login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng
Open in
urlscan Pro
66.23.228.35
Malicious Activity!
Public Scan
Effective URL: http://login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng/6952330e164ade064bcf53d1aaac.php?sam=77Inboxaspxn9aa1d87121d7d8c10ca56f7334a3&Id9aa1d87121d7d8c1...
Submission: On July 31 via manual from US
Summary
This is the only time login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online) Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 192.151.158.138 192.151.158.138 | 33387 (DATASHACK) (DATASHACK - DataShack) | |
1 9 | 66.23.228.35 66.23.228.35 | 19318 (IS-AS-1) (IS-AS-1 - Interserver) | |
1 | 54.148.84.95 54.148.84.95 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 2 | 192.186.220.3 192.186.220.3 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
11 | 4 |
ASN33387 (DATASHACK - DataShack, LC, US)
PTR: spiker.spicywebhost.com
biladotradings.com.ng |
ASN19318 (IS-AS-1 - Interserver, Inc, US)
PTR: server.perfectvisual.net
login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-148-84-95.us-west-2.compute.amazonaws.com
www.sitepoint.com |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-192-186-220-3.ip.secureserver.net
csscheckbox.com | |
www.csscheckbox.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
ezogodins.com.ng
1 redirects
login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng |
621 KB |
2 |
csscheckbox.com
1 redirects
csscheckbox.com www.csscheckbox.com |
1 KB |
2 |
biladotradings.com.ng
1 redirects
biladotradings.com.ng |
732 B |
1 |
sitepoint.com
www.sitepoint.com |
6 KB |
11 | 4 |
Domain | Requested by | |
---|---|---|
9 | login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng |
1 redirects
login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng
|
2 | biladotradings.com.ng | 1 redirects |
1 | www.csscheckbox.com |
login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng
|
1 | csscheckbox.com | 1 redirects |
1 | www.sitepoint.com |
login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng
|
11 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng/6952330e164ade064bcf53d1aaac.php?sam=77Inboxaspxn9aa1d87121d7d8c10ca56f7334a3&Id9aa1d87121d7d8c10ca56f7334a3&doc95497bd5c082c65d8e6757086c7a&email=&jiv95497bd5c082c65d8e6757086c7a&xls1d&id=fav&doc
Frame ID: EB8FE281ED4D1B6159E1C7F078F9E684
Requests: 11 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://biladotradings.com.ng/s
HTTP 301
http://biladotradings.com.ng/s/ Page URL
-
http://login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng/?ll=
HTTP 302
http://login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng/6952330e164ade064bcf53d1aaac.php?sam=77Inboxaspxn9aa1d87121d7d8c10ca56f7334a... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://biladotradings.com.ng/s
HTTP 301
http://biladotradings.com.ng/s/ Page URL
-
http://login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng/?ll=
HTTP 302
http://login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng/6952330e164ade064bcf53d1aaac.php?sam=77Inboxaspxn9aa1d87121d7d8c10ca56f7334a3&Id9aa1d87121d7d8c10ca56f7334a3&doc95497bd5c082c65d8e6757086c7a&email=&jiv95497bd5c082c65d8e6757086c7a&xls1d&id=fav&doc Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://biladotradings.com.ng/s HTTP 301
- http://biladotradings.com.ng/s/
- http://csscheckbox.com/checkboxes/u/csscheckbox_a4824bcf5d413f078bdd6abd3e6e5bf4.png HTTP 301
- http://www.csscheckbox.com/checkboxes/u/csscheckbox_a4824bcf5d413f078bdd6abd3e6e5bf4.png
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
biladotradings.com.ng/s/ Redirect Chain
|
268 B 480 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
6952330e164ade064bcf53d1aaac.php
login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng/ Redirect Chain
|
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MaskedPassword.js
www.sitepoint.com/examples/password/MaskedPassword/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
conv.min.css
login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng/css/ |
18 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
t3.png
login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng/images/ |
25 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logn.png
login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng/images/ |
574 B 815 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
m9.png
login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng/images/ |
753 B 994 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
m10.png
login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng/images/ |
518 B 759 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
csscheckbox_a4824bcf5d413f078bdd6abd3e6e5bf4.png
www.csscheckbox.com/checkboxes/u/ Redirect Chain
|
536 B 804 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
t1.jpg
login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng/images/ |
566 KB 566 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
small.jpg
login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng/images/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online) Microsoft (Consumer)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| MaskedPassword function| unhideBody0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
biladotradings.com.ng
csscheckbox.com
login.microsoftonline.com-common-oauth2-authorize-clientid-secureserver.privategold.nggfrdssdfvjbhgfghbtyh.ezogodins.com.ng
www.csscheckbox.com
www.sitepoint.com
192.151.158.138
192.186.220.3
54.148.84.95
66.23.228.35
2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825
3328548bcb03a94996313cb4d9b1b014b1a85cd5e6519c7fd0b9446b78e69208
4b1f1066a333be745bf9980a13fee94b64d872b8dfcdea01df735ef73310b88b
6689b88e97e5847b5b3442488016e853cd3be24ca14d4a98f52f4990e5e60b29
7764c38d71f5ee52d39f237f08b4e82b4715c73bfa0afbaee30a60b0dfd058ca
85e2ac81e461ab1ade344e29a40a6b92b83e8b231e092003dd52042c007e28bb
891c2d6ec651098bd4057fd89bbbeb59f75c450b674aaec534ee97244af7ac84
8d55c6b6fb3ac0199d9a0a9322d8caf4269cdb917a2334a21fbd36bf8b8eb703
9dd5e031a96cb31830ef2fb13009f70f2001f7204e8e96faf0999821e7dd67eb
c97d1d203e88bb6e827e3df7f611a2950e1d9b5ee6acd996f337561524389c34
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855