important-updates-center-029.cf
Open in
urlscan Pro
3.104.121.124
Malicious Activity!
Public Scan
Submission: On May 21 via api from CA
Summary
This is the only time important-updates-center-029.cf was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 3.104.121.124 3.104.121.124 | 16509 () () | |
10 | 2a02:26f0:6c0... 2a02:26f0:6c00:29f::34ef | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
7 | 2a02:26f0:6c0... 2a02:26f0:6c00:283::34ef | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
20 | 4 |
ASN16509 (,)
PTR: ec2-3-104-121-124.ap-southeast-2.compute.amazonaws.com
important-updates-center-029.cf |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
gfx.ms
auth.gfx.ms |
176 KB |
1 |
important-updates-center-029.cf
important-updates-center-029.cf |
67 KB |
0 |
microsoft.com
Failed
cs.microsoft.com Failed c.microsoft.com Failed |
|
20 | 3 |
Domain | Requested by | |
---|---|---|
17 | auth.gfx.ms |
important-updates-center-029.cf
|
1 | important-updates-center-029.cf | |
0 | c.microsoft.com Failed |
important-updates-center-029.cf
|
0 | cs.microsoft.com Failed |
auth.gfx.ms
|
20 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.microsoft.com |
privacy.microsoft.com |
login.live.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
msagfx.live.com Microsoft IT TLS CA 4 |
2017-07-27 - 2019-07-17 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://important-updates-center-029.cf/micrsharepoint/
Frame ID: 83879EDB6494A133779CEAB1FFC20B03
Requests: 20 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Knockout.js (JavaScript Frameworks) Expand
Detected patterns
- env /^ko$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Micosoft
Search URL Search Domain Scan URL
Title: Sharepoint document
Search URL Search Domain Scan URL
Title: In one cloud
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
important-updates-center-029.cf/micrsharepoint/ |
67 KB 67 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
msa_jHDwk39fDYV3_-P32ZY7ew2.css
auth.gfx.ms/ |
75 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AppCentipede_Microsoft.svg
auth.gfx.ms/images/AppCentipede/ |
7 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery_1.7.2.js
auth.gfx.ms/ |
92 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap_3.3.0_pPAJHVic1yRZoJnAQKOXeQ2.js
auth.gfx.ms/ |
36 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wLivePackage_BUgt_VA9tVPtWGX7ifSLCA2.js
auth.gfx.ms/ |
27 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
compatNonIE_tBPhj8fBmQ29lERZ8otB7A2.js
auth.gfx.ms/ |
21 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
liveDepPackage_aDC9Fz5btxIUXW45hIRGXQ2.js
auth.gfx.ms/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
animations_F0feig31z1IAjWLnhlI63Q2.js
auth.gfx.ms/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
notificationsPackage_42CnZZn34lW5sAmyxNqC0g2.js
auth.gfx.ms/ |
28 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
knockout_kKvzfhsQd3RiAaz9AjzNgA2.js
auth.gfx.ms/ |
74 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dataRequestPackage_la-fplmLZQsKzY10lWx4wg2.js
auth.gfx.ms/ |
11 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
accountCorePackage_N-SJjK7ZIEWiNoJTjBH1UA2.js
auth.gfx.ms/ |
29 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
defineUtilitiesPackage_DKpLoa0tvT6qTm3ag6xDmQ2.js
auth.gfx.ms/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
validationPackage_Divy7HvD8o39YWyMfek2lg2.js
auth.gfx.ms/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
resetPasswordPackage_fVNotyQi0Xw-Ge_yYKpn1A2.js
auth.gfx.ms/ |
93 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wedcs_LNiF397omcoBqRwx9cdJug2.js
auth.gfx.ms/ |
24 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
getid.js
cs.microsoft.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
trans_pixel.aspx
c.microsoft.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Microsoft_Logotype_Gray.svg
auth.gfx.ms/images/ |
5 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cs.microsoft.com
- URL
- http://cs.microsoft.com/getid.js?jsoncb=MscomSetFPC
- Domain
- c.microsoft.com
- URL
- http://c.microsoft.com/trans_pixel.aspx?wcs.tz=0&wcs.cot=0&wcs.route=&wcs.ctrl=&wcs.ts=1558474240514&wcs.fpc=ID%253Df48a3912ca3643f68fee721c8db53a6d%2526CS%253D0%2526LV%253D201905&wcs.cd=0&wcs.eid=2a306f5b-642b-4e9a-3847-3d1ee51e1753&wcs.sr=1600x1200&wcs.bs=1600x440&wcs.rsd=important-updates-center-029.cf&wcs.rsus=%2Fmicrsharepoint%2F&wcs.rsqs=&wcs.rihs=0&wcs.cks=&wcs.ti=Microsoft%20SharePoint&wcs.v=4&wcs.vct=&wcs.vs=&wcs.vclt=&wcs.vfpv=&wcs.et=0&wcs.tr=0
