muhrah.com Open in urlscan Pro
162.144.84.37 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.thequestgames.com/auth/owa/
Effective URL:
https://muhrah.com/support/index.php?20FE4104763A04BB40C02102CA04DF3A&auth=31e4bf5507c196792cb771797e422616d563074f...
Submission: On February 13 via api (February 13th 2021, 6:05:42 pm UTC) from AU

Summary HTTP 7 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 162.144.84.37, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is muhrah.com.
TLS certificate: Issued by R3 on January 1st 2021. Valid for: 3 months.

This is the only time muhrah.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook (Online)

Domain & IP information

	IP Address		AS Autonomous System
1	65.9.69.118 65.9.69.118		16509 (AMAZON-02) (AMAZON-02)
1 2	162.144.84.37 162.144.84.37		46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
5	2a02:6ea0:c70... 2a02:6ea0:c700::2		60068 (CDN77 (^_^)/) (CDN77 (^_^)/)
7	3

1 65.9.69.118 (United States)

ASN16509 (AMAZON-02, US)

www.thequestgames.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.144.84.37 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: server.mashaueer.com

muhrah.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:6ea0:c700::2 (Frankfurt am Main, Germany)

ASN60068 (CDN77 (^_^)/, GB)

1156724607.rsc.cdn77.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	cdn77.org 1156724607.rsc.cdn77.org	21 KB
2	muhrah.com 1 redirects muhrah.com	4 KB
1	thequestgames.com www.thequestgames.com	596 B
7	3

	Domain	Requested by
5	1156724607.rsc.cdn77.org	muhrah.com 1156724607.rsc.cdn77.org
2	muhrah.com	1 redirects www.thequestgames.com
1	www.thequestgames.com
7	3

This site contains no links.

Subject Issuer	Validity	Valid
mail.muhrah.com R3	`2021-01-01` - `2021-04-01`	3 months	crt.sh
www.cdn77.com Let's Encrypt Authority X3	`2020-11-30` - `2021-02-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://muhrah.com/support/index.php?20FE4104763A04BB40C02102CA04DF3A&auth=31e4bf5507c196792cb771797e422616d563074ff634686b58fe4c790bbbc5a3e356c82b
Frame ID: F0B52F31DB8DAB984EF709BEFD7E422A
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.thequestgames.com/auth/owa/ Page URL
https://muhrah.com/support/?%3FreplaceCurrent%3D1%26reason%3D2%26url=https%253a%252f%252%252fow... HTTP 302
https://muhrah.com/support/index.php?20FE4104763A04BB40C02102CA04DF3A&auth=31e4bf5507c196792cb7... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /php\/?([\d.]+)?/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Amazon EC2 (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /\(Amazon\)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /\(CloudFront\)$/i
headers server /\(Amazon\)/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /\(CloudFront\)$/i

