.office365.com
www.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
*.res.outlook.com
Microsoft RSA TLS CA 01		 2022-06-02 -
2023-06-02		 a year crt.sh

This page contains 2 frames:

Primary Page: http://check-info-session96.ga/
Frame ID: 4A066E8DFE333B7F8175C807A7B46D79
Requests: 6 HTTP requests in this frame

Frame: https://r4.res.office365.com/owa/prem/15.20.4628.16/scripts/boot.worldwide.0.mouse.js
Frame ID: E756E28629BC10B658D43520204D82D7
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Aanmelden bij Outlook

Page URL History Show full URLs

  1. https://monzywui.gq/sets HTTP 302
    http://check-info-session96.ga/ Page URL

Page Statistics

6
Requests

83 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

1128 kB
Transfer

3094 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://monzywui.gq/sets HTTP 302
    http://check-info-session96.ga/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
check-info-session96.ga/
Redirect Chain
  • https://monzywui.gq/sets
  • http://check-info-session96.ga/
481 KB
482 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://check-info-session96.ga/
Protocol
HTTP/1.1
Server
89.40.4.76 Vilnius, Lithuania, ASN212531 (INTERNETO-VIZIJA, LT),
Reverse DNS
support-noreply0.com
Software
Apache /
Resource Hash
ffb864693485045976355c2be16774c6f9a2e8472db575cbc8da15290d55a4c4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Wed, 22 Jun 2022 11:27:26 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Transfer-Encoding
chunked

Redirect headers

content-length
215
content-type
text/html; charset=iso-8859-1
date
Wed, 22 Jun 2022 11:27:25 GMT
location
http://check-info-session96.ga/
server
Apache
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
http://check-info-session96.ga/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		987 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
http://check-info-session96.ga/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		17 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
http://check-info-session96.ga/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
http://check-info-session96.ga/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
http://check-info-session96.ga/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type
image/svg+xml
boot.worldwide.0.mouse.js
r4.res.office365.com/owa/prem/15.20.4628.16/scripts/ Frame E756 		648 KB
176 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.4628.16/scripts/boot.worldwide.0.mouse.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:ef:285::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
331d8bdccc50291d6598c40a737eae1fc20e5072005e22c88a7f84be94fdbfc1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 11:27:29 GMT
content-encoding
gzip
last-modified
Tue, 19 Oct 2021 11:41:23 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
timing-allow-origin
*
boot.worldwide.1.mouse.js
r4.res.office365.com/owa/prem/15.20.4628.16/scripts/ Frame E756 		644 KB
160 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.4628.16/scripts/boot.worldwide.1.mouse.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:ef:285::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9e2fa5b1c0ba4c91d9afc33f57886a37ad853ed1a4ebb3e302ff36a416c73d04
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 11:27:27 GMT
content-encoding
gzip
last-modified
Tue, 19 Oct 2021 11:41:19 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
timing-allow-origin
*
boot.worldwide.2.mouse.js
r4.res.office365.com/owa/prem/15.20.4628.16/scripts/ Frame E756 		647 KB
166 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.4628.16/scripts/boot.worldwide.2.mouse.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:ef:285::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
57c47f2938f0311134363cf0fec95f3e8f5575e4f486dd680fa8f027a26abd30
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 11:27:28 GMT
content-encoding
gzip
last-modified
Tue, 19 Oct 2021 11:41:24 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
timing-allow-origin
*
boot.worldwide.3.mouse.js
r4.res.office365.com/owa/prem/15.20.4628.16/scripts/ Frame E756 		645 KB
143 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.4628.16/scripts/boot.worldwide.3.mouse.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:ef:285::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
097f6b7c88e9a0080fe0a80700d9e903c3a0e5332960f9e5c5547e173b653eb4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 11:27:28 GMT
content-encoding
gzip
last-modified
Tue, 19 Oct 2021 11:41:20 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
timing-allow-origin
*
sprite1.mouse.png
r4.res.office365.com/owa/prem/15.20.4628.16/resources/images/0/ Frame E756 		132 B
336 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r4.res.office365.com/owa/prem/15.20.4628.16/resources/images/0/sprite1.mouse.png
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:ef:285::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
3ab09a213eedd51a0eb0e4bc5e6e96c472032dd937420e7e233ea54775c7e024
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 11:27:27 GMT
last-modified
Tue, 19 Oct 2021 11:52:19 GMT
server
AkamaiNetStorage
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=630720000, s-maxage=630720000
accept-ranges
bytes
timing-allow-origin
*
content-length
132

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| savepage_ShadowLoader

0 Cookies