cockos.bid
Open in
urlscan Pro
104.28.20.162
Malicious Activity!
Public Scan
Submission: On April 27 via manual from US
Summary
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on April 27th 2018. Valid for: 6 months.
This is the only time cockos.bid was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 104.28.20.162 104.28.20.162 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
7 | 1 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cockos.bid |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
cockos.bid
cockos.bid |
637 KB |
7 | 1 |
Domain | Requested by | |
---|---|---|
7 | cockos.bid |
cockos.bid
|
7 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni63558.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-04-27 - 2018-11-03 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://cockos.bid/statement/ach_remittance_statement_of_accouunt-398163152731962891632168-microsoftonline.login.843715381auth2document-pdf/file/login.php
Frame ID: 63556D903DEFC6E1A7C0F727E76AF883
Requests: 7 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /cloudflare/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Terms of use
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.php
cockos.bid/statement/ach_remittance_statement_of_accouunt-398163152731962891632168-microsoftonline.login.843715381auth2document-pdf/file/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
conv.min.css
cockos.bid/statement/ach_remittance_statement_of_accouunt-398163152731962891632168-microsoftonline.login.843715381auth2document-pdf/file/css/ |
18 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lofo.png
cockos.bid/statement/ach_remittance_statement_of_accouunt-398163152731962891632168-microsoftonline.login.843715381auth2document-pdf/file/images/ |
44 KB 44 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m6.png
cockos.bid/statement/ach_remittance_statement_of_accouunt-398163152731962891632168-microsoftonline.login.843715381auth2document-pdf/file/images/ |
422 B 422 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
continue.png
cockos.bid/statement/ach_remittance_statement_of_accouunt-398163152731962891632168-microsoftonline.login.843715381auth2document-pdf/file/images/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t1.jpg
cockos.bid/statement/ach_remittance_statement_of_accouunt-398163152731962891632168-microsoftonline.login.843715381auth2document-pdf/file/images/ |
566 KB 567 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
small.jpg
cockos.bid/statement/ach_remittance_statement_of_accouunt-398163152731962891632168-microsoftonline.login.843715381auth2document-pdf/file/images/ |
460 B 460 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| unhideBody0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cockos.bid
104.28.20.162
4a85514093de00ade19131ac893aa3d5d4dd5e2195557ecba4b27c0350e5262c
6689b88e97e5847b5b3442488016e853cd3be24ca14d4a98f52f4990e5e60b29
68b035e4914cf1ed97a02d5c4d424e9f3b32db5fb5a75f9b2061ed60b7a5e3d7
7764c38d71f5ee52d39f237f08b4e82b4715c73bfa0afbaee30a60b0dfd058ca
b1105afde501a3d918dcde0ee51a65ab4e519deb118b59f4a51f7642854420ef
b1f46d918d4d8225d4e785dbd5596577337f969868a6f5f2ee5291424595b2aa
e1597a3895eb3548ce1160d7f10dc1f7894815132e61a5beda1efa79e2cfef9b