Submitted URL: http://bwwerq.cf/Uudd/mfile
Effective URL: https://bwwerq.cf/Uudd/mfile/
Submission: On December 13 via manual from US
Effective URL: https://bwwerq.cf/Uudd/mfile/
Submission: On December 13 via manual from US
Summary
This website contacted 3 IPs
in 1 countries
across 2 domains to perform 3 HTTP transactions.
The main IP is 198.54.120.214, located in Los Angeles, United States and belongs to NAMECHEAP-NET - Namecheap, Inc., US. The main domain is bwwerq.cf.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on December 13th 2019. Valid for: a year.
The main domain was scanned 2 times on urlscan.io Show Scans 2
755 structurally similar pages on different IPs, domains and ASNs found Show Scans 755
The main IP is 198.54.120.214, located in Los Angeles, United States and belongs to NAMECHEAP-NET - Namecheap, Inc., US. The main domain is bwwerq.cf.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on December 13th 2019. Valid for: a year.
The main domain was scanned 2 times on urlscan.io Show Scans 2
755 structurally similar pages on different IPs, domains and ASNs found Show Scans 755
Verdict: Malicious (Score: 100/100) Show Details
-
urlscan - Score: 100
phishingPhishing against Microsoft (Consumer) Sharepoint (Online)
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 4 | 198.54.120.214 198.54.120.214 | 22612 (NAMECHEAP...) (NAMECHEAP-NET - Namecheap) | |
| 1 | 13.107.136.9 13.107.136.9 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
| 3 | 3 |
4
198.54.120.214
(Los Angeles, United States)
ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
PTR: premium66-2.web-hosting.com
ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
PTR: premium66-2.web-hosting.com
| Domain Subdomains |
Transfer | |
|---|---|---|
| 4 |
bwwerq.cf
2 redirects
|
11 KB |
| 1 |
sharepoint.com
|
7 KB |
| 3 | 2 |
| Domain | Requested by | |
|---|---|---|
| 4 | bwwerq.cf |
2 redirects
bwwerq.cf
|
| 1 | vikinggenetics-my.sharepoint.com | |
| 3 | 2 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| go.microsoft.com |
| Subject / Issuer | Validity | Valid |
|---|---|---|
| bwwerq.cf Sectigo RSA Domain Validation Secure Server CA |
2019-12-13 - 2020-12-12 |
a year |
| *.sharepoint.com Microsoft IT TLS CA 1 |
2018-03-07 - 2020-03-06 |
2 years |
Screenshot
Detected technologies
Microsoft SharePoint
(CMS)
Web
Apache
(Web Servers)
Web
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Stats
0
Requests
0
Ad-blocked
0
Malicious
0
%
HTTPS
0
%
IPv6
0
Domains
0
Subdomains
0
IPs
0
Countries
0
kB
Transfer
0
kB
Size
0
Cookies
1 Outgoing links
These are links going to different origins than the main page. For each link, only the first name is shown.
- https://go.microsoft.com/fwlink/?linkid=845480
Title: Privacy & Cookies
3 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
/
/Uudd/mfile Redirect Chain
|
22 KB 9 KB |
Document text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
microsoft_logo.svg
/Uudd/mfile/naf/inf |
4 KB 2 KB |
Image image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
data:truncated
data:truncated |
2 KB 2 KB |
Font application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pdf.png
vikinggenetics-my.sharepoint.com/personal/datho_vikinggenetics_com_au/_layouts/15/images |
7 KB 7 KB |
Image image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Redirect requests
There were HTTP redirects (301, 302) for the following requests:
Request 0- http://bwwerq.cf/Uudd/mfile
- https://bwwerq.cf/Uudd/mfile
- https://bwwerq.cf/Uudd/mfile/
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan - Score: 100
Categories:phishing
Tags:
phishing
Phishing against: Microsoft (Consumer) Sharepoint (Online)
9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate number| g_responseEnd object| FabricConfig function| setImageUrl function| _spBodyOnLoad number| g_duration number| g_iisLatency number| g_requireJSDone0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators of compromise (IoCs)
This is a term in the security industry to describe indicators around an attack. This includes IPs, hashes, domains, etc.
bwwerq.cf vikinggenetics-my.sharepoint.com 13.107.136.9 198.54.120.214 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a 29b7a9358abdc68c51db5a5af4a4f4e2e041a67527adee2366b1f84f116fe9a5 ce3d11fc2297995d19c211b046134a7cfc3081cc5c4c5b5791562236d93d9b46 db307fcef7f95139689007d7a623b340ec21282bd421c4e4b2ba09078f230545