cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Open in urlscan Pro
45.42.200.70 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://xsqk2.triedmetals.com/Y3NhbnRhZ2F0aUB3ZXJmZW4uY29t
Effective URL:
https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323
Submission: On October 07 via automatic, source openphish (October 7th 2021, 1:26:35 pm UTC) — Scanned from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 45.42.200.70, located in Los Angeles, United States and belongs to AS40676, US. The main domain is cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph.
TLS certificate: Issued by R3 on October 5th 2021. Valid for: 3 months.

This is the only time cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address		AS Autonomous System
1 9	45.42.200.70 45.42.200.70		40676 (AS40676) (AS40676)
10	2

9 45.42.200.70 (Los Angeles, United States) 1 redirects

ASN40676 (AS40676, US)

xsqk2.triedmetals.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	cloudns.ph 1 redirects cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph	70 KB
1	triedmetals.com xsqk2.triedmetals.com	2 KB
10	2

	Domain	Requested by
8	cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph	1 redirects xsqk2.triedmetals.com cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph
1	xsqk2.triedmetals.com
10	2

This site contains no links.

Subject Issuer	Validity	Valid
xsqk2.triedmetals.com R3	`2021-10-05` - `2022-01-03`	3 months	crt.sh
cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph R3	`2021-10-05` - `2022-01-03`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323
Frame ID: C958E6FAAEA343E42065C359DC3BC144
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

05927F13548E3406B4AB56E809320480615EF585D232D

Page URL History Show full URLs

https://xsqk2.triedmetals.com/Y3NhbnRhZ2F0aUB3ZXJmZW4uY29t Page URL
https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/$&WTncLMZ4E6EAdAktGehKtmQ... HTTP 302
https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 Page URL