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)174 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| _ge object| _d object| _dh object| $U function| registerNamespace function| GetString object| ExternalHelper function| WizardExternalHelper object| $Do object| WIZARDUIConfig object| $B object| $Config function| $ function| jQuery object| jQuery17203638698913896601 object| Debug object| wLive object| $Debug function| _ce function| _get object| Sys object| $Utility object| $Beacon function| $CD function| $CC function| $Flags function| $Enum object| $css function| smartSetTimeout object| $Cookie object| $HelpContext object| $edh object| $f object| $footer function| $Trie function| $LogoutEventHandler object| $Logout object| $baseMaster object| $Browser function| CollectGarbage function| createPopup function| navigate function| attachEvent function| detachEvent function| XMLDOMParser function| $StringBuilder object| FunctionHelper object| $Dom object| $UI object| ko object| requests object| $ReportEvent function| getId function| getKey function| defineNamespace function| defineClass function| defineSubClass function| appendFunction function| mix function| bind function| Encrypt function| PackageSAData function| PackagePwdOnly function| PackagePinOnly function| PackageLoginIntData function| PackageSADataForProof function| PackageNewPwdOnly function| PackageNewAndOldPwd function| mapByteToBase64 function| base64Encode function| byteArrayToBase64 function| parseRSAKeyFromString function| RSAEncrypt function| RSAEncryptBlock function| JSMPnumber function| duplicateMP function| byteArrayToMP function| mpToByteArray function| modularExp function| modularMultiply function| multiplyMP function| normalizeJSMP function| removeLeadingZeroes function| divideMP function| multiplyAndSubtract function| applyPKCSv2Padding function| MGF function| XORarrays function| SHA1 function| wordToBytes function| PadSHA1Input function| SHA1RoundFunction function| rotateLeft function| hexStringToMP object| PasswordValidation object| WIZARDUI function| OnBack function| OnNext function| setFocus function| evt_master_onload object| HOSTUI function| MscomInit function| MscomProvisionFPC function| MscomSetFPC function| MscomGetFPC function| MscomGetClientCookies function| MscomGetCookieKeyValue function| MscomGetCookie function| MscomSendPageView function| MscomCustomEvent function| MscomProcessClick function| MscomBeacon function| MscomGetDebugValues function| MscomSetTitle function| MscomSetTimeZoneOffSet function| MscomSetReferrer function| MscomSetTimeStamp function| MscomSetScreenResolution function| MscomSetClickStreamFlag function| MscomReadAllTags function| MscomSetCot function| MscomSetSharedData function| MscomGetCurrentSD function| MscomGetFlashInfo function| MscomGetSilverLightInfo function| MscomInitMeta function| MscomReadElementTags function| MscomSetEventId function| MscomGetBrowserSize function| MscomSetRouteCtrl function| MscomGetCTypeHpInfo function| MscomIsHP function| MscomSetCookieDisabledFlag function| GuidPart function| GenerateGuid function| MscomGetSlvVersion function| Mscomdebug function| MscomGetId function| MscomGetImageHREF function| MscomIsInList function| MscomsetEvents function| MscomGetMUID function| MscomEncode function| Mscomdecode function| MscomGetStrFromArray function| MscomResetArrays function| MscomIsPII object| wcsIAr number| wcsIArI object| wedcsCE string| wcsTPUrl number| wcsPVsFpc number| wcsEFpc number| wcsCDFpc string| wcsFpcC number| wcsFpcSet string| wcsFPCUrl number| wcsAfPV number| wcsMUIDset string| wcsOrPms object| wcsccks string| customTags string| clickInfo string| customInfo object| wcs object| na object| ms number| vs object| expireDate string| wcsSId string| metaTags2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.important-updates-center-029.cf/ | Name: MSFPC Value: ID=f48a3912ca3643f68fee721c8db53a6d&CS=0&LV=201905 |
|
important-updates-center-029.cf/micrsharepoint | Name: MC0 Value: 1558474240514 |
11 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
auth.gfx.ms
c.microsoft.com
cs.microsoft.com
important-updates-center-029.cf
c.microsoft.com
cs.microsoft.com
2a02:26f0:6c00:283::34ef
2a02:26f0:6c00:29f::34ef
3.104.121.124
01298bb0a71f0f14d4b58a2827b431a69e9aba77f77f9412b540fdac031162c8
127617f473f184116e282e43bd0781fa36c3bfba656c19c2722cb0f2ae3e2740
1fb467f7b10fb17b81588650aac7f3595ef1af6d1347e1e57293024673f1f8cc
2aee680c7b06b1113a640de397ef4464132b437b0844188e481c37ad051d9a28
356f7d1241f92c9de9c9cfd0bebb6c10d1b38508a3f37cebc26329c656bad19f
6c839475c71c8663730d2243f3249a3c6706003fa9c6f5bb64a862cee5b37cb5
786869320a7d38ae2b3a671df783549b5ac47f79294925046a4d2dfc31bc7bdb
857f692a576f9864bed14d395406693d10149179a26e4dc9ce36e6782a0ea510
8b62912f299e846007bb4945388401d69ec755c79116d0e86eeb3b4fb19831c3
921f3fb487ee81989ae938e3faa052b6e0b8e5a0a7112549774ffd6918fe7146
9a3e8da684458384b0c4491a26eed8a7ac5f6f842f3ef3185f4f320709be12e2
9d484ed2ea5d83df37f3163ea89b0ae598bc44fda47baf6736dc74a756767e8e
a54db03952cc4cb729ff1a932c6c78724858eeb18e5688d5834dbd8130d7aa55
b2766157ebf1d78b4284c68d170c066d77916e32472429845adc8b7ada274b7f
b621c9927a5ce93186803fb943eb9f0e679ca726ff9274c4790fc9cf89649a82
ba80f664bb6cb89c48c2d50baf1e5897940ed44946e902d52dd09b967616ce20
e24a8417f9e68ca635d037a403710d997fb518f305bf0db2dd0321ffd3e6694a
e851771010987108b93a445fd1b4015ff4d971d9fa89ee97d1b22e07f16ae147