xn--80asucf0d.com
Open in
urlscan Pro
Puny
старый.com IDN
5.181.218.64
Malicious Activity!
Public Scan
Effective URL: https://xn--80asucf0d.com/1/?list
Submission: On October 06 via manual from GB — Scanned from DE
Summary
TLS certificate: Issued by R3 on September 12th 2021. Valid for: 3 months.
This is the only time xn--80asucf0d.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 104.244.42.69 104.244.42.69 | 13414 (TWITTER) (TWITTER) | |
2 2 | 2620:1ec:21::14 2620:1ec:21::14 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 1 | 143.204.98.32 143.204.98.32 | 16509 (AMAZON-02) (AMAZON-02) | |
1 2 | 31.214.157.208 31.214.157.208 | 58329 (RACKPLACE) (RACKPLACE) | |
2 | 34.229.4.215 34.229.4.215 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 2a00:1450:400... 2a00:1450:4001:827::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2603:1026:205... 2603:1026:205:16::2 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 20.190.160.4 20.190.160.4 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2001:67c:4e8:... 2001:67c:4e8:1033:3:100:0:a | 62041 (TELEGRAM) (TELEGRAM) | |
1 | 5.181.218.64 5.181.218.64 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
11 | 9 |
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
linkedin.com | |
www.linkedin.com |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-32.fra50.r.cloudfront.net
applle.onelink.me |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-229-4-215.compute-1.amazonaws.com
pastoral-agreeable-heliotrope.glitch.me | |
caterwauling-rift-sandwich.glitch.me |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
outlook.office.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.microsoftonline.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
t.co
t.co |
1 KB |
2 |
glitch.me
pastoral-agreeable-heliotrope.glitch.me caterwauling-rift-sandwich.glitch.me |
19 KB |
2 |
xn--80apugd.com
1 redirects
home.xn--80apugd.com |
29 KB |
2 |
linkedin.com
2 redirects
linkedin.com www.linkedin.com |
2 KB |
1 |
xn--80asucf0d.com
xn--80asucf0d.com |
595 B |
1 |
telegram.org
api.telegram.org |
619 B |
1 |
microsoftonline.com
login.microsoftonline.com |
132 KB |
1 |
office.com
outlook.office.com |
1 KB |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
1 |
onelink.me
1 redirects
applle.onelink.me |
326 B |
11 | 10 |
Domain | Requested by | |
---|---|---|
3 | t.co |
home.xn--80apugd.com
ajax.googleapis.com |
2 | home.xn--80apugd.com |
1 redirects
t.co
|
1 | xn--80asucf0d.com |
t.co
|
1 | api.telegram.org |
t.co
|
1 | caterwauling-rift-sandwich.glitch.me |
t.co
|
1 | login.microsoftonline.com |
outlook.office.com
|
1 | outlook.office.com |
t.co
|
1 | ajax.googleapis.com |
pastoral-agreeable-heliotrope.glitch.me
|
1 | pastoral-agreeable-heliotrope.glitch.me |
t.co
|
1 | applle.onelink.me | 1 redirects |
1 | www.linkedin.com | 1 redirects |
1 | linkedin.com | 1 redirects |
11 | 12 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
t.co DigiCert TLS RSA SHA256 2020 CA1 |
2021-02-05 - 2022-02-04 |
a year | crt.sh |
xn--80apugd.com R3 |
2021-09-25 - 2021-12-24 |
3 months | crt.sh |
glitch.com Amazon |
2021-01-18 - 2022-02-15 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-09-13 - 2021-11-20 |
2 months | crt.sh |
outlook.com DigiCert Cloud Services CA-1 |
2020-07-02 - 2022-07-02 |
2 years | crt.sh |
stamp2.login.microsoftonline.com DigiCert SHA2 Secure Server CA |
2021-08-25 - 2022-08-25 |
a year | crt.sh |
api.telegram.org Go Daddy Secure Certificate Authority - G2 |
2020-03-24 - 2022-05-23 |
2 years | crt.sh |
xn--80asucf0d.com R3 |
2021-09-12 - 2021-12-11 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://xn--80asucf0d.com/1/?list
Frame ID: DAD9FBD2DEF9604695131CB04DE56D37
Requests: 9 HTTP requests in this frame
Frame:
https://login.microsoftonline.com/logout.srf?ct=1633531479&rver=7.0.6737.0&id=260563&ru=https:%2F%2Foutlook.com%2Fowa%2F%3Fexch%3D1%26RpsCsrfState%3Dcfbef306-56e9-e33b-8f0c-682cd99a04c9
Frame ID: E23E62A53A0F631A58D13F840E9E8EF7
Requests: 3 HTTP requests in this frame
Screenshot
Page Title
404 Not FoundPage URL History Show full URLs
- https://t.co/9vkEZ25kay?amp=1 Page URL
-
https://linkedin.com/redirect?url=https%3A%2F%2Fapplle%2Eonelink%2Eme%2FOOkN%2Faeb1fbf4&urlhash=X...
