cochiseaz.buzz - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 2606:4700:3036::6812:20c2, located in United States and belongs to CLOUDFLARENET, US. The main domain is cochiseaz.buzz.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on April 2nd 2020. Valid for: 6 months.

This is the only time cochiseaz.buzz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

	IP Address		AS Autonomous System
1 6	2606:4700:303... 2606:4700:3036::6812:20c2		13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	1

6 2606:4700:3036::6812:20c2 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cochiseaz.buzz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	cochiseaz.buzz 1 redirects cochiseaz.buzz	275 KB
5	1

	Domain	Requested by
6	cochiseaz.buzz	1 redirects cochiseaz.buzz
5	1

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2020-04-02` - `2020-10-09`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://cochiseaz.buzz//fil/login/index1.php?sslchannel=true&sessionid=6lerERgVdubsmaUKU97pb64OHOMAXIR436vHYMCbgOEDZyoUHvjTCnIjcvUadMegTKYRwB2MqHpqfNkXjEQW2yfe3aohWDyPoxHU8KHzr70HVkEfZub13rg7BEoyiXoGu5
Frame ID: D72881A669524D8CE616007A7D4B90F6
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://cochiseaz.buzz//fil/login/index.php HTTP 302
https://cochiseaz.buzz//fil/login/index1.php?sslchannel=true&sessionid=6lerERgVdubsmaUKU97pb64OHOMA... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

