musciasen.cf Open in urlscan Pro
188.241.58.17 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://musciasen.cf/invoice/
Submission: On August 08 via automatic, source openphish (August 8th 2019, 12:39:05 am UTC)

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 188.241.58.17, located in Romania and belongs to THCPROJECTS, RO. The main domain is musciasen.cf.

This is the only time musciasen.cf was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Adobe (Consumer)

Domain & IP information

	IP Address		AS Autonomous System
1 9	188.241.58.17 188.241.58.17		51177 (THCPROJECTS) (THCPROJECTS)
8	2

9 188.241.58.17 (Romania) 1 redirects

ASN51177 (THCPROJECTS, RO)
PTR: s07-58-17.thcservers.com

musciasen.cf	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	musciasen.cf 1 redirects musciasen.cf	230 KB
8	1

	Domain	Requested by
9	musciasen.cf	1 redirects musciasen.cf
8	1

This site contains no links.

Subject Issuer	Validity	Valid
	`1970-01-01` - `1970-01-01`	a few seconds	crt.sh

This page contains 1 frames:

Primary Page: http://musciasen.cf/invoice/
Frame ID: 6CBF8A34D0EFD6D04A71B35EAC1B36B4
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://musciasen.cf/invoice HTTP 301
http://musciasen.cf/invoice/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

8
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

230 kB
Transfer

783 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://musciasen.cf/invoice HTTP 301
http://musciasen.cf/invoice/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response musciasen.cf/invoice/ Redirect Chain http://musciasen.cf/invoice http://musciasen.cf/invoice/	466 KB 227 KB	202ms 201ms	Document text/html	188.241.58.17 THCPROJECTS
General Check archive.org Show headers Download Go to Full URL http://musciasen.cf/invoice/ Protocol HTTP/1.1 Server 188.241.58.17 , Romania, ASN51177 (THCPROJECTS, RO), Reverse DNS s07-58-17.thcservers.com Software Apache / Resource Hash `dc7068a683afc10ae9172ee226f464d498ccac2086a35e3fe91ea233e7603f6e` Request headers Host musciasen.cf Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 08 Aug 2019 00:38:47 GMT Server Apache Accept-Ranges bytes X-Mod-Pagespeed 1.13.35.2-0 Vary Accept-Encoding Content-Encoding gzip Cache-Control max-age=0, no-cache Keep-Alive timeout=5, max=99 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Date Thu, 08 Aug 2019 00:38:47 GMT Server Apache Location http://musciasen.cf/invoice/ Content-Length 236 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=iso-8859-1
GET DATA	200 OK	truncated /	93 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d2f8c9f211dc0c923d87bdf912ba6d02309055f3b24159becdf6ab8e003c5dfa` Request headers Referer http://musciasen.cf/invoice/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/jpeg
GET H/1.1	404 Not Found	notice-error.png musciasen.cf/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	392 B 392 B	160ms 111ms	Image text/html	188.241.58.17 THCPROJECTS
General Check archive.org Show headers Download Go to Show image Full URL http://musciasen.cf/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-error.png Requested by Host: musciasen.cf URL: http://musciasen.cf/invoice/ Protocol HTTP/1.1 Security , , Server 188.241.58.17 , Romania, ASN51177 (THCPROJECTS, RO), Reverse DNS s07-58-17.thcservers.com Software Apache / Resource Hash `4489d1ed3ee92396e8d7e4ddc1454e86bd93b25d890545d0cc692d75ea3757e3` Request headers Referer http://musciasen.cf/invoice/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 08 Aug 2019 00:38:47 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 392 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	notice-info.png musciasen.cf/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	391 B 391 B	279ms 140ms	Image text/html	188.241.58.17 THCPROJECTS
General Check archive.org Show headers Download Go to Show image Full URL http://musciasen.cf/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-info.png Requested by Host: musciasen.cf URL: http://musciasen.cf/invoice/ Protocol HTTP/1.1 Security , , Server 188.241.58.17 , Romania, ASN51177 (THCPROJECTS, RO), Reverse DNS s07-58-17.thcservers.com Software Apache / Resource Hash `929484b93187a3fb618c125f1d9630431bb518b6e365a0d11bfde17c8973da56` Request headers Referer http://musciasen.cf/invoice/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 08 Aug 2019 00:38:47 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 391 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	notice-success.png musciasen.cf/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	394 B 394 B	373ms 108ms	Image text/html	188.241.58.17 THCPROJECTS
General Check archive.org Show headers Download Go to Show image Full URL http://musciasen.cf/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-success.png Requested by Host: musciasen.cf URL: http://musciasen.cf/invoice/ Protocol HTTP/1.1 Security , , Server 188.241.58.17 , Romania, ASN51177 (THCPROJECTS, RO), Reverse DNS s07-58-17.thcservers.com Software Apache / Resource Hash `60862b82c7e125c4db60e5435cb08f34ace4d33b2b292d00945e8341ec74e979` Request headers Referer http://musciasen.cf/invoice/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 08 Aug 2019 00:38:47 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 394 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	warning.png musciasen.cf/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	387 B 387 B	391ms 112ms	Image text/html	188.241.58.17 THCPROJECTS
General Check archive.org Show headers Download Go to Show image Full URL http://musciasen.cf/cPanel_magic_revision_1352765682/unprotected/cpanel/images/warning.png Requested by Host: musciasen.cf URL: http://musciasen.cf/invoice/ Protocol HTTP/1.1 Security , , Server 188.241.58.17 , Romania, ASN51177 (THCPROJECTS, RO), Reverse DNS s07-58-17.thcservers.com Software Apache / Resource Hash `6258d2bbc1b179630ad5d047038ae4e2eb85313ff4419b10e12532f0564c5cef` Request headers Referer http://musciasen.cf/invoice/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 08 Aug 2019 00:38:47 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=97 Content-Length 387 Content-Type text/html; charset=iso-8859-1
GET DATA	200 OK	truncated /	150 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e21e90cb1240588a16a64b87da2853a3c1c0608279bc22cdf1e8ff41795848e1` Request headers Referer http://musciasen.cf/invoice/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	71 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4cf0818dd9010568437158677180d8aa461ec9c52770ee6cef771b5f6d01f3c1` Request headers Referer http://musciasen.cf/invoice/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	404 Not Found	icon-username.png musciasen.cf/cPanel_magic_revision_1335428098/unprotected/cpanel/images/	393 B 393 B	327ms 101ms	Image text/html	188.241.58.17 THCPROJECTS
General Check archive.org Show headers Download Go to Show image Full URL http://musciasen.cf/cPanel_magic_revision_1335428098/unprotected/cpanel/images/icon-username.png Requested by Host: musciasen.cf URL: http://musciasen.cf/invoice/ Protocol HTTP/1.1 Security , , Server 188.241.58.17 , Romania, ASN51177 (THCPROJECTS, RO), Reverse DNS s07-58-17.thcservers.com Software Apache / Resource Hash `296d20a427262e3227e646f31db9175130f9de90649fca27bce1ca304be14677` Request headers Referer http://musciasen.cf/invoice/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 08 Aug 2019 00:38:48 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=97 Content-Length 393 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	icon-password.png musciasen.cf/cPanel_magic_revision_1335428098/unprotected/cpanel/images/	393 B 393 B	350ms 106ms	Image text/html	188.241.58.17 THCPROJECTS
General Check archive.org Show headers Download Go to Show image Full URL http://musciasen.cf/cPanel_magic_revision_1335428098/unprotected/cpanel/images/icon-password.png Requested by Host: musciasen.cf URL: http://musciasen.cf/invoice/ Protocol HTTP/1.1 Security , , Server 188.241.58.17 , Romania, ASN51177 (THCPROJECTS, RO), Reverse DNS s07-58-17.thcservers.com Software Apache / Resource Hash `7fe8838949dba24995ef36e23cb6affa0070bf31bf111f3e656ca17c7212efd8` Request headers Referer http://musciasen.cf/invoice/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 08 Aug 2019 00:38:48 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=96 Content-Length 393 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	cpanel-logo-tiny.png musciasen.cf/cPanel_magic_revision_1352765682/unprotected/cpanel/images/	396 B 396 B	111ms 104ms	Image text/html	188.241.58.17 THCPROJECTS
General Check archive.org Show headers Download Go to Show image Full URL http://musciasen.cf/cPanel_magic_revision_1352765682/unprotected/cpanel/images/cpanel-logo-tiny.png Requested by Host: musciasen.cf URL: http://musciasen.cf/invoice/ Protocol HTTP/1.1 Security , , Server 188.241.58.17 , Romania, ASN51177 (THCPROJECTS, RO), Reverse DNS s07-58-17.thcservers.com Software Apache / Resource Hash `196f27d472db8c5bfd8bc6c51f2f28a2a68e3e1501d3c3caa9cc5af5caf177da` Request headers Referer http://musciasen.cf/invoice/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 08 Aug 2019 00:38:47 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 396 Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Adobe (Consumer)

