curioustek.com Open in urlscan Pro
116.12.52.40 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://curioustek.com/ShareFiless/SharePointOnline.html
Submission: On November 16 via automatic, source openphish (November 16th 2022, 1:15:05 pm UTC) — Scanned from DE

Summary HTTP 9 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 116.12.52.40, located in Singapore and belongs to EXABYTES-AS-AP Exabytes Network Singapore Pte. Ltd., SG. The main domain is curioustek.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 27th 2022. Valid for: 3 months.

This is the only time curioustek.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sharepoint (Online)

Domain & IP information

	IP Address		AS Autonomous System
9	116.12.52.40 116.12.52.40		38532 (EXABYTES-...) (EXABYTES-AS-AP Exabytes Network Singapore Pte. Ltd.)
9	1

9 116.12.52.40 (Singapore)

ASN38532 (EXABYTES-AS-AP Exabytes Network Singapore Pte. Ltd., SG)
PTR: server.hengrichcapital.com

curioustek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	curioustek.com curioustek.com	233 KB
9	1

	Domain	Requested by
9	curioustek.com	curioustek.com
9	1

This site contains links to these domains. Also see Links.

Domain
http

Subject Issuer	Validity	Valid
curioustek.com cPanel, Inc. Certification Authority	`2022-10-27` - `2023-01-25`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://curioustek.com/ShareFiless/SharePointOnline.html
Frame ID: D7D742F4137EB8EBFFE56148EF02BCBE
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

SharePoint Online

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

233 kB
Transfer

231 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://http//curioustek.com/ShareFiless/ShareFiless/gmilh1.htm

