msg0x4.webcindario.com
Open in
urlscan Pro
5.57.226.202
Malicious Activity!
Public Scan
Submission: On June 11 via manual from CO
Summary
This is the only time msg0x4.webcindario.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 5.57.226.202 5.57.226.202 | 29119 (SERVIHOST...) (SERVIHOSTING-AS AireNetworks - StackScale) | |
6 | 207.154.211.148 207.154.211.148 | () () | |
3 | 2a00:1450:400... 2a00:1450:4001:81d::200a | 15169 (GOOGLE) (GOOGLE - Google Inc.) | |
1 | 95.211.120.76 95.211.120.76 | 60781 (LEASEWEB-...) (LEASEWEB-NL Netherlands) | |
4 | 95.101.245.11 95.101.245.11 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
18 | 6 |
ASN29119 (SERVIHOSTING-AS AireNetworks - StackScale, ES)
msg0x4.webcindario.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-101-245-11.deploy.akamaitechnologies.com
auth.gfx.ms |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
msg0x4.top
msg0x4.top Failed |
1 KB |
4 |
gfx.ms
auth.gfx.ms |
20 KB |
3 |
googleapis.com
ajax.googleapis.com |
89 KB |
1 |
iforbes.club
iforbes.club |
6 KB |
1 |
singlehtml.com
l0x2gin.singlehtml.com Failed |
937 B |
1 |
webcindario.com
msg0x4.webcindario.com |
|
18 | 6 |
Domain | Requested by | |
---|---|---|
5 | msg0x4.top |
ajax.googleapis.com
|
4 | auth.gfx.ms |
msg0x4.webcindario.com
|
3 | ajax.googleapis.com |
msg0x4.top
l0x2gin.singlehtml.com |
1 | iforbes.club |
l0x2gin.singlehtml.com
|
1 | l0x2gin.singlehtml.com |
ajax.googleapis.com
|
1 | msg0x4.webcindario.com | |
18 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
signup.live.com |
account.live.com |
login.live.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.googleapis.com Google Internet Authority G2 |
2017-05-31 - 2017-08-23 |
3 months | crt.sh |
msagfx.live.com Symantec Class 3 Secure Server CA - G4 |
2016-12-14 - 2018-12-15 |
2 years | crt.sh |
This page contains 3 frames:
Frame:
http://msg0x4.top/
Frame ID: 31187.1
Requests: 3 HTTP requests in this frame
Frame:
http://l0x2gin.singlehtml.com/?q=tm2uscxz
Frame ID: 31206.1
Requests: 8 HTTP requests in this frame
Frame:
http://l0x2gin.singlehtml.com/?q=tm2uscxz
Frame ID: 31229.1
Requests: 7 HTTP requests in this frame
5 Outgoing links
These are links going to different origins than the main page.
Title: Cree una.
Search URL Search Domain Scan URL
Title: Olvidé mi contraseña
Search URL Search Domain Scan URL
Title: Inicia sesión con una cuenta Microsoft diferente
Search URL Search Domain Scan URL
Title: Términos de uso
Search URL Search Domain Scan URL
Title: Privacidad y cookies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
msg0x4.webcindario.com/ |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
msg0x4.top/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon.ico
msg0x4.webcindario.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
msg0x4.top/ Frame 3120 |
312 B 312 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.1.0/ Frame 3120 |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
Cookie set
get
msg0x4.top/ Frame 3120 |
57 B 57 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
msg0x4.top/ Frame 3120 |
1 KB 708 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
o
msg0x4.top/ Frame 3120 |
309 B 309 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.1.0/ Frame 3120 |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
out
msg0x4.top/ Frame 3120 |
71 B 71 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
l0x2gin.singlehtml.com/ Frame 3120 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
l0x2gin.singlehtml.com/ Frame 3122 |
937 B 937 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.1.0/ Frame 3122 |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
iforbes.club/ Frame 3122 |
13 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Default2058.css
auth.gfx.ms/16.000.26513.01/ Frame 3122 |
73 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AppCentipede_Microsoft.svg
auth.gfx.ms/16.000.26513.01/AppCentipede/ Frame 3122 |
7 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Microsoft_Logotype_Gray.svg
auth.gfx.ms/16.000.26513.01/ Frame 3122 |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
auth.gfx.ms/16.000.26513.01/ Frame 3122 |
17 KB 540 B |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- msg0x4.top
- URL
- http://msg0x4.top/
- Domain
- msg0x4.webcindario.com
- URL
- http://msg0x4.webcindario.com/favicon.ico
- Domain
- l0x2gin.singlehtml.com
- URL
- http://l0x2gin.singlehtml.com/?q=tm2uscxz
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
auth.gfx.ms
iforbes.club
l0x2gin.singlehtml.com
msg0x4.top
msg0x4.webcindario.com
l0x2gin.singlehtml.com
msg0x4.top
msg0x4.webcindario.com
207.154.211.148
2a00:1450:4001:81d::200a
5.57.226.202
95.101.245.11
95.211.120.76
356f7d1241f92c9de9c9cfd0bebb6c10d1b38508a3f37cebc26329c656bad19f
702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
ab80af3bb6f039e19389b05c33dff195b3a1a77c2714f335fab06e30c48182a8
bde5e27f76f371121f1955806f1b662f323f3793b079455f5bfe83365a393625
c177f7195d0180ad59c76a380e03d878b1772833646dff57ec700957f2d5a606
ca1d4f14b5008eeedb951ae04db99a83eec79ef8f750fec4d2ee30d162afbdb2
ca402c12d930a23c825d100f1a1e4cc47e8aaeb018bf7e9329b9632daa371ced
ca51126392034feb4e23601b55d23ab3f2ed6c46365b05eafb88ee18b4bbf37d
df44c55c64bbd2370d67619348bf847feee246ceca0882b73fff8ef06db4aedc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8127177be046e545721ecfb31baa68814d1978b330696e2b811f57302a5ba85
eb517fa156eab977e3c8a1954fbeb43498b1d7d6d5c553dd3be71860ad25d269