fwfdcfr.igg.biz
Open in
urlscan Pro
89.40.122.112
Malicious Activity!
Public Scan
Effective URL: http://fwfdcfr.igg.biz/off/login.php
Submission: On May 03 via manual from US
Summary
This is the only time fwfdcfr.igg.biz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 162.144.138.131 162.144.138.131 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
2 2 | 192.185.149.134 192.185.149.134 | 20013 (CYRUSONE) (CYRUSONE - CyrusOne LLC) | |
10 | 89.40.122.112 89.40.122.112 | 199883 (ARUBACLOU...) (ARUBACLOUDLTD-ASN) | |
3 | 2.19.41.58 2.19.41.58 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
7 | 2.18.232.137 2.18.232.137 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
20 | 3 |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 162-144-138-131.unifiedlayer.com
www.muliastone.com |
ASN20013 (CYRUSONE - CyrusOne LLC, US)
PTR: 192-185-149-134.unifiedlayer.com
4life.niadesain.biz |
ASN199883 (ARUBACLOUDLTD-ASN, GB)
PTR: host112-122-40-89.serverdedicati.aruba.it
fwfdcfr.igg.biz |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
r4.res.office365.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
igg.biz
fwfdcfr.igg.biz |
3 MB |
7 |
office365.com
r4.res.office365.com |
698 KB |
3 |
gfx.ms
auth.gfx.ms |
310 KB |
2 |
niadesain.biz
2 redirects
4life.niadesain.biz |
641 B |
1 |
muliastone.com
1 redirects
www.muliastone.com |
620 B |
20 | 5 |
Domain | Requested by | |
---|---|---|
10 | fwfdcfr.igg.biz |
fwfdcfr.igg.biz
|
7 | r4.res.office365.com |
fwfdcfr.igg.biz
|
3 | auth.gfx.ms |
fwfdcfr.igg.biz
|
2 | 4life.niadesain.biz | 2 redirects |
1 | www.muliastone.com | 1 redirects |
20 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
signup.live.com |
login.live.com |
Subject Issuer | Validity | Valid |
---|
This page contains 2 frames:
Primary Page:
http://fwfdcfr.igg.biz/off/login.php
Frame ID: 5BC21684CC4BAEB6B3DAC1EB99B571D7
Requests: 5 HTTP requests in this frame
Frame:
http://fwfdcfr.igg.biz/off/files/prefetch.htm
Frame ID: 8B9944F0271940CA476F19B297F794CF
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://www.muliastone.com/eDF4S
HTTP 301
http://4life.niadesain.biz/redirect HTTP 301
http://4life.niadesain.biz/redirect/ HTTP 302
http://fwfdcfr.igg.biz/off/login.php Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Create one!
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.muliastone.com/eDF4S
HTTP 301
http://4life.niadesain.biz/redirect HTTP 301
http://4life.niadesain.biz/redirect/ HTTP 302
http://fwfdcfr.igg.biz/off/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
fwfdcfr.igg.biz/off/ Redirect Chain
|
30 KB 30 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Converged1033.css
auth.gfx.ms/16.000.27578.1/ |
86 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.svg
fwfdcfr.igg.biz/off/files/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0.jpg
auth.gfx.ms/16.000.27578.1/images/Backgrounds/ |
291 KB 291 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0-small.jpg
auth.gfx.ms/16.000.27578.1/images/Backgrounds/ |
1 KB 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prefetch.htm
fwfdcfr.igg.biz/off/files/ Frame 8B99 |
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot_003.js
fwfdcfr.igg.biz/off/files/prefetch_data/ Frame 8B99 |
641 KB 642 KB |
Stylesheet
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot.js
fwfdcfr.igg.biz/off/files/prefetch_data/ Frame 8B99 |
636 KB 636 KB |
Stylesheet
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot_002.js
fwfdcfr.igg.biz/off/files/prefetch_data/ Frame 8B99 |
638 KB 638 KB |
Stylesheet
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot_004.js
fwfdcfr.igg.biz/off/files/prefetch_data/ Frame 8B99 |
634 KB 634 KB |
Stylesheet
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite1.png
fwfdcfr.igg.biz/off/files/prefetch_data/ Frame 8B99 |
16 KB 17 KB |
Stylesheet
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite1.css
fwfdcfr.igg.biz/off/files/prefetch_data/ Frame 8B99 |
7 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot.css
fwfdcfr.igg.biz/off/files/prefetch_data/ Frame 8B99 |
225 KB 226 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
boot.worldwide.0.mouse.js
r4.res.office365.com/owa/prem/16.2020.4.2442160/scripts/ Frame 8B99 |
641 KB 174 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
boot.worldwide.1.mouse.js
r4.res.office365.com/owa/prem/16.2020.4.2442160/scripts/ Frame 8B99 |
636 KB 158 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
boot.worldwide.2.mouse.js
r4.res.office365.com/owa/prem/16.2020.4.2442160/scripts/ Frame 8B99 |
638 KB 165 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
boot.worldwide.3.mouse.js
r4.res.office365.com/owa/prem/16.2020.4.2442160/scripts/ Frame 8B99 |
634 KB 140 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
sprite1.mouse.png
r4.res.office365.com/owa/prem/16.2020.4.2442160/resources/images/0/ Frame 8B99 |
16 KB 16 KB |
Stylesheet
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
sprite1.mouse.css
r4.res.office365.com/owa/prem/16.2020.4.2442160/resources/images/0/ Frame 8B99 |
7 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
boot.worldwide.mouse.css
r4.res.office365.com/owa/prem/16.2020.4.2442160/resources/styles/0/ Frame 8B99 |
225 KB 43 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| PROOF object| ServerData0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
4life.niadesain.biz
auth.gfx.ms
fwfdcfr.igg.biz
r4.res.office365.com
www.muliastone.com
162.144.138.131
192.185.149.134
2.18.232.137
2.19.41.58
89.40.122.112
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0eeba3946e4bfaa54c41955b6a38b7829661f99f2248d8f86b2f4122d43487c3
14c8a3d517b4a02cd72a2464a03bd475dfa7cbb839612777d81d78f105e0ee63
151adfcf02a21ea303d61d5730fa26ae294261ed7858c6ddaa261b505b4421a3
20c62041dea51d7e2ce3f72581509b6c584e1fe989ca5702eb03ce10550bb05a
2bfda1b8b6719674a9ed6d399b275e72855a419e16292c2d88478dc12e533d48
2e567408885963588904b254395aa60e463accc9cfefb34bfe64a514370a6f22
461f87e55bba34c4d9248d1b45685ea832eba56c15ebf6cccf75d49f1547b502
62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214
99190cfe65f919edb8071d84eee7096ec27561bc9b9fa396e55e0eb5e2cd0194
a746baed8836fd1b9fba9536a324dc7689950df032cf340b3d2886bdd5606bf8
c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b
c591f35d0b035a99aff6cff881957d856f4e2f10fd6cef6464bc2a037601dbcb