5
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

274 kB
Transfer

398 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cochiseaz.buzz//fil/login/index.php HTTP 302
https://cochiseaz.buzz//fil/login/index1.php?sslchannel=true&sessionid=6lerERgVdubsmaUKU97pb64OHOMAXIR436vHYMCbgOEDZyoUHvjTCnIjcvUadMegTKYRwB2MqHpqfNkXjEQW2yfe3aohWDyPoxHU8KHzr70HVkEfZub13rg7BEoyiXoGu5 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index1.php Show response cochiseaz.buzz//fil/login/ Redirect Chain https://cochiseaz.buzz//fil/login/index.php https://cochiseaz.buzz//fil/login/index1.php?sslchannel=true&sessionid=6lerERgVdubsmaUKU97pb64OHOMAXIR436vHYMCbgOEDZyoUHvjTCnIjcvUadMegTKYRwB2MqHpqfNkXjEQW2yfe3aohWDyPoxHU8KHzr70HVkEfZub13rg7BEoyiX...	26 KB 4 KB	243ms 242ms	Document text/html	2606:4700:3036::6812:20c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cochiseaz.buzz//fil/login/index1.php?sslchannel=true&sessionid=6lerERgVdubsmaUKU97pb64OHOMAXIR436vHYMCbgOEDZyoUHvjTCnIjcvUadMegTKYRwB2MqHpqfNkXjEQW2yfe3aohWDyPoxHU8KHzr70HVkEfZub13rg7BEoyiXoGu5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6812:20c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `78ab07e65f7393317a33a3b4bbd57ab17ec823ed9596eada5a8c89dd3ed6d40e` Request headers :method GET :authority cochiseaz.buzz :scheme https :path //fil/login/index1.php?sslchannel=true&sessionid=6lerERgVdubsmaUKU97pb64OHOMAXIR436vHYMCbgOEDZyoUHvjTCnIjcvUadMegTKYRwB2MqHpqfNkXjEQW2yfe3aohWDyPoxHU8KHzr70HVkEfZub13rg7BEoyiXoGu5 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-dest document accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 accept-encoding gzip, deflate, br accept-language en-US cookie __cfduid=de5b5e8a2ccdf07c535488be613823e141585856948 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Response headers status 200 date Thu, 02 Apr 2020 19:49:09 GMT content-type text/html; charset=UTF-8 cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 57dd124cee35d6c9-FRA content-encoding br Redirect headers status 302 date Thu, 02 Apr 2020 19:49:09 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=de5b5e8a2ccdf07c535488be613823e141585856948; expires=Sat, 02-May-20 19:49:08 GMT; path=/; domain=.cochiseaz.buzz; HttpOnly; SameSite=Lax; Secure location index1.php?sslchannel=true&sessionid=6lerERgVdubsmaUKU97pb64OHOMAXIR436vHYMCbgOEDZyoUHvjTCnIjcvUadMegTKYRwB2MqHpqfNkXjEQW2yfe3aohWDyPoxHU8KHzr70HVkEfZub13rg7BEoyiXoGu5 cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 57dd124a1d31d6c9-FRA
GET H2	200	Converged_v22057.css cochiseaz.buzz//fil/login/assets/files/	119 KB 16 KB	40ms 40ms	Stylesheet text/css	2606:4700:3036::6812:20c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cochiseaz.buzz//fil/login/assets/files/Converged_v22057.css Requested by Host: cochiseaz.buzz URL: https://cochiseaz.buzz//fil/login/index1.php?sslchannel=true&sessionid=6lerERgVdubsmaUKU97pb64OHOMAXIR436vHYMCbgOEDZyoUHvjTCnIjcvUadMegTKYRwB2MqHpqfNkXjEQW2yfe3aohWDyPoxHU8KHzr70HVkEfZub13rg7BEoyiXoGu5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6812:20c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `956ef60afdc6852f81e812660517c930aae2b934832425ac86123809d21f9eb7` Request headers Referer https://cochiseaz.buzz//fil/login/index1.php?sslchannel=true&sessionid=6lerERgVdubsmaUKU97pb64OHOMAXIR436vHYMCbgOEDZyoUHvjTCnIjcvUadMegTKYRwB2MqHpqfNkXjEQW2yfe3aohWDyPoxHU8KHzr70HVkEfZub13rg7BEoyiXoGu5 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers date Thu, 02 Apr 2020 19:49:09 GMT content-encoding br cf-cache-status HIT last-modified Tue, 21 Jan 2020 02:37:22 GMT server cloudflare age 6450 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control max-age=14400 cf-ray 57dd124e6acfd6c9-FRA
GET H2	200	office365.png cochiseaz.buzz//fil/login/assets/files/	25 KB 25 KB	60ms 19ms	Image image/png	2606:4700:3036::6812:20c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cochiseaz.buzz//fil/login/assets/files/office365.png Requested by Host: cochiseaz.buzz URL: https://cochiseaz.buzz//fil/login/index1.php?sslchannel=true&sessionid=6lerERgVdubsmaUKU97pb64OHOMAXIR436vHYMCbgOEDZyoUHvjTCnIjcvUadMegTKYRwB2MqHpqfNkXjEQW2yfe3aohWDyPoxHU8KHzr70HVkEfZub13rg7BEoyiXoGu5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6812:20c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8ae79a4d18eea420af0fd562d43879b569bbd2c622da6deba79f6c202e385361` Request headers Referer https://cochiseaz.buzz//fil/login/index1.php?sslchannel=true&sessionid=6lerERgVdubsmaUKU97pb64OHOMAXIR436vHYMCbgOEDZyoUHvjTCnIjcvUadMegTKYRwB2MqHpqfNkXjEQW2yfe3aohWDyPoxHU8KHzr70HVkEfZub13rg7BEoyiXoGu5 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Thu, 02 Apr 2020 19:49:09 GMT cf-cache-status HIT last-modified Mon, 18 Mar 2019 09:22:32 GMT server cloudflare age 6450 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control max-age=14400 accept-ranges bytes cf-ray 57dd124eabb3d6c9-FRA content-length 25171
GET H2	200	0-smaill.jpg cochiseaz.buzz//fil/login/assets/files/	11 KB 11 KB	32ms 32ms	Image image/jpeg	2606:4700:3036::6812:20c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cochiseaz.buzz//fil/login/assets/files/0-smaill.jpg Requested by Host: cochiseaz.buzz URL: https://cochiseaz.buzz//fil/login/index1.php?sslchannel=true&sessionid=6lerERgVdubsmaUKU97pb64OHOMAXIR436vHYMCbgOEDZyoUHvjTCnIjcvUadMegTKYRwB2MqHpqfNkXjEQW2yfe3aohWDyPoxHU8KHzr70HVkEfZub13rg7BEoyiXoGu5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6812:20c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://cochiseaz.buzz//fil/login/index1.php?sslchannel=true&sessionid=6lerERgVdubsmaUKU97pb64OHOMAXIR436vHYMCbgOEDZyoUHvjTCnIjcvUadMegTKYRwB2MqHpqfNkXjEQW2yfe3aohWDyPoxHU8KHzr70HVkEfZub13rg7BEoyiXoGu5 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Thu, 02 Apr 2020 19:49:09 GMT cf-cache-status HIT last-modified Mon, 18 Mar 2019 09:22:34 GMT server cloudflare age 4028 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control max-age=14400 accept-ranges bytes cf-ray 57dd124ebbfed6c9-FRA content-length 11326
GET H2	200	bgoffice.jpg cochiseaz.buzz//fil/login/assets/files/	218 KB 218 KB	26ms 25ms	Image image/jpeg	2606:4700:3036::6812:20c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cochiseaz.buzz//fil/login/assets/files/bgoffice.jpg Requested by Host: cochiseaz.buzz URL: https://cochiseaz.buzz//fil/login/index1.php?sslchannel=true&sessionid=6lerERgVdubsmaUKU97pb64OHOMAXIR436vHYMCbgOEDZyoUHvjTCnIjcvUadMegTKYRwB2MqHpqfNkXjEQW2yfe3aohWDyPoxHU8KHzr70HVkEfZub13rg7BEoyiXoGu5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6812:20c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `aa675d8529ae96398122a352b927022cc2adebb580c7dca024f7004bcacbb6c1` Request headers Referer https://cochiseaz.buzz//fil/login/index1.php?sslchannel=true&sessionid=6lerERgVdubsmaUKU97pb64OHOMAXIR436vHYMCbgOEDZyoUHvjTCnIjcvUadMegTKYRwB2MqHpqfNkXjEQW2yfe3aohWDyPoxHU8KHzr70HVkEfZub13rg7BEoyiXoGu5 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Thu, 02 Apr 2020 19:49:09 GMT cf-cache-status HIT last-modified Mon, 18 Mar 2019 09:22:32 GMT server cloudflare age 4028 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control max-age=14400 accept-ranges bytes cf-ray 57dd124ebc01d6c9-FRA content-length 222753

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.cochiseaz.buzz/	1970-01-19 09:14:08	Name: __cfduid Value: de5b5e8a2ccdf07c535488be613823e141585856948

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cochiseaz.buzz
2606:4700:3036::6812:20c2
78ab07e65f7393317a33a3b4bbd57ab17ec823ed9596eada5a8c89dd3ed6d40e
8ae79a4d18eea420af0fd562d43879b569bbd2c622da6deba79f6c202e385361
956ef60afdc6852f81e812660517c930aae2b934832425ac86123809d21f9eb7
aa675d8529ae96398122a352b927022cc2adebb580c7dca024f7004bcacbb6c1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

cochiseaz.buzz Open in urlscan Pro 2606:4700:3036::6812:20c2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

274 kBTransfer

398 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

Indicators

cochiseaz.buzz Open in urlscan Pro
2606:4700:3036::6812:20c2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

274 kB
Transfer

398 kB
Size

1
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!