Search URL Search Domain Scan URL

URL: https://http//curioustek.com/ShareFiless/ShareFiless/outlok.htm

Search URL Search Domain Scan URL

URL: https://http//curioustek.com/ShareFiless/ShareFiless/aol.html

Search URL Search Domain Scan URL

URL: https://http//curioustek.com/ShareFiless/ShareFiless/yahoo.htm

Search URL Search Domain Scan URL

URL: https://http//curioustek.com/ShareFiless/ShareFiless/office360.html

Search URL Search Domain Scan URL

URL: https://http//curioustek.com/ShareFiless/ShareFiless/otheremail.html

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request SharePointOnline.html Show response curioustek.com/ShareFiless/	4 KB 4 KB	1263ms 187ms	Document text/html	116.12.52.40 EXABYTES-AS-AP Ex...
General Check archive.org Show headers Download Go to Full URL https://curioustek.com/ShareFiless/SharePointOnline.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 116.12.52.40 , Singapore, ASN38532 (EXABYTES-AS-AP Exabytes Network Singapore Pte. Ltd., SG), Reverse DNS server.hengrichcapital.com Software Apache / Resource Hash `3d2219c375350544bcf9c3eaf4cd1292fec9dbd7ade17ce7e9ba02de170b10fa` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Length 3718 Content-Type text/html Date Wed, 16 Nov 2022 13:14:54 GMT Keep-Alive timeout=5, max=100 Last-Modified Sat, 18 Dec 2021 13:13:26 GMT Server Apache
GET H/1.1	200 OK	jquery.js Show response curioustek.com/ShareFiless/SharePointOnline_files/	84 KB 84 KB	190ms 187ms	Script application/javascript	116.12.52.40 EXABYTES-AS-AP Ex...
General Check archive.org Show headers Download Go to Full URL https://curioustek.com/ShareFiless/SharePointOnline_files/jquery.js Requested by Host: curioustek.com URL: https://curioustek.com/ShareFiless/SharePointOnline.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 116.12.52.40 , Singapore, ASN38532 (EXABYTES-AS-AP Exabytes Network Singapore Pte. Ltd., SG), Reverse DNS server.hengrichcapital.com Software Apache / Resource Hash `05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e` Request headers accept-language de-DE,de;q=0.9 Referer https://curioustek.com/ShareFiless/SharePointOnline.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Wed, 16 Nov 2022 13:14:54 GMT Last-Modified Tue, 07 Dec 2021 08:57:54 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 85578
GET H/1.1	200 OK	bckg.png curioustek.com/ShareFiless/SharePointOnline_files/	72 KB 72 KB	189ms 187ms	Image image/png	116.12.52.40 EXABYTES-AS-AP Ex...
General Check archive.org Show headers Download Go to Show image Full URL https://curioustek.com/ShareFiless/SharePointOnline_files/bckg.png Requested by Host: curioustek.com URL: https://curioustek.com/ShareFiless/SharePointOnline.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 116.12.52.40 , Singapore, ASN38532 (EXABYTES-AS-AP Exabytes Network Singapore Pte. Ltd., SG), Reverse DNS server.hengrichcapital.com Software Apache / Resource Hash `8f5c66ecb9f1969437d351ea275d9c452ca75d5777be77923b37bf4ebd6a5b36` Request headers accept-language de-DE,de;q=0.9 Referer https://curioustek.com/ShareFiless/SharePointOnline.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Wed, 16 Nov 2022 13:14:55 GMT Last-Modified Tue, 07 Dec 2021 08:57:54 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 73787
GET H/1.1	200 OK	ge.png curioustek.com/ShareFiless/SharePointOnline_files/	12 KB 12 KB	188ms 186ms	Image image/png	116.12.52.40 EXABYTES-AS-AP Ex...
General Check archive.org Show headers Download Go to Show image Full URL https://curioustek.com/ShareFiless/SharePointOnline_files/ge.png Requested by Host: curioustek.com URL: https://curioustek.com/ShareFiless/SharePointOnline.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 116.12.52.40 , Singapore, ASN38532 (EXABYTES-AS-AP Exabytes Network Singapore Pte. Ltd., SG), Reverse DNS server.hengrichcapital.com Software Apache / Resource Hash `26ee662f01c59f29db0f73ad9d5e8450b37ec2f0449b28f45b9bcdedc74c900a` Request headers accept-language de-DE,de;q=0.9 Referer https://curioustek.com/ShareFiless/SharePointOnline.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Wed, 16 Nov 2022 13:14:55 GMT Last-Modified Tue, 07 Dec 2021 08:57:54 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 12163
GET H/1.1	200 OK	tlk.png curioustek.com/ShareFiless/SharePointOnline_files/	11 KB 12 KB	553ms 186ms	Image image/png	116.12.52.40 EXABYTES-AS-AP Ex...
General Check archive.org Show headers Download Go to Show image Full URL https://curioustek.com/ShareFiless/SharePointOnline_files/tlk.png Requested by Host: curioustek.com URL: https://curioustek.com/ShareFiless/SharePointOnline.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 116.12.52.40 , Singapore, ASN38532 (EXABYTES-AS-AP Exabytes Network Singapore Pte. Ltd., SG), Reverse DNS server.hengrichcapital.com Software Apache / Resource Hash `5f2714b8642421a8c9ab04aff7a9660297f57662e1bf4eef21ea1ce64addb691` Request headers accept-language de-DE,de;q=0.9 Referer https://curioustek.com/ShareFiless/SharePointOnline.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Wed, 16 Nov 2022 13:14:55 GMT Last-Modified Tue, 07 Dec 2021 08:57:54 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 11713