48 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

musciasen.cf
188.241.58.17
196f27d472db8c5bfd8bc6c51f2f28a2a68e3e1501d3c3caa9cc5af5caf177da
296d20a427262e3227e646f31db9175130f9de90649fca27bce1ca304be14677
4489d1ed3ee92396e8d7e4ddc1454e86bd93b25d890545d0cc692d75ea3757e3
4cf0818dd9010568437158677180d8aa461ec9c52770ee6cef771b5f6d01f3c1
60862b82c7e125c4db60e5435cb08f34ace4d33b2b292d00945e8341ec74e979
6258d2bbc1b179630ad5d047038ae4e2eb85313ff4419b10e12532f0564c5cef
7fe8838949dba24995ef36e23cb6affa0070bf31bf111f3e656ca17c7212efd8
929484b93187a3fb618c125f1d9630431bb518b6e365a0d11bfde17c8973da56
d2f8c9f211dc0c923d87bdf912ba6d02309055f3b24159becdf6ab8e003c5dfa
dc7068a683afc10ae9172ee226f464d498ccac2086a35e3fe91ea233e7603f6e
e21e90cb1240588a16a64b87da2853a3c1c0608279bc22cdf1e8ff41795848e1

musciasen.cf Open in urlscan Pro 188.241.58.17 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

230 kBTransfer

783 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

48 JavaScript Global Variables

0 Cookies

Indicators

musciasen.cf Open in urlscan Pro
188.241.58.17 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

230 kB
Transfer

783 kB
Size

0
Cookies

8 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!