apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
Open in
urlscan Pro
43.152.64.193
Malicious Activity!
Public Scan
Submitted URL: http://www.lagottodirubbiana.it/kyrd-40646r3317/
Effective URL: https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/U5drr77B4bG24uamDAumphbjXnHZMP/fmZZRh1eG6E5MvxD7eJQWGej79Ctm4/fv2UDmpB1R9XFSEgRNTHLJpVR1YTHa/qXq...
Submission: On January 28 via manual from IT — Scanned from IT
Effective URL: https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/U5drr77B4bG24uamDAumphbjXnHZMP/fmZZRh1eG6E5MvxD7eJQWGej79Ctm4/fv2UDmpB1R9XFSEgRNTHLJpVR1YTHa/qXq...
Submission: On January 28 via manual from IT — Scanned from IT
Summary
This website contacted 8 IPs
in 3 countries
across 7 domains to perform 16 HTTP transactions.
The main IP is 43.152.64.193, located in
Singapore, Singapore and
belongs to TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN.
The main domain is apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com.
TLS certificate: Issued by GlobalSign Organization Validation CA... on March 6th 2023. Valid for: a year.
This is the only time apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com was scanned on urlscan.io!
TLS certificate: Issued by GlobalSign Organization Validation CA... on March 6th 2023. Valid for: a year.
This is the only time apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 89.46.108.49 89.46.108.49 | 31034 (ARUBA-ASN) (ARUBA-ASN) | |
| 1 | 104.21.235.195 104.21.235.195 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 43.152.64.193 43.152.64.193 | 132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building) | |
| 2 | 151.101.194.137 151.101.194.137 | () () | |
| 1 | () () | ||
| 1 | 104.17.24.14 104.17.24.14 | () () | |
| 1 | 185.31.40.24 185.31.40.24 | () () | |
| 8 | 152.199.23.37 152.199.23.37 | () () | |
| 16 | 8 |
1
89.46.108.49
(Arezzo, Italy)
ASN31034 (ARUBA-ASN, IT)
PTR: webx1305.aruba.it
ASN31034 (ARUBA-ASN, IT)
PTR: webx1305.aruba.it
| www.lagottodirubbiana.it |
1
43.152.64.193
(Singapore, Singapore)
ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
| apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 8 |
msftauth.net
aadcdn.msftauth.net |
5 KB |
| 2 |
jquery.com
code.jquery.com |
60 KB |
| 2 |
myqcloud.com
apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com |
37 KB |
| 1 |
alwaysdata.net
adminpanel.alwaysdata.net |
17 KB |
| 1 |
cloudflare.com
cdnjs.cloudflare.com |
6 KB |
| 1 |
allorigins.win
api.allorigins.win — Cisco Umbrella Rank: 497147 |
996 B |
| 1 |
lagottodirubbiana.it
www.lagottodirubbiana.it |
1 KB |
| 16 | 7 |
| Domain | Requested by | |
|---|---|---|
| 8 | aadcdn.msftauth.net |
apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
|
| 2 | code.jquery.com |
apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
|
| 2 | apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com |
www.lagottodirubbiana.it
apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com |
| 1 | adminpanel.alwaysdata.net |
apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
|
| 1 | cdnjs.cloudflare.com |
apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
|
| 1 | api.allorigins.win |
www.lagottodirubbiana.it
|
| 1 | www.lagottodirubbiana.it | |
| 16 | 7 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| allorigins.win E1 |
2023-12-04 - 2024-03-03 |
3 months | crt.sh |
| *.cos.ap-singapore.myqcloud.com GlobalSign Organization Validation CA - SHA256 - G3 |
2023-03-06 - 2024-04-06 |
a year | crt.sh |
| *.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
| *.alwaysdata.net R3 |
2023-12-12 - 2024-03-11 |
3 months | crt.sh |
| aadcdn.msftauth.net DigiCert SHA2 Secure Server CA |
2023-12-01 - 2024-12-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/U5drr77B4bG24uamDAumphbjXnHZMP/fmZZRh1eG6E5MvxD7eJQWGej79Ctm4/fv2UDmpB1R9XFSEgRNTHLJpVR1YTHa/qXqURSJ8y4SfX2pYuyFp4chUXDv5q1/caffcTE4uiNNcRbApgMzmmE665jcfR/RnX0xmMgt7HPVac7ZVhHndWfcc21SA/854Y6FBMjfVFrbDd1f8mjpC2iB2YVL/3jja0SPP0gn2mmKLN5Q3Rhb85mBL29/U0tQMXfBT2uWMpdNA3vDeXf0iQzCtw/1A4UjpU69jr6WTu7BggmXZVi5HGiKN/appc.htm