GET H/1.1	200 OK	ayl.png curioustek.com/ShareFiless/SharePointOnline_files/	11 KB 11 KB	557ms 188ms	Image image/png	116.12.52.40 EXABYTES-AS-AP Ex...
General Check archive.org Show headers Download Go to Show image Full URL https://curioustek.com/ShareFiless/SharePointOnline_files/ayl.png Requested by Host: curioustek.com URL: https://curioustek.com/ShareFiless/SharePointOnline.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 116.12.52.40 , Singapore, ASN38532 (EXABYTES-AS-AP Exabytes Network Singapore Pte. Ltd., SG), Reverse DNS server.hengrichcapital.com Software Apache / Resource Hash `bc5242de0c2098df15d4c39b6a1ab87e7ecab1973f40ea9e9d387892292c4608` Request headers accept-language de-DE,de;q=0.9 Referer https://curioustek.com/ShareFiless/SharePointOnline.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Wed, 16 Nov 2022 13:14:55 GMT Last-Modified Tue, 07 Dec 2021 08:57:54 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 11428
GET H/1.1	200 OK	yhs.png curioustek.com/ShareFiless/SharePointOnline_files/	13 KB 13 KB	554ms 185ms	Image image/png	116.12.52.40 EXABYTES-AS-AP Ex...
General Check archive.org Show headers Download Go to Show image Full URL https://curioustek.com/ShareFiless/SharePointOnline_files/yhs.png Requested by Host: curioustek.com URL: https://curioustek.com/ShareFiless/SharePointOnline.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 116.12.52.40 , Singapore, ASN38532 (EXABYTES-AS-AP Exabytes Network Singapore Pte. Ltd., SG), Reverse DNS server.hengrichcapital.com Software Apache / Resource Hash `3c9065c253123764592e817a61f33c4e1dd3c63cbf9e497f71b23429dfd6919c` Request headers accept-language de-DE,de;q=0.9 Referer https://curioustek.com/ShareFiless/SharePointOnline.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Wed, 16 Nov 2022 13:14:55 GMT Last-Modified Tue, 07 Dec 2021 08:57:54 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 13220
GET H/1.1	200 OK	tfe.png curioustek.com/ShareFiless/SharePointOnline_files/	11 KB 12 KB	556ms 187ms	Image image/png	116.12.52.40 EXABYTES-AS-AP Ex...
General Check archive.org Show headers Download Go to Show image Full URL https://curioustek.com/ShareFiless/SharePointOnline_files/tfe.png Requested by Host: curioustek.com URL: https://curioustek.com/ShareFiless/SharePointOnline.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 116.12.52.40 , Singapore, ASN38532 (EXABYTES-AS-AP Exabytes Network Singapore Pte. Ltd., SG), Reverse DNS server.hengrichcapital.com Software Apache / Resource Hash `7db84bd884a0fdb669aebd4e2e7e3ff0012cc55867ed7fe06fe0e4f9e89fa0c2` Request headers accept-language de-DE,de;q=0.9 Referer https://curioustek.com/ShareFiless/SharePointOnline.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Wed, 16 Nov 2022 13:14:55 GMT Last-Modified Tue, 07 Dec 2021 08:57:54 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 11737
GET H/1.1	200 OK	ther.png curioustek.com/ShareFiless/SharePointOnline_files/	13 KB 13 KB	552ms 187ms	Image image/png	116.12.52.40 EXABYTES-AS-AP Ex...
General Check archive.org Show headers Download Go to Show image Full URL https://curioustek.com/ShareFiless/SharePointOnline_files/ther.png Requested by Host: curioustek.com URL: https://curioustek.com/ShareFiless/SharePointOnline.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 116.12.52.40 , Singapore, ASN38532 (EXABYTES-AS-AP Exabytes Network Singapore Pte. Ltd., SG), Reverse DNS server.hengrichcapital.com Software Apache / Resource Hash `9e267bd431eaae748e3aae26ada2644eae9ead2bee3080ed10efbbc5f2a9e968` Request headers accept-language de-DE,de;q=0.9 Referer https://curioustek.com/ShareFiless/SharePointOnline.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Wed, 16 Nov 2022 13:14:55 GMT Last-Modified Tue, 07 Dec 2021 08:57:54 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 13080

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sharepoint (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| basicPopup function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

curioustek.com
116.12.52.40
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
26ee662f01c59f29db0f73ad9d5e8450b37ec2f0449b28f45b9bcdedc74c900a
3c9065c253123764592e817a61f33c4e1dd3c63cbf9e497f71b23429dfd6919c
3d2219c375350544bcf9c3eaf4cd1292fec9dbd7ade17ce7e9ba02de170b10fa
5f2714b8642421a8c9ab04aff7a9660297f57662e1bf4eef21ea1ce64addb691
7db84bd884a0fdb669aebd4e2e7e3ff0012cc55867ed7fe06fe0e4f9e89fa0c2
8f5c66ecb9f1969437d351ea275d9c452ca75d5777be77923b37bf4ebd6a5b36
9e267bd431eaae748e3aae26ada2644eae9ead2bee3080ed10efbbc5f2a9e968
bc5242de0c2098df15d4c39b6a1ab87e7ecab1973f40ea9e9d387892292c4608

curioustek.com Open in urlscan Pro 116.12.52.40 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

233 kBTransfer

231 kBSize

0 Cookies

6 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

curioustek.com Open in urlscan Pro
116.12.52.40 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

233 kB
Transfer

231 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!