Page Statistics

7
Requests

86 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

25 kB
Transfer

28 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.thequestgames.com/auth/owa/ Page URL
https://muhrah.com/support/?%3FreplaceCurrent%3D1%26reason%3D2%26url=https%253a%252f%252%252fowa%252f HTTP 302
https://muhrah.com/support/index.php?20FE4104763A04BB40C02102CA04DF3A&auth=31e4bf5507c196792cb771797e422616d563074ff634686b58fe4c790bbbc5a3e356c82b Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response www.thequestgames.com/auth/owa/	169 B 596 B	282ms 250ms	Document text/html	65.9.69.118 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://www.thequestgames.com/auth/owa/ Protocol HTTP/1.1 Server 65.9.69.118 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.39 (Amazon) OpenSSL/1.0.2k-fips PHP/7.2.30 / PHP/7.2.30 Resource Hash `955202e89714a7e3d2696bd0888ea23f8f9b6517f52125a469fbedb25ffa19e9` Request headers Host www.thequestgames.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type text/html; charset=UTF-8 Content-Length 169 Connection keep-alive Date Sat, 13 Feb 2021 18:05:21 GMT Server Apache/2.4.39 (Amazon) OpenSSL/1.0.2k-fips PHP/7.2.30 X-Powered-By PHP/7.2.30 X-Cache Miss from cloudfront Via 1.1 e39402e2cf62b31f7774452c905f38f3.cloudfront.net (CloudFront) X-Amz-Cf-Pop FRA56-C1 X-Amz-Cf-Id ojBfbrst-d1LPSpCaxHs22mVGHLwmgDTEJzyhRS-xbPGmtRDBgkibw==
GET H/1.1	200 OK	Primary Request index.php Show response muhrah.com/support/ Redirect Chain https://muhrah.com/support/?%3FreplaceCurrent%3D1%26reason%3D2%26url=https%253a%252f%252%252fowa%252f https://muhrah.com/support/index.php?20FE4104763A04BB40C02102CA04DF3A&auth=31e4bf5507c196792cb771797e422616d563074ff634686b58fe4c790bbbc5a3e356c82b	3 KB 3 KB	208ms 206ms	Document text/html	162.144.84.37 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://muhrah.com/support/index.php?20FE4104763A04BB40C02102CA04DF3A&auth=31e4bf5507c196792cb771797e422616d563074ff634686b58fe4c790bbbc5a3e356c82b Requested by Host: www.thequestgames.com URL: http://www.thequestgames.com/auth/owa/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.144.84.37 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS server.mashaueer.com Software Apache / PHP/7.1.33 Resource Hash `86145ed88eb820e7b1a8b0fadc780e6dff5eb305d67f29d67671f8951fdd81a1` Request headers Host muhrah.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer http://www.thequestgames.com/auth/owa/ Accept-Encoding gzip, deflate, br Accept-Language en-US Cookie PHPSESSID=d958cc3691536255123c974fbcf13dd7 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://www.thequestgames.com/auth/owa/ Response headers Date Sat, 13 Feb 2021 18:05:49 GMT Server Apache X-Powered-By PHP/7.1.33 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Keep-Alive timeout=5, max=99 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Date Sat, 13 Feb 2021 18:05:49 GMT Server Apache X-Powered-By PHP/7.1.33 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Refresh 0 Set-Cookie PHPSESSID=d958cc3691536255123c974fbcf13dd7; path=/ Location index.php?20FE4104763A04BB40C02102CA04DF3A&auth=31e4bf5507c196792cb771797e422616d563074ff634686b58fe4c790bbbc5a3e356c82b Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H2	200	app.css 1156724607.rsc.cdn77.org/.assets/	5 KB 1 KB	328ms 238ms	Stylesheet text/css	2a02:6ea0:c700::2 CDN77 (^_^)/
General Check archive.org Show headers Download Go to Full URL https://1156724607.rsc.cdn77.org/.assets/app.css?0.58534000%201613239549 Requested by Host: muhrah.com URL: https://muhrah.com/support/index.php?20FE4104763A04BB40C02102CA04DF3A&auth=31e4bf5507c196792cb771797e422616d563074ff634686b58fe4c790bbbc5a3e356c82b Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::2 Frankfurt am Main, Germany, ASN60068 (CDN77 (^_^)/, GB), Reverse DNS Software CDN77-Turbo / Resource Hash `ee0952bc52c84551407fb78e6af06109736238534de9a1a99ed9da775020467d` Request headers Referer https://muhrah.com/support/index.php?20FE4104763A04BB40C02102CA04DF3A&auth=31e4bf5507c196792cb771797e422616d563074ff634686b58fe4c790bbbc5a3e356c82b User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-77-nzt AcO1ry8SOFvOfQYAAA== date Sat, 13 Feb 2021 18:05:22 GMT content-encoding br last-modified Mon, 25 Jan 2021 14:41:38 GMT server CDN77-Turbo x-77-nzt-ray /iNbnnnjwLo= etag W/"600ed8a2-128a" x-77-cache HIT content-type text/css access-control-allow-origin * x-cache REVALIDATED x-age 1661 x-77-pop frankfurtDE
GET H2	200	app.js Show response 1156724607.rsc.cdn77.org/.assets/	2 KB 841 B	331ms 241ms	Script application/javascript	2a02:6ea0:c700::2 CDN77 (^_^)/