Page Statistics

10
Requests

80 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

72 kB
Transfer

305 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://xsqk2.triedmetals.com/Y3NhbnRhZ2F0aUB3ZXJmZW4uY29t Page URL
https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/$&WTncLMZ4E6EAdAktGehKtmQIMDINHnnHJlCZN2Usniv3h7TbXUTJXVjkpZWBltZyddIObBnHTkpPYKtK6hWhRl5RfvIQm2Em3R30vZDfiEz7xd6BXbSktvBxwRgO6XsrBcR6xokitHo7IKYc2NIDFuPfOuqQd0XihgFskpZyYCO1oBPiguDd0Ajig07yAYEPlbEQqmwD?client=Y3NhbnRhZ2F0aUB3ZXJmZW4uY29t HTTP 302
https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Y3NhbnRhZ2F0aUB3ZXJmZW4uY29t Show response xsqk2.triedmetals.com/	23 KB 2 KB	8894ms 6322ms	Document text/html	45.42.200.70 AS40676
General Check archive.org Show headers Download Go to Full URL https://xsqk2.triedmetals.com/Y3NhbnRhZ2F0aUB3ZXJmZW4uY29t Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.42.200.70 Los Angeles, United States, ASN40676 (AS40676, US), Reverse DNS Software Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips / PHP/7.2.0 Resource Hash `ee31b61080b13466336f24c976c752313420c160971faa8fcf0e7ca1645eac4a` Request headers Host xsqk2.triedmetals.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Thu, 07 Oct 2021 13:26:09 GMT Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips X-Powered-By PHP/7.2.0 Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 2006 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	Primary Request PS-615ef5839c323 Show response cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/ Redirect Chain https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/$&WTncLMZ4E6EAdAktGehKtmQIMDINHnnHJlCZN2Usniv3h7TbXUTJXVjkpZWBltZyddIObBnHTkpPYKtK6hWhRl5Rf... https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323	37 KB 3 KB	2220ms 2220ms	Document text/html	45.42.200.70 AS40676
General Check archive.org Show headers Download Go to Full URL https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 Requested by Host: xsqk2.triedmetals.com URL: https://xsqk2.triedmetals.com/Y3NhbnRhZ2F0aUB3ZXJmZW4uY29t Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.42.200.70 Los Angeles, United States, ASN40676 (AS40676, US), Reverse DNS Software Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips / PHP/7.2.0 Resource Hash `80cc52ed5a6a0382814e0c875740a88d63a6f26e6d2f039357a6d05e9559f7c9` Request headers Host cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer https://xsqk2.triedmetals.com/ Accept-Encoding gzip, deflate, br Cookie PHPSESSID=7b4euqs8v0pml5prk0kfonab9t Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://xsqk2.triedmetals.com/Y3NhbnRhZ2F0aUB3ZXJmZW4uY29t Response headers Date Thu, 07 Oct 2021 13:26:27 GMT Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips X-Powered-By PHP/7.2.0 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 Pragma no-cache Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 3010 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html; charset=UTF-8 Redirect headers Date Thu, 07 Oct 2021 13:26:16 GMT Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips X-Powered-By PHP/7.2.0 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 Pragma no-cache Set-Cookie PHPSESSID=7b4euqs8v0pml5prk0kfonab9t; path=/ Location ./PS-615ef5839c323 Vary User-Agent Content-Length 0 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	4d5f86303450d29a5b41583f18320405b266780592eee cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/APP-0WUCAW/	103 KB 18 KB	166ms 165ms	Stylesheet text/css	45.42.200.70 AS40676
General Check archive.org Show headers Download Go to Full URL https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/APP-0WUCAW/4d5f86303450d29a5b41583f18320405b266780592eee Requested by Host: cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph URL: https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.42.200.70 Los Angeles, United States, ASN40676 (AS40676, US), Reverse DNS Software Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips / Resource Hash `a7057bebfff43e7281ca31da00d40bd88c8d02d1576b9c45891dd56a3853269a` Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode no-cors Accept text/css,/;q=0.1 Cache-Control no-cache Sec-Fetch-Dest style Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 Cookie PHPSESSID=7b4euqs8v0pml5prk0kfonab9t Connection keep-alive Accept-Language de-DE,de;q=0.9 Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 07 Oct 2021 13:26:30 GMT Content-Encoding gzip Last-Modified Fri, 20 Aug 2021 19:23:18 GMT Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips ETag "19b99-5ca0299861580-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 18548
GET H/1.1	200 OK	5820f61af005b2084d93b6883454ee7532915e5604d23 cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/o/	4 KB 2 KB	472ms 165ms	Image image/svg+xml	45.42.200.70 AS40676
General Check archive.org Show headers Download Go to Show image Full URL https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/o/5820f61af005b2084d93b6883454ee7532915e5604d23 Requested by Host: cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph URL: https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.42.200.70 Los Angeles, United States, ASN40676 (AS40676, US), Reverse DNS Software Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips / Resource Hash `04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a` Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode no-cors Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Cache-Control* no-cache Sec-Fetch-Dest image Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 Cookie PHPSESSID=7b4euqs8v0pml5prk0kfonab9t Connection keep-alive Accept-Language de-DE,de;q=0.9 Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 07 Oct 2021 13:26:30 GMT Content-Encoding gzip Last-Modified Sat, 23 Nov 2019 23:10:04 GMT Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips ETag "e43-5980ba16eab00-gzip" Vary Accept-Encoding,User-Agent Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1435
GET H/1.1	200 OK	b8491422a534f8743e1256650d2d353e8565be00008f9 cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/e/	513 B 646 B	471ms 163ms	Image image/svg+xml	45.42.200.70 AS40676
General Check archive.org Show headers Download Go to Show image Full URL https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/e/b8491422a534f8743e1256650d2d353e8565be00008f9 Requested by Host: cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph URL: https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.42.200.70 Los Angeles, United States, ASN40676 (AS40676, US), Reverse DNS Software Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips / Resource Hash `34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58` Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode no-cors Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Cache-Control* no-cache Sec-Fetch-Dest image Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 Cookie PHPSESSID=7b4euqs8v0pml5prk0kfonab9t Connection keep-alive Accept-Language de-DE,de;q=0.9 Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 07 Oct 2021 13:26:30 GMT Content-Encoding gzip Last-Modified Sun, 24 Nov 2019 06:44:20 GMT Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips ETag "201-59811fa043900-gzip" Vary Accept-Encoding,User-Agent Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 276
GET H/1.1	200 OK	408422d25de55b3148f89b69a360303165254fee70850 Show response cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/jq/	84 KB 29 KB	463ms 161ms	Script application/javascript	45.42.200.70 AS40676
General Check archive.org Show headers Download Go to Full URL https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/jq/408422d25de55b3148f89b69a360303165254fee70850 Requested by Host: cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph URL: https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.42.200.70 Los Angeles, United States, ASN40676 (AS40676, US), Reverse DNS Software Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips / Resource Hash `05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e` Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode no-cors Accept / Cache-Control no-cache Sec-Fetch-Dest script Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 Cookie PHPSESSID=7b4euqs8v0pml5prk0kfonab9t Connection keep-alive Accept-Language de-DE,de;q=0.9 Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 07 Oct 2021 13:26:30 GMT Content-Encoding gzip Last-Modified Mon, 17 May 2021 20:23:14 GMT Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips ETag "14e4a-5c28c5cf01080-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 29822
GET H/1.1	200 OK	325065407d8e568a421b9035d82485b040fe933152fe6 Show response cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/boot/	50 KB 14 KB	467ms 163ms	Script application/javascript	45.42.200.70 AS40676
General Check archive.org Show headers Download Go to Full URL https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/boot/325065407d8e568a421b9035d82485b040fe933152fe6 Requested by Host: cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph URL: https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.42.200.70 Los Angeles, United States, ASN40676 (AS40676, US), Reverse DNS Software Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips / Resource Hash `56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4` Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode no-cors Accept / Cache-Control no-cache Sec-Fetch-Dest script Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 Cookie PHPSESSID=7b4euqs8v0pml5prk0kfonab9t Connection keep-alive Accept-Language de-DE,de;q=0.9 Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 07 Oct 2021 13:26:30 GMT Content-Encoding gzip Last-Modified Mon, 17 May 2021 20:23:24 GMT Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips ETag "c75f-5c28c5d88a700-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 14085
GET H/1.1	200 OK	188363dd90860559b358e4f4f622a405e505e42b23017 Show response cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/jm/	5 KB 2 KB	469ms 164ms	Script application/javascript	45.42.200.70 AS40676
General Check archive.org Show headers Download Go to Full URL https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/jm/188363dd90860559b358e4f4f622a405e505e42b23017 Requested by Host: cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph URL: https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.42.200.70 Los Angeles, United States, ASN40676 (AS40676, US), Reverse DNS Software Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips / Resource Hash `fb23209dbc5709c625b8103fdbc6914f5cb8df714c88e4dbc99f22cd18ebcde7` Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode no-cors Accept / Cache-Control no-cache Sec-Fetch-Dest script Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 Cookie PHPSESSID=7b4euqs8v0pml5prk0kfonab9t Connection keep-alive Accept-Language de-DE,de;q=0.9 Referer https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/PS-615ef5839c323 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 07 Oct 2021 13:26:30 GMT Content-Encoding gzip Last-Modified Fri, 03 Sep 2021 22:38:14 GMT Server Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips ETag "121c-5cb1ef4702180-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1260
GET		api-280318e00a36824e356b325f2495857f0450e64b15d9d cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/	0 0

