myzerofoxlife.pw - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 5 HTTP transactions. The main IP is 2606:4700:30::681c:19f0, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is myzerofoxlife.pw.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on October 3rd 2018. Valid for: a year.

This is the only time myzerofoxlife.pw was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	78.142.63.38 78.142.63.38	31083 (TELEPOINT) (TELEPOINT)
1 5	2606:4700:30:... 2606:4700:30::681c:19f0	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
5	2

1 78.142.63.38 (Sofia, Bulgaria)

ASN31083 (TELEPOINT, BG)
PTR: europe.vivawebhost.com

view.umwo.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:30::681c:19f0 (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

myzerofoxlife.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	myzerofoxlife.pw 1 redirects myzerofoxlife.pw	1009 KB
1	umwo.org view.umwo.org	207 B
5	2

	Domain	Requested by
5	myzerofoxlife.pw	1 redirects myzerofoxlife.pw
1	view.umwo.org
5	2

This site contains no links.

Subject Issuer	Validity	Valid
view.umwo.org Let's Encrypt Authority X3	`2019-01-11` - `2019-04-11`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2018-10-03` - `2019-10-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://myzerofoxlife.pw/view/
Frame ID: 51FF4D032F3253A75A4299D6A6D7668A
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://view.umwo.org/red.htm Page URL
https://myzerofoxlife.pw/view HTTP 301
https://myzerofoxlife.pw/view/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