General Check archive.org Show headers Download Go to Full URL https://1156724607.rsc.cdn77.org/.assets/app.js?0.58536700%201613239549 Requested by Host: muhrah.com URL: https://muhrah.com/support/index.php?20FE4104763A04BB40C02102CA04DF3A&auth=31e4bf5507c196792cb771797e422616d563074ff634686b58fe4c790bbbc5a3e356c82b Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::2 Frankfurt am Main, Germany, ASN60068 (CDN77 (^_^)/, GB), Reverse DNS Software CDN77-Turbo / Resource Hash `0a808db3e14a12078b32a9e5cb7ab322d557f0ac268bda253f4309bd97d0bdc1` Request headers Referer https://muhrah.com/support/index.php?20FE4104763A04BB40C02102CA04DF3A&auth=31e4bf5507c196792cb771797e422616d563074ff634686b58fe4c790bbbc5a3e356c82b User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-77-nzt AcO1ry/UkiHOfQYAAA== date Sat, 13 Feb 2021 18:05:22 GMT content-encoding br last-modified Fri, 05 Feb 2021 05:11:45 GMT server CDN77-Turbo x-77-nzt-ray jVQbY/uH17g= etag W/"601cd391-94a" x-77-cache HIT content-type application/javascript; charset=UTF-8 access-control-allow-origin * x-cache REVALIDATED x-age 1661 x-77-pop frankfurtDE
GET H2	200	side.png 1156724607.rsc.cdn77.org/.assets/	4 KB 4 KB	242ms 242ms	Image image/png	2a02:6ea0:c700::2 CDN77 (^_^)/
General Check archive.org Show headers Download Go to Show image Full URL https://1156724607.rsc.cdn77.org/.assets/side.png Requested by Host: 1156724607.rsc.cdn77.org URL: https://1156724607.rsc.cdn77.org/.assets/app.css?0.58534000%201613239549 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::2 Frankfurt am Main, Germany, ASN60068 (CDN77 (^_^)/, GB), Reverse DNS Software CDN77-Turbo / Resource Hash `a7cdef2a343a697f16fb77ccba5ad107680cd7b4c336e45024b54802481271d1` Request headers Referer https://1156724607.rsc.cdn77.org/.assets/app.css?0.58534000%201613239549 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-77-nzt AcO1ry/sCJ/OcwYAAA== date Sat, 13 Feb 2021 18:05:22 GMT etag "600ed8a2-f5c" last-modified Mon, 25 Jan 2021 14:41:38 GMT server CDN77-Turbo x-77-nzt-ray fzfu3Z8qnlk= x-77-cache HIT content-type image/png access-control-allow-origin * x-cache REVALIDATED x-age 1651 accept-ranges bytes x-77-pop frankfurtDE content-length 3932
GET H2	200	logo.png 1156724607.rsc.cdn77.org/.assets/	11 KB 12 KB	280ms 279ms	Image image/png	2a02:6ea0:c700::2 CDN77 (^_^)/
General Check archive.org Show headers Download Go to Show image Full URL https://1156724607.rsc.cdn77.org/.assets/logo.png Requested by Host: 1156724607.rsc.cdn77.org URL: https://1156724607.rsc.cdn77.org/.assets/app.css?0.58534000%201613239549 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::2 Frankfurt am Main, Germany, ASN60068 (CDN77 (^_^)/, GB), Reverse DNS Software CDN77-Turbo / Resource Hash `f8593c513b145927dfff508c6e4a3c21c5e76f5003fb5c817036e4416f7888d8` Request headers Referer https://1156724607.rsc.cdn77.org/.assets/app.css?0.58534000%201613239549 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-77-nzt AcO1ry/+TG3OcwYAAA== date Sat, 13 Feb 2021 18:05:22 GMT etag "600ed8a2-2dea" last-modified Mon, 25 Jan 2021 14:41:38 GMT server CDN77-Turbo x-77-nzt-ray mqsJg+yL+ic= x-77-cache HIT content-type image/png access-control-allow-origin * x-cache REVALIDATED x-age 1651 accept-ranges bytes x-77-pop frankfurtDE content-length 11754
GET H2	200	sign.png 1156724607.rsc.cdn77.org/.assets/	3 KB 3 KB	268ms 267ms	Image image/png	2a02:6ea0:c700::2 CDN77 (^_^)/
General Check archive.org Show headers Download Go to Show image Full URL https://1156724607.rsc.cdn77.org/.assets/sign.png Requested by Host: 1156724607.rsc.cdn77.org URL: https://1156724607.rsc.cdn77.org/.assets/app.css?0.58534000%201613239549 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::2 Frankfurt am Main, Germany, ASN60068 (CDN77 (^_^)/, GB), Reverse DNS Software CDN77-Turbo / Resource Hash `47abb531f51079ad100757fa175a33462f038be94d918dc5db204d1be2545045` Request headers Referer https://1156724607.rsc.cdn77.org/.assets/app.css?0.58534000%201613239549 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-77-nzt AcO1ry/Q45HOcwYAAA== date Sat, 13 Feb 2021 18:05:22 GMT etag "600ed8a2-a0d" last-modified Mon, 25 Jan 2021 14:41:38 GMT server CDN77-Turbo x-77-nzt-ray Duc3BAm/4g8= x-77-cache HIT content-type image/png access-control-allow-origin * x-cache REVALIDATED x-age 1651 accept-ranges bytes x-77-pop frankfurtDE content-length 2573

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			muhrah.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: d958cc3691536255123c974fbcf13dd7

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1156724607.rsc.cdn77.org
muhrah.com
www.thequestgames.com
162.144.84.37
2a02:6ea0:c700::2
65.9.69.118
0a808db3e14a12078b32a9e5cb7ab322d557f0ac268bda253f4309bd97d0bdc1
47abb531f51079ad100757fa175a33462f038be94d918dc5db204d1be2545045
86145ed88eb820e7b1a8b0fadc780e6dff5eb305d67f29d67671f8951fdd81a1
955202e89714a7e3d2696bd0888ea23f8f9b6517f52125a469fbedb25ffa19e9
a7cdef2a343a697f16fb77ccba5ad107680cd7b4c336e45024b54802481271d1
ee0952bc52c84551407fb78e6af06109736238534de9a1a99ed9da775020467d
f8593c513b145927dfff508c6e4a3c21c5e76f5003fb5c817036e4416f7888d8