myoffserverdns.org
Open in
urlscan Pro
45.122.138.249
Malicious Activity!
Public Scan
Effective URL: https://myoffserverdns.org/q234t34y/a8f393621f61442943b4f24c.php?cmd=login_submit&id=ed3af104cc1f13f18567116f82456ed2ed3af1...
Submission: On May 15 via manual from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 15th 2018. Valid for: 3 months.
This is the only time myoffserverdns.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 4 | 46.28.69.83 46.28.69.83 | 15626 (ITLAS) (ITLAS) | |
1 7 | 45.122.138.249 45.122.138.249 | 132742 (GGL-AS-AP...) (GGL-AS-AP Guochao Group limited) | |
8 | 3 |
ASN132742 (GGL-AS-AP Guochao Group limited, HK)
myoffserverdns.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
myoffserverdns.org
1 redirects
myoffserverdns.org |
630 KB |
4 |
ver.com.ua
2 redirects
ver.com.ua |
1 KB |
8 | 2 |
Domain | Requested by | |
---|---|---|
7 | myoffserverdns.org |
1 redirects
myoffserverdns.org
|
4 | ver.com.ua | 2 redirects |
8 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
myoffserverdns.org cPanel, Inc. Certification Authority |
2018-05-15 - 2018-08-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://myoffserverdns.org/q234t34y/a8f393621f61442943b4f24c.php?cmd=login_submit&id=ed3af104cc1f13f18567116f82456ed2ed3af104cc1f13f18567116f82456ed2&session=ed3af104cc1f13f18567116f82456ed2ed3af104cc1f13f18567116f82456ed2
Frame ID: C421AC6B594706E8AA9F5BF884DB79B7
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://ver.com.ua/u
HTTP 301
http://ver.com.ua/u/ Page URL
- http://ver.com.ua/u/checkout/?id=7366dd42e992637313e0cc54b08023317366dd42e992637313e0cc54b0802331 Page URL
-
http://ver.com.ua/u/checkout/backup.php?id=e68808916d977e4200ad6b27b6fe22ade68808916d977e4200a...
HTTP 302
https://myoffserverdns.org/q234t34y/ HTTP 302
https://myoffserverdns.org/q234t34y/a8f393621f61442943b4f24c.php?cmd=login_submit&id=ed3af104cc1f13f185... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- script /modernizr(?:-([\d.]*[\d]))?.*\.js/i
- env /^Modernizr$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://ver.com.ua/u
HTTP 301
http://ver.com.ua/u/ Page URL
- http://ver.com.ua/u/checkout/?id=7366dd42e992637313e0cc54b08023317366dd42e992637313e0cc54b0802331 Page URL
-
http://ver.com.ua/u/checkout/backup.php?id=e68808916d977e4200ad6b27b6fe22ade68808916d977e4200ad6b27b6fe22ad
HTTP 302
https://myoffserverdns.org/q234t34y/ HTTP 302
https://myoffserverdns.org/q234t34y/a8f393621f61442943b4f24c.php?cmd=login_submit&id=ed3af104cc1f13f18567116f82456ed2ed3af104cc1f13f18567116f82456ed2&session=ed3af104cc1f13f18567116f82456ed2ed3af104cc1f13f18567116f82456ed2 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://ver.com.ua/u HTTP 301
- http://ver.com.ua/u/
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
ver.com.ua/u/ Redirect Chain
|
122 B 346 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
ver.com.ua/u/checkout/ |
123 B 347 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
a8f393621f61442943b4f24c.php
myoffserverdns.org/q234t34y/ Redirect Chain
|
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
page-style.css
myoffserverdns.org/q234t34y/css/ |
6 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
all.js
myoffserverdns.org/q234t34y/script/ |
185 KB 185 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modernizr.js
myoffserverdns.org/q234t34y/script/ |
50 KB 50 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
myoffserverdns.org/q234t34y/script/ |
93 KB 93 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0.jpg
myoffserverdns.org/q234t34y/image/ |
291 KB 291 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
975 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| truncate function| strip object| html5 object| Modernizr function| $ function| jQuery function| isValidEmailAddress0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
myoffserverdns.org
ver.com.ua
45.122.138.249
46.28.69.83
56cbaaa45d47529c4e47598c66d46975a195dc1c5a891f83af90d8137199ef35
5c914ffb2ec3c88235fdf6e9027fa982e6f3fdcf2509a2f079847ab4639dcd56
62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214
654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97
858c5cf1008db3333897ac9c93e27cae3ab2379145d541514a05ecc80e4efee2
b83322a6e675a9fd8a4465bffea560201530330075f32a8ee4d3d63680bfa634
d4865c72fa1bc7eb83ba0c71a061c0dc4df7f60b3c91cf888f01db058283efab
d72fcb8924d1e14dbd4b04aff994c1183ee86c620f0aaac034f75fc508548220