HTTP 301
https://www.linkedin.com/redirect?url=https%3A%2F%2Fapplle%2Eonelink%2Eme%2FOOkN%2Faeb1fbf4&urlhash=X... HTTP 303
https://applle.onelink.me/OOkN/aeb1fbf4 HTTP 302
https://home.xn--80apugd.com/?shortlink=aeb1fbf4&pid=Email&c=apple Page URL
-
https://home.xn--80apugd.com/?shortlink=aeb1fbf4&pid=Email&c=apple
HTTP 302
https://t.co/1EP1DMGUhC?shortlink=aeb1fbf4&pid=Email&c=apple Page URL
- https://pastoral-agreeable-heliotrope.glitch.me/ Page URL
- https://caterwauling-rift-sandwich.glitch.me/ Page URL
- https://xn--80asucf0d.com/1/?list Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://t.co/9vkEZ25kay?amp=1 Page URL
-
https://linkedin.com/redirect?url=https%3A%2F%2Fapplle%2Eonelink%2Eme%2FOOkN%2Faeb1fbf4&urlhash=XtyK&trk
HTTP 301
https://www.linkedin.com/redirect?url=https%3A%2F%2Fapplle%2Eonelink%2Eme%2FOOkN%2Faeb1fbf4&urlhash=XtyK&trk HTTP 303
https://applle.onelink.me/OOkN/aeb1fbf4 HTTP 302
https://home.xn--80apugd.com/?shortlink=aeb1fbf4&pid=Email&c=apple Page URL
-
https://home.xn--80apugd.com/?shortlink=aeb1fbf4&pid=Email&c=apple
HTTP 302
https://t.co/1EP1DMGUhC?shortlink=aeb1fbf4&pid=Email&c=apple Page URL
- https://pastoral-agreeable-heliotrope.glitch.me/ Page URL
- https://caterwauling-rift-sandwich.glitch.me/ Page URL
- https://xn--80asucf0d.com/1/?list Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://linkedin.com/redirect?url=https%3A%2F%2Fapplle%2Eonelink%2Eme%2FOOkN%2Faeb1fbf4&urlhash=XtyK&trk HTTP 301
- https://www.linkedin.com/redirect?url=https%3A%2F%2Fapplle%2Eonelink%2Eme%2FOOkN%2Faeb1fbf4&urlhash=XtyK&trk HTTP 303
- https://applle.onelink.me/OOkN/aeb1fbf4 HTTP 302
- https://home.xn--80apugd.com/?shortlink=aeb1fbf4&pid=Email&c=apple
- https://home.xn--80apugd.com/?shortlink=aeb1fbf4&pid=Email&c=apple HTTP 302
- https://t.co/1EP1DMGUhC?shortlink=aeb1fbf4&pid=Email&c=apple
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
9vkEZ25kay
t.co/ |
483 B 564 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
home.xn--80apugd.com/ Redirect Chain
|
72 KB 29 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1EP1DMGUhC
t.co/ Redirect Chain
|
295 B 366 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
pastoral-agreeable-heliotrope.glitch.me/ |
10 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logoff.owa
outlook.office.com/owa/ Frame E23E |
291 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bl0i5UYz17
t.co/ |
286 B 564 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
logout.srf
login.microsoftonline.com/ Frame E23E |
464 KB 132 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame E23E |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
caterwauling-rift-sandwich.glitch.me/ |
9 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
getUpdates
api.telegram.org/bot1979842486:AAF89aRlkOwL9ElYyRXZMbl7p7AZ33IKhhg/ |
372 B 619 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
xn--80asucf0d.com/1/ |
308 B 595 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster22 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.t.co/ | Name: muc Value: 9889a385-f5b1-423d-95a3-55c497e08cc2 |
|
.www.linkedin.com/ | Name: JSESSIONID Value: ajax:4643854953618700460 |
|
.linkedin.com/ | Name: lang Value: v=2&lang=de-de |
|