5
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1009 kB
Transfer

1009 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://view.umwo.org/red.htm Page URL
https://myzerofoxlife.pw/view HTTP 301
https://myzerofoxlife.pw/view/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	red.htm view.umwo.org/	76 B 207 B	286ms 62ms	Document text/html	78.142.63.38 TELEPOINT
General Check archive.org Show headers Download Go to Full URL https://view.umwo.org/red.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 78.142.63.38 Sofia, Bulgaria, ASN31083 (TELEPOINT, BG), Reverse DNS europe.vivawebhost.com Software Apache mod_bwlimited/1.4 / Resource Hash Request headers :method GET :authority view.umwo.org :scheme https :path /red.htm pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 200 date Fri, 11 Jan 2019 19:02:48 GMT server Apache mod_bwlimited/1.4 last-modified Fri, 11 Jan 2019 16:54:20 GMT etag "4c0262-4c-57f318bdaaef8" accept-ranges bytes content-length 76 content-type text/html
GET H2	200	Primary Request / Show response myzerofoxlife.pw/view/ Redirect Chain https://myzerofoxlife.pw/view https://myzerofoxlife.pw/view/	2 KB 1 KB	189ms 188ms	Document text/html	2606:4700:30::681c:19f0 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://myzerofoxlife.pw/view/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2606:4700:30::681c:19f0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `26a129285f918e8bbd2b8dd08c40af8abb07527f8c6f4ea4df0aa8af2cdcb762` Request headers :method GET :authority myzerofoxlife.pw :scheme https :path /view/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 referer https://view.umwo.org/red.htm accept-encoding gzip, deflate, br cookie __cfduid=d54b2c32a0023d87926c4f281d6ecdf881547233369 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://view.umwo.org/red.htm Response headers status 200 date Fri, 11 Jan 2019 19:02:49 GMT content-type text/html; charset=UTF-8 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 4979a3cefb8b6415-FRA content-encoding br Redirect headers status 301 date Fri, 11 Jan 2019 19:02:49 GMT content-type text/html; charset=iso-8859-1 set-cookie __cfduid=d54b2c32a0023d87926c4f281d6ecdf881547233369; expires=Sat, 11-Jan-20 19:02:49 GMT; path=/; domain=.myzerofoxlife.pw; HttpOnly location https://myzerofoxlife.pw/view/ expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 4979a3ce0ab76415-FRA
GET H2	200	t1.png myzerofoxlife.pw/view/images/	1005 KB 1006 KB	353ms 352ms	Image image/png	2606:4700:30::681c:19f0 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://myzerofoxlife.pw/view/images/t1.png Requested by Host: myzerofoxlife.pw URL: https://myzerofoxlife.pw/view/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2606:4700:30::681c:19f0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `91d9c0e4a91822f1b5d8544096e8ce8505a98e63ecab1e5a2c0459926aefde50` Request headers :path /view/images/t1.png pragma no-cache cookie __cfduid=d54b2c32a0023d87926c4f281d6ecdf881547233369 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority myzerofoxlife.pw referer https://myzerofoxlife.pw/view/ :scheme https :method GET Referer https://myzerofoxlife.pw/view/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Fri, 11 Jan 2019 19:02:49 GMT cf-cache-status MISS last-modified Fri, 06 Jul 2018 02:01:08 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4979a3d03cb86415-FRA content-length 1029343 expires Fri, 11 Jan 2019 23:02:49 GMT
GET H2	200	t2.png myzerofoxlife.pw/view/images/	503 B 587 B	208ms 208ms	Image image/png	2606:4700:30::681c:19f0 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://myzerofoxlife.pw/view/images/t2.png Requested by Host: myzerofoxlife.pw URL: https://myzerofoxlife.pw/view/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2606:4700:30::681c:19f0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `8624614099776f09ad94e296d1e8394eb5ef74b762b57b8df3e991e8523d326a` Request headers :path /view/images/t2.png pragma no-cache cookie __cfduid=d54b2c32a0023d87926c4f281d6ecdf881547233369 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority myzerofoxlife.pw referer https://myzerofoxlife.pw/view/ :scheme https :method GET Referer https://myzerofoxlife.pw/view/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Fri, 11 Jan 2019 19:02:49 GMT cf-cache-status MISS last-modified Fri, 06 Jul 2018 01:19:12 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4979a3d03cb96415-FRA content-length 503 expires Fri, 11 Jan 2019 23:02:49 GMT
GET H2	200	xt.png myzerofoxlife.pw/view/images/	495 B 660 B	195ms 195ms	Image image/png	2606:4700:30::681c:19f0 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://myzerofoxlife.pw/view/images/xt.png Requested by Host: myzerofoxlife.pw URL: https://myzerofoxlife.pw/view/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2606:4700:30::681c:19f0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `97a4488434a10d406081498268d1c4452209922cf1c5802134ad9d3693c41112` Request headers :path /view/images/xt.png pragma no-cache cookie __cfduid=d54b2c32a0023d87926c4f281d6ecdf881547233369 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority myzerofoxlife.pw referer https://myzerofoxlife.pw/view/ :scheme https :method GET Referer https://myzerofoxlife.pw/view/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Fri, 11 Jan 2019 19:02:49 GMT cf-cache-status MISS last-modified Fri, 06 Jul 2018 01:19:32 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4979a3d03cbc6415-FRA content-length 495 expires Fri, 11 Jan 2019 23:02:49 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.myzerofoxlife.pw/	1970-01-19 06:32:49	Name: __cfduid Value: d54b2c32a0023d87926c4f281d6ecdf881547233369

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

myzerofoxlife.pw
view.umwo.org
2606:4700:30::681c:19f0
78.142.63.38
26a129285f918e8bbd2b8dd08c40af8abb07527f8c6f4ea4df0aa8af2cdcb762
8624614099776f09ad94e296d1e8394eb5ef74b762b57b8df3e991e8523d326a
91d9c0e4a91822f1b5d8544096e8ce8505a98e63ecab1e5a2c0459926aefde50
97a4488434a10d406081498268d1c4452209922cf1c5802134ad9d3693c41112

myzerofoxlife.pw Open in urlscan Pro 2606:4700:30::681c:19f0 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

1009 kBTransfer

1009 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

myzerofoxlife.pw Open in urlscan Pro
2606:4700:30::681c:19f0 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1009 kB
Transfer

1009 kB
Size

1
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!