critixexchangesharefile.com
Open in
urlscan Pro
20.118.134.80
Malicious Activity!
Public Scan
Effective URL: https://critixexchangesharefile.com/
Submission: On February 22 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on February 21st 2022. Valid for: 3 months.
This is the only time critixexchangesharefile.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 108.167.168.59 108.167.168.59 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 52.250.2.234 52.250.2.234 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 | 20.118.134.80 20.118.134.80 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
4 | 2a00:1450:400... 2a00:1450:4001:811::2004 | 15169 (GOOGLE) (GOOGLE) | |
4 | 2a00:1450:400... 2a00:1450:4001:811::2003 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:803::2003 | 15169 (GOOGLE) (GOOGLE) | |
3 | 152.199.23.37 152.199.23.37 | () () | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:3b | () () | |
18 | 9 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 108-167-168-59.unifiedlayer.com
riozgmqyv.figueiredoeferreira.com.br |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
critixexchangesharefile.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
gstatic.com
www.gstatic.com fonts.gstatic.com |
341 KB |
4 |
google.com
www.google.com — Cisco Umbrella Rank: 2 |
41 KB |
3 |
msftauth.net
aadcdn.msftauth.net |
51 KB |
2 |
critixexchangesharefile.com
critixexchangesharefile.com |
106 KB |
1 |
jquery.com
code.jquery.com |
30 KB |
1 |
figueiredoeferreira.com.br
riozgmqyv.figueiredoeferreira.com.br |
356 B |
18 | 6 |
Domain | Requested by | |
---|---|---|
4 | www.gstatic.com |
www.google.com
www.gstatic.com |
4 | www.google.com |
critixexchangesharefile.com
www.gstatic.com www.google.com |
3 | aadcdn.msftauth.net |
critixexchangesharefile.com
|
2 | fonts.gstatic.com |
www.google.com
|
2 | critixexchangesharefile.com |
52.250.2.234
|
1 | code.jquery.com |
critixexchangesharefile.com
|
1 | riozgmqyv.figueiredoeferreira.com.br | |
18 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.teste.figueiredoeferreira.com.br R3 |
2022-01-20 - 2022-04-20 |
3 months | crt.sh |
critixexchangesharefile.com ZeroSSL RSA Domain Secure Site CA |
2022-02-21 - 2022-05-22 |
3 months | crt.sh |
www.google.com GTS CA 1C3 |
2022-02-07 - 2022-05-02 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-02-07 - 2022-05-02 |
3 months | crt.sh |
*.google.com GTS CA 1C3 |
2022-02-07 - 2022-05-02 |
3 months | crt.sh |
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA |
2021-05-13 - 2022-05-13 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://critixexchangesharefile.com/
Frame ID: CFEA74010AEAE9EAE0AB2C1B3656CDE0
Requests: 13 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LczKBgbAAAAAM13luWBh4giCR_GCXWRre4BYkFR&co=aHR0cHM6Ly9jcml0aXhleGNoYW5nZXNoYXJlZmlsZS5jb206NDQz&hl=de&v=1B_yv3CBEV10KtI2HJ6eEXhJ&size=invisible&cb=bqufxtnislsy
Frame ID: D45903D73037CE3BE7D483BD9B4DAEC9
Requests: 8 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://riozgmqyv.figueiredoeferreira.com.br/ Page URL
- http://52.250.2.234/bb/scott.wright@igtsolutions.com Page URL
- https://critixexchangesharefile.com/MTY0NTUwNDMyODcwZWQ1ZWVkMTI0YThmNzdkYTYyZjBhYzY3ZWQxZGFlOGFiMDA2ZWNjMWM5NGFm... Page URL
- https://critixexchangesharefile.com/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
reCAPTCHA (Captchas) Expand
Detected patterns
- /recaptcha/api\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://riozgmqyv.figueiredoeferreira.com.br/ Page URL
- http://52.250.2.234/bb/scott.wright@igtsolutions.com Page URL
- https://critixexchangesharefile.com/MTY0NTUwNDMyODcwZWQ1ZWVkMTI0YThmNzdkYTYyZjBhYzY3ZWQxZGFlOGFiMDA2ZWNjMWM5NGFmN2M0ZjYzNjZmZjI4MDNmZmI1NDIyOWViMQ==?id=c2NvdHQud3JpZ2h0QGlndHNvbHV0aW9ucy5jb20=&uid=63324e766448517564334a705a32683051476c6e64484e7662485630615739756379356a6232303d&auth=3139332e32372e31342e3434 Page URL