GET		api-ef0255489655e3e20d41080283342769453bfab01568d cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph
URL: https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/api-280318e00a36824e356b325f2495857f0450e64b15d9d?email=csantagati@werfen.com&data=logo

Domain: cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph
URL: https://cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/Eni5GXDyq8REEu1Cjr0EeVykB7D9pDXszf0c0spw6Ae1NHnFDQ/api-ef0255489655e3e20d41080283342769453bfab01568d?email=csantagati@werfen.com&data=background

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph/	1969-12-31 23:59:59	Name: PHPSESSID Value: 7b4euqs8v0pml5prk0kfonab9t

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph
xsqk2.triedmetals.com
cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph
45.42.200.70
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
80cc52ed5a6a0382814e0c875740a88d63a6f26e6d2f039357a6d05e9559f7c9
a7057bebfff43e7281ca31da00d40bd88c8d02d1576b9c45891dd56a3853269a
ee31b61080b13466336f24c976c752313420c160971faa8fcf0e7ca1645eac4a
fb23209dbc5709c625b8103fdbc6914f5cb8df714c88e4dbc99f22cd18ebcde7

cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Open in urlscan Pro 45.42.200.70 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

80 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

72 kBTransfer

305 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

Indicators

cgwxb69d471e2fe20c89f8141b0b9fc291c.cloudns.ph Open in urlscan Pro
45.42.200.70 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

80 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

72 kB
Transfer

305 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!