muhrah.com
Open in
urlscan Pro
162.144.84.37
Malicious Activity!
Public Scan
Effective URL: https://muhrah.com/support/index.php?20FE4104763A04BB40C02102CA04DF3A&auth=31e4bf5507c196792cb771797e422616d563074f...
Submission: On February 13 via api from AU
Summary
TLS certificate: Issued by R3 on January 1st 2021. Valid for: 3 months.
This is the only time muhrah.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 65.9.69.118 65.9.69.118 | 16509 (AMAZON-02) (AMAZON-02) | |
1 2 | 162.144.84.37 162.144.84.37 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
5 | 2a02:6ea0:c70... 2a02:6ea0:c700::2 | 60068 (CDN77 (^_^)/) (CDN77 (^_^)/) | |
7 | 3 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: server.mashaueer.com
muhrah.com |
ASN60068 (CDN77 (^_^)/, GB)
1156724607.rsc.cdn77.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
cdn77.org
1156724607.rsc.cdn77.org |
21 KB |
2 |
muhrah.com
1 redirects
muhrah.com |
4 KB |
1 |
thequestgames.com
www.thequestgames.com |
596 B |
7 | 3 |
Domain | Requested by | |
---|---|---|
5 | 1156724607.rsc.cdn77.org |
muhrah.com
1156724607.rsc.cdn77.org |
2 | muhrah.com |
1 redirects
www.thequestgames.com
|
1 | www.thequestgames.com | |
7 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
mail.muhrah.com R3 |
2021-01-01 - 2021-04-01 |
3 months | crt.sh |
www.cdn77.com Let's Encrypt Authority X3 |
2020-11-30 - 2021-02-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://muhrah.com/support/index.php?20FE4104763A04BB40C02102CA04DF3A&auth=31e4bf5507c196792cb771797e422616d563074ff634686b58fe4c790bbbc5a3e356c82b
Frame ID: F0B52F31DB8DAB984EF709BEFD7E422A
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://www.thequestgames.com/auth/owa/ Page URL
-
https://muhrah.com/support/?%3FreplaceCurrent%3D1%26reason%3D2%26url=https%253a%252f%252%252fow...
HTTP 302
https://muhrah.com/support/index.php?20FE4104763A04BB40C02102CA04DF3A&auth=31e4bf5507c196792cb7... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- headers server /php\/?([\d.]+)?/i
OpenSSL (Web Server Extensions) Expand
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Amazon EC2 (Web Servers) Expand
Detected patterns
- headers server /\(Amazon\)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Amazon Web Services (PaaS) Expand
Detected patterns
- headers via /\(CloudFront\)$/i
- headers server /\(Amazon\)/i
Amazon Cloudfront (CDN) Expand
Detected patterns
- headers via /\(CloudFront\)$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://www.thequestgames.com/auth/owa/ Page URL
-
https://muhrah.com/support/?%3FreplaceCurrent%3D1%26reason%3D2%26url=https%253a%252f%252%252fowa%252f
HTTP 302
https://muhrah.com/support/index.php?20FE4104763A04BB40C02102CA04DF3A&auth=31e4bf5507c196792cb771797e422616d563074ff634686b58fe4c790bbbc5a3e356c82b Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
www.thequestgames.com/auth/owa/ |
169 B 596 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
index.php
muhrah.com/support/ Redirect Chain
|
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.css
1156724607.rsc.cdn77.org/.assets/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
1156724607.rsc.cdn77.org/.assets/ |
2 KB 841 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
side.png
1156724607.rsc.cdn77.org/.assets/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
1156724607.rsc.cdn77.org/.assets/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sign.png
1156724607.rsc.cdn77.org/.assets/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook (Online)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
muhrah.com/ | Name: PHPSESSID Value: d958cc3691536255123c974fbcf13dd7 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
1156724607.rsc.cdn77.org
muhrah.com
www.thequestgames.com
162.144.84.37
2a02:6ea0:c700::2
65.9.69.118
0a808db3e14a12078b32a9e5cb7ab322d557f0ac268bda253f4309bd97d0bdc1
47abb531f51079ad100757fa175a33462f038be94d918dc5db204d1be2545045
86145ed88eb820e7b1a8b0fadc780e6dff5eb305d67f29d67671f8951fdd81a1
955202e89714a7e3d2696bd0888ea23f8f9b6517f52125a469fbedb25ffa19e9
a7cdef2a343a697f16fb77ccba5ad107680cd7b4c336e45024b54802481271d1
ee0952bc52c84551407fb78e6af06109736238534de9a1a99ed9da775020467d
f8593c513b145927dfff508c6e4a3c21c5e76f5003fb5c817036e4416f7888d8