Frame ID: B5006046C8BB3404B28C8B7F19E3FA3E
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://www.lagottodirubbiana.it/kyrd-40646r3317/ Page URL
- https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/U5drr77B4bG24uamDAumphbjXnHZMP/fmZZRh1eG6E5MvxD7eJQWGej79Ctm4/fv2UDmpB1R9XFS... Page URL
Detected technologies
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://www.lagottodirubbiana.it/kyrd-40646r3317/ Page URL
- https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/U5drr77B4bG24uamDAumphbjXnHZMP/fmZZRh1eG6E5MvxD7eJQWGej79Ctm4/fv2UDmpB1R9XFSEgRNTHLJpVR1YTHa/qXqURSJ8y4SfX2pYuyFp4chUXDv5q1/caffcTE4uiNNcRbApgMzmmE665jcfR/RnX0xmMgt7HPVac7ZVhHndWfcc21SA/854Y6FBMjfVFrbDd1f8mjpC2iB2YVL/3jja0SPP0gn2mmKLN5Q3Rhb85mBL29/U0tQMXfBT2uWMpdNA3vDeXf0iQzCtw/1A4UjpU69jr6WTu7BggmXZVi5HGiKN/appc.htm Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
www.lagottodirubbiana.it/kyrd-40646r3317/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
raw
api.allorigins.win/ |
387 B 996 B |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
appc.htm
apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/U5drr77B4bG24uamDAumphbjXnHZMP/fmZZRh1eG6E5MvxD7eJQWGej79Ctm4/fv2UDmpB1R9XFSEgRNTHLJpVR1YTHa/qXqURSJ8y4SfX2pYuyFp4chUXDv5q1/caffcTE4uiNN... |
37 KB 37 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-3.4.1.min.js
code.jquery.com/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
ae554c33-4b3c-409d-9df9-e3ed77109dd3
https://apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com/ |
26 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
37 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
styles.css
adminpanel.alwaysdata.net/ |
132 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msftauth.net/ests/2.1/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg
aadcdn.msftauth.net/ests/2.1/content/images/ |
756 B 788 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
picker_more_7568a43cf440757c55d2e7f51557ae1f.svg
aadcdn.msftauth.net/ests/2.1/content/images/ |
899 B 409 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
picker_account_add_56e73414003cdb676008ff7857343074.svg
aadcdn.msftauth.net/ests/2.1/content/images/ |
222 B 334 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
aadcdn.msftauth.net/ests/2.1/content/images/ |
513 B 427 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
aadcdn.msftauth.net/ests/2.1/content/images/ |
900 B 404 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
aadcdn.msftauth.net/ests/2.1/content/images/ |
915 B 390 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-3.1.1.min.js
code.jquery.com/ |
85 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
2_bc3d32a696895f78c19df6c717586a5d.svg
aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/ |
2 KB 843 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msftauth.net
adminpanel.alwaysdata.net
api.allorigins.win
apply-msagerementsp-1318427319.cos.ap-singapore.myqcloud.com
cdnjs.cloudflare.com
code.jquery.com
www.lagottodirubbiana.it
104.17.24.14
104.21.235.195
151.101.194.137
152.199.23.37
185.31.40.24
43.152.64.193
89.46.108.49
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
2ce656adce90b7fa4e9e093997841a9308fdb851905ad30cec486df705091cc8
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
5d3357bd875b7335ace42e8ee3a64578e4253bed1a4e279109de403eedae3a69
61d7ccc5d2c41bf86be6cefb0063405067849ba64e9f219f60596ef09a54a942
66c11a9b1ad3918a7b6425b9f5999613d95c84b8701529ba061daae7d244fecb
749f85621d92a5b31b2a377a8c385a36d48a83327dad9a8a8da93cd831b8c9a2
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8a770aef10c7cd96318ed85657b30eb742901b681dcee2cb7000bf5a5808cccc
b7fcd37eaafe3f08647ed072d5289eadfff6c660a26cdef31532b3fcfb4a0bb2
bd35bebddac1e4b1f4e255b9359ecb84b98cb5f8d8498474f0347b1992c01dfc