- https://critixexchangesharefile.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
riozgmqyv.figueiredoeferreira.com.br/ |
322 B 356 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
scott.wright@igtsolutions.com
52.250.2.234/bb/ |
374 B 630 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MTY0NTUwNDMyODcwZWQ1ZWVkMTI0YThmNzdkYTYyZjBhYzY3ZWQxZGFlOGFiMDA2ZWNjMWM5NGFmN2M0ZjYzNjZmZjI4MDNmZmI1NDIyOWViMQ==
critixexchangesharefile.com/ |
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.google.com/recaptcha/ |
884 B 1000 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__de.js
www.gstatic.com/recaptcha/releases/1B_yv3CBEV10KtI2HJ6eEXhJ/ |
358 KB 142 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anchor
www.google.com/recaptcha/api2/ Frame D459 |
41 KB 22 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
styles__ltr.css
www.gstatic.com/recaptcha/releases/1B_yv3CBEV10KtI2HJ6eEXhJ/ Frame D459 |
51 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
recaptcha__de.js
www.gstatic.com/recaptcha/releases/1B_yv3CBEV10KtI2HJ6eEXhJ/ Frame D459 |
358 KB 142 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame D459 |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame D459 |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame D459 |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
webworker.js
www.google.com/recaptcha/api2/ Frame D459 |
102 B 134 B |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
reload
www.google.com/recaptcha/api2/ Frame D459 |
31 KB 18 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
Primary Request
/
critixexchangesharefile.com/ |
104 KB 104 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_rayhgcterrtxpnvapp3erg2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
105 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.1.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_rayhgcterrtxpnvapp3erg2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
0 19 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en.min_szor2ujtsn_b-ik0b744ha2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
0 12 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
217 B 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
31 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.google.com/recaptcha | Name: _GRECAPTCHA Value: 09AGEo2mObQvaAX2NH5pPvKr1Bv9BZk7Sm_hcNVarQYvF5BdaNzwKMszy0pF_zw1Hg7j-EzJ_1W2l1eA4bDtt-4xY |
|
critixexchangesharefile.com/ | Name: PHPSESSID Value: 6eq6640188q2avgk3kf0hjr5pr |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msftauth.net
code.jquery.com
critixexchangesharefile.com
fonts.gstatic.com
riozgmqyv.figueiredoeferreira.com.br
www.google.com
www.gstatic.com
108.167.168.59
152.199.23.37
20.118.134.80
2001:4de0:ac18::1:a:3b
2a00:1450:4001:803::2003
2a00:1450:4001:811::2003
2a00:1450:4001:811::2004
52.250.2.234
17f4d23769bb626972e345c38040b81282c31c5653d879641250d62d53ac0a4d
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
25cc45fdbb1f6148c8ebd135cfe8d6c1cc00ed1939f7ba173c43d4dc15f849e8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e3b8f5340cd49ea1157452be8201fb304a7dcb01c592713b40bd2c148728c5c
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
9afa3c051ee973f57d359d63d2d192fdf03f9f4571b759bff5edcc50a5d6c095
9e35e16ed2d132b80b321b118f62deb3c448d76f31c834b5eea969ff3885369a
a33593e9043efefbaf94d9ca220c885ce1c42dd2a7707f30ed072d7d71587da5
a7233f5b9a320b469d17535747e2f3222cf59b02ce1111f8d2fe37e90ad630b6
dd857f991cc91a3f52e400bc6e3452ca871f9aa4db616e4748918bc8507d8072
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e603b509658fdf55f0b46c6af2e7c189447f5046357e7d359b1fe6803574f7f2
ea6449d448a48495c557755af39701567925ceafc30e06fba05f65e723c91aa3
ee5d8f682805ed45d8c9ff24941a1ad286763bf61e23fde210d41e5016607106
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48