sharedrive.msbox-ms.top
Open in
urlscan Pro
85.117.234.156
Malicious Activity!
Public Scan
Effective URL: https://sharedrive.msbox-ms.top/voice/index_login.php?id=nconklin@urbanfinancialgroup.com&s_details=SFIgRGVwdDtNUzA1NCBDb3ZpZDE5...
Submission: On June 18 via api from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on June 18th 2020. Valid for: 3 months.
This is the only time sharedrive.msbox-ms.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.234.161.175 54.234.161.175 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 2 | 199.192.26.229 199.192.26.229 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 85.117.234.156 85.117.234.156 | 51659 (ASBAXET) (ASBAXET) | |
2 | 3 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-234-161-175.compute-1.amazonaws.com
shared.outlook.inky.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
lenqueteur.net
1 redirects
gratitude.lenqueteur.net |
822 B |
1 |
msbox-ms.top
sharedrive.msbox-ms.top |
85 KB |
1 |
inky.com
1 redirects
shared.outlook.inky.com |
455 B |
2 | 3 |
Domain | Requested by | |
---|---|---|
2 | gratitude.lenqueteur.net | 1 redirects |
1 | sharedrive.msbox-ms.top |
gratitude.lenqueteur.net
|
1 | shared.outlook.inky.com | 1 redirects |
2 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
gratitude.lenqueteur.net Let's Encrypt Authority X3 |
2020-06-04 - 2020-09-02 |
3 months | crt.sh |
sharedrive.msbox-ms.top Let's Encrypt Authority X3 |
2020-06-18 - 2020-09-16 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://sharedrive.msbox-ms.top/voice/index_login.php?id=nconklin@urbanfinancialgroup.com&s_details=SFIgRGVwdDtNUzA1NCBDb3ZpZDE5IFByZWNhdXRpb25zLnBkZg==&xuuid=1b0829dd-4164-47bd-9689-9b37f4dd8f8e
Frame ID: 0048C5B19613C6CE145E30FB33F13A95
Requests: 4 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://shared.outlook.inky.com/link?domain=gratitude.lenqueteur.net\u0026amp;t=eyJ0eXAiOiJKV1QiLCJhbGciOiJF...
HTTP 303
https://gratitude.lenqueteur.net/screen.php?New_tWfgGGT____soppdYTW_____opUtyDheGWWeQiWJDD___fhfhKLHJSfCxsD=n... Page URL
-
https://gratitude.lenqueteur.net/reviews.php?id=nconklin@urbanfinancialgroup.com&width=1600&height=1200
HTTP 302
https://sharedrive.msbox-ms.top/voice/index_login.php?id=nconklin@urbanfinancialgroup.com&s_details=SFIgRGVw... Page URL
Detected technologies
Ubuntu (Operating Systems) ExpandDetected patterns
