oawesw.igg.biz
Open in
urlscan Pro
93.157.63.185
Malicious Activity!
Public Scan
Effective URL: https://oawesw.igg.biz/zaase=aswzxcs/sa/8814dd300446354c78b8e56008b9600d/?Key=87803495022&rand=13InboxLightaspxn.878034...
Submission: On October 16 via manual from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on September 26th 2018. Valid for: 3 months.
This is the only time oawesw.igg.biz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:10:... 2606:4700:10::6814:da2a | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 5.189.152.42 5.189.152.42 | 51167 (CONTABO) (CONTABO) | |
2 8 | 93.157.63.185 93.157.63.185 | 43350 (NFORCE) (NFORCE) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 2a02:26f0:6c0... 2a02:26f0:6c00:283::34ef | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
10 | 4 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
tinyurl.com |
ASN43350 (NFORCE, NL)
PTR: server.dnsfreedom.net
oawesw.igg.biz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
igg.biz
2 redirects
oawesw.igg.biz |
116 KB |
2 |
gfx.ms
auth.gfx.ms |
280 KB |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
1 |
usa.cc
9iuuhy.usa.cc |
467 B |
1 |
tinyurl.com
1 redirects
tinyurl.com |
295 B |
10 | 5 |
Domain | Requested by | |
---|---|---|
8 | oawesw.igg.biz |
2 redirects
9iuuhy.usa.cc
oawesw.igg.biz |
2 | auth.gfx.ms |
oawesw.igg.biz
|
1 | ajax.googleapis.com |
oawesw.igg.biz
|
1 | 9iuuhy.usa.cc | |
1 | tinyurl.com | 1 redirects |
10 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
account.live.com |
login.live.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
oawesw.igg.biz Let's Encrypt Authority X3 |
2018-09-26 - 2018-12-25 |
3 months | crt.sh |
*.googleapis.com Google Internet Authority G3 |
2018-09-25 - 2018-12-18 |
3 months | crt.sh |
msagfx.live.com Microsoft IT TLS CA 4 |
2017-07-27 - 2019-07-17 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://oawesw.igg.biz/zaase=aswzxcs/sa/8814dd300446354c78b8e56008b9600d/?Key=87803495022&rand=13InboxLightaspxn.878034950221774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&login=anVtcEBmaXNoLmNvbQ==&.rand=13InboxLight.aspx?n=878034950221774256418&fid=4
Frame ID: 579C90E99F2090BE28B782645497A55B
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://tinyurl.com/y8cma89m/?loge=jump@fish.com
HTTP 301
http://9iuuhy.usa.cc/zawws//?loge=jump@fish.com Page URL
-
https://oawesw.igg.biz/zaase=aswzxcs/sa/?loge=jump@fish.com
HTTP 302
https://oawesw.igg.biz/zaase=aswzxcs/sa/8814dd300446354c78b8e56008b9600d?Key=87803495022&rand=13Inb... HTTP 301
https://oawesw.igg.biz/zaase=aswzxcs/sa/8814dd300446354c78b8e56008b9600d/?Key=87803495022&rand=13In... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Forgot my password
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://tinyurl.com/y8cma89m/?loge=jump@fish.com
HTTP 301
http://9iuuhy.usa.cc/zawws//?loge=jump@fish.com Page URL
-
https://oawesw.igg.biz/zaase=aswzxcs/sa/?loge=jump@fish.com
HTTP 302
https://oawesw.igg.biz/zaase=aswzxcs/sa/8814dd300446354c78b8e56008b9600d?Key=87803495022&rand=13InboxLightaspxn.878034950221774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&login=anVtcEBmaXNoLmNvbQ==&.rand=13InboxLight.aspx?n=878034950221774256418&fid=4 HTTP 301
https://oawesw.igg.biz/zaase=aswzxcs/sa/8814dd300446354c78b8e56008b9600d/?Key=87803495022&rand=13InboxLightaspxn.878034950221774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&login=anVtcEBmaXNoLmNvbQ==&.rand=13InboxLight.aspx?n=878034950221774256418&fid=4 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://tinyurl.com/y8cma89m/?loge=jump@fish.com HTTP 301
- http://9iuuhy.usa.cc/zawws//?loge=jump@fish.com
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
9iuuhy.usa.cc/zawws// Redirect Chain
|
119 B 467 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
oawesw.igg.biz/zaase=aswzxcs/sa/8814dd300446354c78b8e56008b9600d/ Redirect Chain
|
16 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Converged_v21033.css
oawesw.igg.biz/zaase=aswzxcs/sa/8814dd300446354c78b8e56008b9600d/inc/ |
92 KB 92 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.svg
oawesw.igg.biz/zaase=aswzxcs/sa/8814dd300446354c78b8e56008b9600d/inc/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow_left.svg
oawesw.igg.biz/zaase=aswzxcs/sa/8814dd300446354c78b8e56008b9600d/inc/ |
513 B 758 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ellipsis_white.svg
oawesw.igg.biz/zaase=aswzxcs/sa/8814dd300446354c78b8e56008b9600d/inc/ |
915 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ellipsis_grey.svg
oawesw.igg.biz/zaase=aswzxcs/sa/8814dd300446354c78b8e56008b9600d/inc/ |
915 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0.jpg
auth.gfx.ms/16.000.27773.2/images/Backgrounds/ |
277 KB 277 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0-small.jpg
auth.gfx.ms/16.000.27773.2/images/Backgrounds/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)45 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery number| f76ca8 function| lI1 function| c8qaYuL0583t262F2M undefined| l1l undefined| ll1 undefined| lll string| l_ll string| l11 number| lII string| zLP object| rRWhe object| otV5f string| t18D9z6U0 string| wgEH3 string| m84JYf7Qd1n3 string| e6zqUdxZX18yBK string| y6X14j1q766 string| gSmsoT4 function| t262F2Mc8qaYuL0583 string| oPfG3NIy function| gA702Gtr string| rt3PcVq string| rGeStnn number| ii object| l5 string| l6 number| ll number| _l string| msg function| nem function| check undefined| dl number| oe undefined| da function| ge boolean| ws string| tN boolean| izN undefined| zis undefined| zis8 boolean| zOF boolean| i7f string| i83w380p32kS8b0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
9iuuhy.usa.cc
ajax.googleapis.com
auth.gfx.ms
oawesw.igg.biz
tinyurl.com
2606:4700:10::6814:da2a
2a00:1450:4001:80b::200a
2a02:26f0:6c00:283::34ef
5.189.152.42
93.157.63.185
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0f1593bf7e4745fa5dde94c35f3c216baa71b8abef8e042168a76f7c1e95242b
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
42235f541dcdef8058f2a4574d9c677ca2f2278819ccdd047dac35d9aa00d482
4e9e7c1c2df9e91cf271a7afe529360d199cdff23a721473062ee1ebabd6821f
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea