msg0x1.webcindario.com
Open in
urlscan Pro
5.57.226.202
Malicious Activity!
Public Scan
Submission: On May 07 via manual from MX
Summary
This is the only time msg0x1.webcindario.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 5.57.226.202 5.57.226.202 | 29119 (SERVIHOST...) (SERVIHOSTING-AS AireNetworks - StackScale) | |
6 | 207.154.211.148 207.154.211.148 | () () | |
3 | 2607:f8b0:400... 2607:f8b0:4004:801::200a | 15169 (GOOGLE) (GOOGLE - Google Inc.) | |
1 | 95.211.120.76 95.211.120.76 | 60781 (LEASEWEB-...) (LEASEWEB-NL Netherlands) | |
4 | 95.101.245.11 95.101.245.11 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
18 | 6 |
ASN29119 (SERVIHOSTING-AS AireNetworks - StackScale, ES)
msg0x1.webcindario.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-101-245-11.deploy.akamaitechnologies.com
auth.gfx.ms |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
msg0x4.top
msg0x4.top Failed |
1 KB |
4 |
gfx.ms
auth.gfx.ms |
20 KB |
3 |
googleapis.com
ajax.googleapis.com |
89 KB |
1 |
iforbes.club
iforbes.club |
6 KB |
1 |
singlehtml.com
l0x2gin.singlehtml.com Failed |
937 B |
1 |
webcindario.com
msg0x1.webcindario.com |
|
18 | 6 |
Domain | Requested by | |
---|---|---|
5 | msg0x4.top |
ajax.googleapis.com
|
4 | auth.gfx.ms |
msg0x1.webcindario.com
|
3 | ajax.googleapis.com |
msg0x4.top
l0x2gin.singlehtml.com |
1 | iforbes.club |
l0x2gin.singlehtml.com
|
1 | l0x2gin.singlehtml.com |
ajax.googleapis.com
|
1 | msg0x1.webcindario.com | |
18 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
signup.live.com |
account.live.com |
login.live.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.googleapis.com Google Internet Authority G2 |
2017-04-27 - 2017-07-20 |
3 months | crt.sh |
msagfx.live.com Symantec Class 3 Secure Server CA - G4 |
2016-12-14 - 2018-12-15 |
2 years | crt.sh |
This page contains 3 frames:
Frame:
http://msg0x4.top/
Frame ID: 28763.1
Requests: 3 HTTP requests in this frame
Frame:
http://l0x2gin.singlehtml.com/?q=a8hzu28f
Frame ID: 28777.1
Requests: 8 HTTP requests in this frame
Frame:
http://l0x2gin.singlehtml.com/?q=a8hzu28f
Frame ID: 28792.1
Requests: 7 HTTP requests in this frame
5 Outgoing links
These are links going to different origins than the main page.
Title: Cree una.
Search URL Search Domain Scan URL
Title: Olvidé mi contraseña
Search URL Search Domain Scan URL
Title: Inicia sesión con una cuenta Microsoft diferente
Search URL Search Domain Scan URL
Title: Términos de uso
Search URL Search Domain Scan URL
Title: Privacidad y cookies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
msg0x1.webcindario.com/ |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
msg0x4.top/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon.ico
msg0x1.webcindario.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
msg0x4.top/ Frame 2877 |
312 B 312 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.1.0/ Frame 2877 |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
Cookie set
get
msg0x4.top/ Frame 2877 |
57 B 57 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
msg0x4.top/ Frame 2877 |
1 KB 708 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
o
msg0x4.top/ Frame 2877 |
309 B 309 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.1.0/ Frame 2877 |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
out
msg0x4.top/ Frame 2877 |
71 B 71 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
l0x2gin.singlehtml.com/ Frame 2877 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
l0x2gin.singlehtml.com/ Frame 2879 |
937 B 937 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.1.0/ Frame 2879 |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
iforbes.club/ Frame 2879 |
13 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Default2058.css
auth.gfx.ms/16.000.26513.01/ Frame 2879 |
73 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AppCentipede_Microsoft.svg
auth.gfx.ms/16.000.26513.01/AppCentipede/ Frame 2879 |
7 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Microsoft_Logotype_Gray.svg
auth.gfx.ms/16.000.26513.01/ Frame 2879 |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
auth.gfx.ms/16.000.26513.01/ Frame 2879 |
17 KB 540 B |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- msg0x4.top
- URL
- http://msg0x4.top/
- Domain
- msg0x1.webcindario.com
- URL
- http://msg0x1.webcindario.com/favicon.ico
- Domain
- l0x2gin.singlehtml.com
- URL
- http://l0x2gin.singlehtml.com/?q=a8hzu28f
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
auth.gfx.ms
iforbes.club
l0x2gin.singlehtml.com
msg0x1.webcindario.com
msg0x4.top
l0x2gin.singlehtml.com
msg0x1.webcindario.com
msg0x4.top
207.154.211.148
2607:f8b0:4004:801::200a
5.57.226.202
95.101.245.11
95.211.120.76
04abcffe50391436fe42fdfad6af5964e271609ae5c09f278ab1c66217b2248e
356f7d1241f92c9de9c9cfd0bebb6c10d1b38508a3f37cebc26329c656bad19f
702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb
8596fb3e52baf97fbf14bd13c47a58699bd2bb578fde7976cec5a8ea1eacd791
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
ab80af3bb6f039e19389b05c33dff195b3a1a77c2714f335fab06e30c48182a8
bde5e27f76f371121f1955806f1b662f323f3793b079455f5bfe83365a393625
c177f7195d0180ad59c76a380e03d878b1772833646dff57ec700957f2d5a606
c88baafe9f4b76c839e8eb92c3f54ae1b0eadc50df2017a6eeab5b9d7674faa6
df44c55c64bbd2370d67619348bf847feee246ceca0882b73fff8ef06db4aedc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8127177be046e545721ecfb31baa68814d1978b330696e2b811f57302a5ba85
eb517fa156eab977e3c8a1954fbeb43498b1d7d6d5c553dd3be71860ad25d269