- headers server /Ubuntu/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://shared.outlook.inky.com/link?domain=gratitude.lenqueteur.net\u0026amp;t=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eJxVUduOmzAQ_Rce-hQlTVRUJVLU3UJDQnNRFqjXKBLywhjM2ob6sgmp-u81W_Wh8zQ6mjk6l1-eASJY5a08yiSRJXSUCFCsJN7EY9KAkoR7K0q4hokH7k52Cno-PGgiSqLMtOyEOx0Z_kescn9eY0yvV5fZZVYrYpixFUw5yJ8WDFg1lWAuM10qADntm_7LEa6FQbSOorRwo7u-r3CKxr3o-swMYQMRQnBmKA5DB9KGNt_32zihwU2Ha1l28pUz-WDVC5F_LTHCa9XZftT1gQZBWzVPaFBDECTP78y0pU242W43jW7WyWb3OUHz6549tqf07B_TQ51t47c88K95hNfO2SnzVtJyPvFMo4CYgsMbOLNzl9iYQy64xchvc7QUGM15KXiLk6XFi6Uli1v_8vpV4OeYV-LHUC6yETf7-87H7eMtF7E4tNkcL3J2DOsrTiuB2_qO2_Mn3Fb8EOFhf_82P6W7j6fw7B_uO-v2UZbVoAoQhPGCVJUCrce2_gVCiXIqlYb3en7_AX2Nsak.MEQCIFhTwhY-s9DnEyOnxQuePom1jkszqWL_VZu3DH3F26OMAiBTW5mL50fJCYpyhewLKXhS8-6qB_cKarxBJR3q5G2AnQ\
HTTP 303
https://gratitude.lenqueteur.net/screen.php?New_tWfgGGT____soppdYTW_____opUtyDheGWWeQiWJDD___fhfhKLHJSfCxsD=nconklin@urbanfinancialgroup.com&fCCjdhRWyryCCSXW____fjfhDFHHFhsh=SFI7SW1wLiAjOTQ5NTMgUHJvZC5wZGY= Page URL
-
https://gratitude.lenqueteur.net/reviews.php?id=nconklin@urbanfinancialgroup.com&width=1600&height=1200
HTTP 302
https://sharedrive.msbox-ms.top/voice/index_login.php?id=nconklin@urbanfinancialgroup.com&s_details=SFIgRGVwdDtNUzA1NCBDb3ZpZDE5IFByZWNhdXRpb25zLnBkZg==&xuuid=1b0829dd-4164-47bd-9689-9b37f4dd8f8e Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://shared.outlook.inky.com/link?domain=gratitude.lenqueteur.net\u0026amp;t=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eJxVUduOmzAQ_Rce-hQlTVRUJVLU3UJDQnNRFqjXKBLywhjM2ob6sgmp-u81W_Wh8zQ6mjk6l1-eASJY5a08yiSRJXSUCFCsJN7EY9KAkoR7K0q4hokH7k52Cno-PGgiSqLMtOyEOx0Z_kescn9eY0yvV5fZZVYrYpixFUw5yJ8WDFg1lWAuM10qADntm_7LEa6FQbSOorRwo7u-r3CKxr3o-swMYQMRQnBmKA5DB9KGNt_32zihwU2Ha1l28pUz-WDVC5F_LTHCa9XZftT1gQZBWzVPaFBDECTP78y0pU242W43jW7WyWb3OUHz6549tqf07B_TQ51t47c88K95hNfO2SnzVtJyPvFMo4CYgsMbOLNzl9iYQy64xchvc7QUGM15KXiLk6XFi6Uli1v_8vpV4OeYV-LHUC6yETf7-87H7eMtF7E4tNkcL3J2DOsrTiuB2_qO2_Mn3Fb8EOFhf_82P6W7j6fw7B_uO-v2UZbVoAoQhPGCVJUCrce2_gVCiXIqlYb3en7_AX2Nsak.MEQCIFhTwhY-s9DnEyOnxQuePom1jkszqWL_VZu3DH3F26OMAiBTW5mL50fJCYpyhewLKXhS8-6qB_cKarxBJR3q5G2AnQ\ HTTP 303
- https://gratitude.lenqueteur.net/screen.php?New_tWfgGGT____soppdYTW_____opUtyDheGWWeQiWJDD___fhfhKLHJSfCxsD=nconklin@urbanfinancialgroup.com&fCCjdhRWyryCCSXW____fjfhDFHHFhsh=SFI7SW1wLiAjOTQ5NTMgUHJvZC5wZGY=
2 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
screen.php
gratitude.lenqueteur.net/ Redirect Chain
|
198 B 410 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
index_login.php
sharedrive.msbox-ms.top/voice/ Redirect Chain
|
144 KB 85 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
95 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| validate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
gratitude.lenqueteur.net
shared.outlook.inky.com
sharedrive.msbox-ms.top
199.192.26.229
54.234.161.175
85.117.234.156
43eda226b96a60b08831a70f42c072e538736289e32632ddbce4e4a5ac5a3bf7
472642e023f7bbc385c990c398c26a2f9b78de91649dd1ffaefe2efab983481f
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c