13.114.140.106
Open in
urlscan Pro
13.114.140.106
Malicious Activity!
Public Scan
URL:
http://13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/
Submission: On August 14 via manual from US
Submission: On August 14 via manual from US
Summary
This website contacted 4 IPs
in 2 countries
across 2 domains to perform 25 HTTP transactions.
The main IP is 13.114.140.106, located in
Tokyo, Japan and
belongs to AMAZON-02 - Amazon.com, Inc., US.
The main domain is 13.114.140.106.
This is the only time 13.114.140.106 was scanned on urlscan.io!
This is the only time 13.114.140.106 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 23 | 13.114.140.106 13.114.140.106 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 | 205.185.208.52 205.185.208.52 | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
| 1 | 198.211.112.20 198.211.112.20 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean) | |
| 25 | 4 |
23
13.114.140.106
(Tokyo, Japan)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-13-114-140-106.ap-northeast-1.compute.amazonaws.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-13-114-140-106.ap-northeast-1.compute.amazonaws.com
| 13.114.140.106 |
1
205.185.208.52
(Phoenix, United States)
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net
| code.jquery.com |
1
198.211.112.20
(North Bergen, United States)
ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
| analytics.cuvesk.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 1 |
cuvesk.com
analytics.cuvesk.com |
368 B |
| 1 |
jquery.com
code.jquery.com |
30 KB |
| 25 | 2 |
| Domain | Requested by | |
|---|---|---|
| 1 | analytics.cuvesk.com |
13.114.140.106
|
| 1 | code.jquery.com |
13.114.140.106
|
| 25 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| 1970-01-01 - 1970-01-01 |
a few seconds | crt.sh | |
| jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/
Frame ID: 8D6573F3F2BE5418722B405C849A3801
Requests: 26 HTTP requests in this frame
Screenshot
Detected technologies
Ubuntu
(Operating Systems)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /Ubuntu/i
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/ |
17 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.css
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/css/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.css
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/css/ |
27 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-3.2.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg-1.jpg
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/img/ |
37 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg-3.jpg
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/img/ |
4 KB 4 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
win-ico.png
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/img/ |
692 B 976 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.js
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
alert-msg.mp3
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/ |
107 KB 0 |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
992 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
img-1.svg
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/img/ |
376 B 376 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
img-2.svg
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/img/ |
376 B 376 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
img-3.svg
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/img/ |
376 B 376 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
img-4.svg
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/img/ |
376 B 376 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
img-5.svg
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/img/ |
376 B 376 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
img-6.svg
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/img/ |
376 B 376 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
img-7.svg
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/img/ |
376 B 376 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
img-8.svg
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/img/ |
376 B 376 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
img-9.svg
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/img/ |
376 B 376 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
img-10.svg
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/img/ |
377 B 377 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
img-11.svg
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/img/ |
377 B 377 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
img-12.svg
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/img/ |
377 B 377 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
glyphicons-halflings-regular.html
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
rout.js
analytics.cuvesk.com/rout/ |
26 B 368 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
glyphicons-halflings-regular.woff
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
glyphicons-halflings-regular.ttf
13.114.140.106/mnascbascasvgcascfasrftsavgsayugasugias7t8asugasayctsdasfasvas/fiegvhbjsnkanbhdsbdvs/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery string| _number number| _i function| newLine function| openBrowser function| toggleFullScreen function| get_browser boolean| InternetEx boolean| isIEedge object| browser undefined| msg_ff string| CustomAnlysis function| ca boolean| myCustomFlag0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
analytics.cuvesk.com
code.jquery.com
13.114.140.106
198.211.112.20
205.185.208.52
12d6b74653ea1f615c83880bdaf90af1067cad6cf03da10cfc79b0b70781fa4b
18c46396da1249cc99b02d273a27b8b32c4a899b6efda2053e8de78d64032277
239aaec1ed0572d5967575feceba3f48f8a1dd65f91bd68387c345b316a87ebb
27cfea4396a07b3446d81f5a6e03f520b04b06b654d3abebbd664114f0e833a6
2b9c6ade0b28f240327b929a25393f89d523903ed5de9530e561d029bb2e07da
411686ae83308f4aa8cb9ec8add3fd359830824dfd93f6dd93505849659ba71b
4d5e4aa50db4df377f688dfdd898a0e56995cee7d13d6adbce9bfcabdbfda100
5a6f321a11b27aacf21dfe083bb9e7a1831c34fc2a457f3dce2e3d0d9cb27296
673e48ddcbdac37bf65177ba2a4191b8562e3b3873a07959e67a8e3a9364f353
738c3a4c053dbcdfaf7dc47d9d6f408e8a2a36ee7234dd598494b0817fd848a2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
9b1bbe246f402dce63e8aaaa037ef81e99f32d8c8d3f219364de64e973db4dc8
9bd6fd4ccc5659cef5d1cef6e46c2934d6d7877ba8e2c3336cf4acb774e1fdab
9e5cfdd35152b5fb3ed86d54cb69cba7427a42325aaf330273df34571ef8c13e
bdff2f037e65fa46db4eaafef936c1e50d5a92eea51b5d2dbfe127b3228451a7
c2da9ae8d59c4992f7702dbe138f1d67ef9a765d233e6e5d4abaaee1ceda751a
e01d1f4dcf15380d9d8475978129009a23e3754348fb5e87f400a2ead8769e5c
e7061cdf40720d588635b29baea7e8005719473f3c4839ea3feeeef58dd174c7
ef4c30edf757193a4c38a8ef8caae777a0f896fdd91a261a4402a5b28d98cfab
f1b24062e20ce739440ac003f18cb48438b3f9b5122d1217fb1ac7a32913e9fb
f869a27dd2e9ecf8f2ec71a17b67f020318815cf2d6679522a21fc64785f518e
fa8c47b287a2ecae33189376f53e38108b896b2947b178811f50e3cfbebe1241