.linkedin.com/ | Name: bcookie Value: "v=2&d52d7cf6-304a-413c-887c-4720c1d9b31d" |
|
.www.linkedin.com/ | Name: bscookie Value: "v=1&202110061444360e62bd7f-0984-41de-8f10-58b1346dca1fAQEvET29GwN6xHW7srtDfWnuHZFcJqAO" |
|
.linkedin.com/ | Name: li_gc Value: MTswOzE2MzM1MzE0NzY7MjswMjG1jChQ91M5MJ9H1CGA7Dsy8w/TAKj9xlLfuknVxjDP7A== |
|
.linkedin.com/ | Name: lidc Value: "b=OGST07:s=O:r=O:a=O:p=O:g=2135:u=1:x=1:i=1633531476:t=1633617876:v=2:sig=AQEGl8vvCbIIV3ERu2fVSN15HZeEfwBP" |
|
.xn--80apugd.com/ | Name: __6ClM Value: Q2UK_HsrQj2shOjuKv_9nw== |
|
outlook.office.com/ | Name: RpsCsrfState.6bcMfRBl96S8Kzw6-tSEzhp7mzKJWp5pB8Yo2bZwL8E Value: cfbef306-56e9-e33b-8f0c-682cd99a04c9 |
|
.login.microsoftonline.com/ | Name: SignInStateCookie Value: CAgABAAIAAAD--DLA3VO7QrddgJg7WevrAgDs_wQA9P9c7SHswfrYKJfXb52B7z9K50zY2kc1yYbXP0_He3jz38OL1mgSzAvybOo962LeXLQAk_cpykN6YQ |
|
login.microsoftonline.com/ | Name: ESTSSSOTILES Value: 1 |
|
login.microsoftonline.com/ | Name: AADSSOTILES Value: 1 |
|
.login.microsoftonline.com/ | Name: ESTSAUTHPERSISTENT Value: AgABAAQAAAD--DLA3VO7QrddgJg7WevrAgDs_wQA9P92OlVHEOabP-2pMLFz1QT1eQVWyDva0oCx01sWUl11zQOw1Hs5ITOlzJywbbGgMKhW6ZYs3AWqQg |
|
.login.microsoftonline.com/ | Name: ESTSAUTH Value: AgABAAQAAAD--DLA3VO7QrddgJg7WevrAgDs_wQA9P-fjGutX65DwEs1l-E33Pne2TKUm2I3Et3DVUuZRYQmzRnM7BIk_X624Fzdsnie66qtunp7_jeZ7A |
|
login.microsoftonline.com/ | Name: ESTSAUTHLIGHT Value: + |
|
.login.microsoftonline.com/ | Name: ch Value: FCaVFmWeN67dX3pxHgNAjUuiAJeDSqrXd3eVd332ZDI |
|
login.microsoftonline.com/ | Name: ESTSSC Value: 00 |
|
login.microsoftonline.com/ | Name: buid Value: AQABAAEAAAD--DLA3VO7QrddgJg7WevrE_TnrOuBljWvoo0C3CbfBByyT-uKi0dW_qc5CKdGCLt1fre5Kk3cf2ar41BxGXJPqJgIlzaatXbqy2UPTTFWlsSmT8z_nngRhmtegb8ouAMgAA |
|
login.microsoftonline.com/ | Name: fpc Value: AnX4J21-pmJMhluCsuAruxU |
|
.login.microsoftonline.com/ | Name: esctx Value: AQABAAAAAAD--DLA3VO7QrddgJg7WevrwHMM0vDP2a7AorM8D5-PXMEq1sZmkF60kwJk4-SYbgqqqrVuIDgAcVfPc9dFAuFZwftfRoGZO0uTwj2UkQOtvg54Mw7OAH1OTV5G--nAvPEJ4GX4dGMwWNFAlR9XqsRjqdGPU4A6uH6ctgCtcstbSdauWVLi2FVaCaoYviC2eFsgAA |
|
login.microsoftonline.com/ | Name: x-ms-gateway-slice Value: estsfd |
|
login.microsoftonline.com/ | Name: stsservicecookie Value: estsfd |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=0 |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
api.telegram.org
applle.onelink.me
caterwauling-rift-sandwich.glitch.me
home.xn--80apugd.com
linkedin.com
login.microsoftonline.com
outlook.office.com
pastoral-agreeable-heliotrope.glitch.me
t.co
www.linkedin.com
xn--80asucf0d.com
104.244.42.69
143.204.98.32
20.190.160.4
2001:67c:4e8:1033:3:100:0:a
2603:1026:205:16::2
2620:1ec:21::14
2a00:1450:4001:827::200a
31.214.157.208
34.229.4.215
5.181.218.64
113ba48deea5ab6fdb783bc109f7bc1201395fe859ec3be9c9c8ce9973fef166
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
4534c50ad7c0aec7973177ad1051a430432c0d8f1ec588754a70ff1b16941999
85ca0cb0f446fa4d7918631088a16e5156926fbf6fc81ae2bab819ce6612e9e2
a6fba324671229a5a2b8dff027cfc5802d41887403f14683a3815a816be7762f
b045f5de841e538b11379b35d6c872e1fe050e8726673e5105b7fb1703fc1e5f
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c
f88c087cfd2f9837da1da8436b7f79fb484bf4db53deea7acbf966061e082447