sosh21.mogilev.by Open in urlscan Pro
93.85.84.114  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. http://sosh21.mogilev.by/IDES/office365-2019/cmd-login=6bd776c64db2a10f365870ef72374c26/?reff=Y2U3MjAzYWY5Y2NhOTk1ODVmMDZjZTFhYWU1ZDZkNDM= Page URL
2. http://sosh21.mogilev.by/IDES/office365-2019/cmd-login=6bd776c64db2a10f365870ef72374c26/uwb9n66oos5mrefmhyr7sq6g.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4 Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response sosh21.mogilev.by/IDES/office365-2019/cmd-login=6bd776c64db2a10f365870ef72374c26/	669 B 876 B	283ms 264ms	Document text/html	93.85.84.114 BELPAK-AS BELPAK
General Check archive.org Show headers Download Go to Full URL http://sosh21.mogilev.by/IDES/office365-2019/cmd-login=6bd776c64db2a10f365870ef72374c26/?reff=Y2U3MjAzYWY5Y2NhOTk1ODVmMDZjZTFhYWU1ZDZkNDM= Protocol HTTP/1.1 Server 93.85.84.114 Minsk, Belarus, ASN6697 (BELPAK-AS BELPAK, BY), Reverse DNS cpanelgov1.dc.beltelecom.by Software Apache / PHP/7.4.20 Resource Hash 66e9de29878a5927cfefca2321c52f2778df22690cd704f6fb5bb3752e0c172d Security Headers Name Value X-Frame-Options sameorigin Request headers Host sosh21.mogilev.by Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 26 Jul 2021 16:06:43 GMT Server Apache X-Powered-By PHP/7.4.20 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 X-Frame-Options sameorigin
GET H/1.1	200 OK	microsoft_logo.svg secure.aadcdn.microsoftonline-p.com/ests/2.1.7651.13/content/images/	4 KB 2 KB	6ms 6ms	Image image/svg+xml	2a02:26f0:6c00:2b4::35c1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://secure.aadcdn.microsoftonline-p.com/ests/2.1.7651.13/content/images/microsoft_logo.svg?x=ee5c8d9fb6248c938fd0dc19370e90bd Requested by Host: sosh21.mogilev.by URL: http://sosh21.mogilev.by/IDES/office365-2019/cmd-login=6bd776c64db2a10f365870ef72374c26/?reff=Y2U3MjAzYWY5Y2NhOTk1ODVmMDZjZTFhYWU1ZDZkNDM= Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:2b4::35c1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer http://sosh21.mogilev.by/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 26 Jul 2021 16:06:43 GMT Content-Encoding gzip Last-Modified Sat, 18 May 2019 17:03:21 GMT Content-MD5 nzaLxFgP7ZB3dfMcaybWzw== Vary Accept-Encoding Connection keep-alive Content-Type image/svg+xml Access-Control-Allow-Origin * Cache-Control public, max-age=144193 Strict-Transport-Security max-age=31536000 Content-Length 1435
GET H/1.1	200 OK	Primary Request uwb9n66oos5mrefmhyr7sq6g.php Show response sosh21.mogilev.by/IDES/office365-2019/cmd-login=6bd776c64db2a10f365870ef72374c26/	5 KB 6 KB	127ms 126ms	Document text/html	93.85.84.114 BELPAK-AS BELPAK
General Check archive.org Show headers Download Go to Full URL http://sosh21.mogilev.by/IDES/office365-2019/cmd-login=6bd776c64db2a10f365870ef72374c26/uwb9n66oos5mrefmhyr7sq6g.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4 Requested by Host: sosh21.mogilev.by URL: http://sosh21.mogilev.by/IDES/office365-2019/cmd-login=6bd776c64db2a10f365870ef72374c26/?reff=Y2U3MjAzYWY5Y2NhOTk1ODVmMDZjZTFhYWU1ZDZkNDM= Protocol HTTP/1.1 Server 93.85.84.114 Minsk, Belarus, ASN6697 (BELPAK-AS BELPAK, BY), Reverse DNS cpanelgov1.dc.beltelecom.by Software Apache / PHP/7.4.20 Resource Hash 60dd8331dc9735a186627053ced0474c919f4845b06e43913d2d74ea56a36486 Security Headers Name Value X-Frame-Options sameorigin Request headers Host sosh21.mogilev.by Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://sosh21.mogilev.by/IDES/office365-2019/cmd-login=6bd776c64db2a10f365870ef72374c26/?reff=Y2U3MjAzYWY5Y2NhOTk1ODVmMDZjZTFhYWU1ZDZkNDM= Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer http://sosh21.mogilev.by/IDES/office365-2019/cmd-login=6bd776c64db2a10f365870ef72374c26/?reff=Y2U3MjAzYWY5Y2NhOTk1ODVmMDZjZTFhYWU1ZDZkNDM= Response headers Date Mon, 26 Jul 2021 16:06:43 GMT Server Apache X-Powered-By PHP/7.4.20 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 X-Frame-Options sameorigin
GET H/1.1	200 OK	converged.v2.login.min_t7iocdq0wq2qh0nv233jig2.css secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/cdnbundles/	94 KB 18 KB	22ms 6ms	Stylesheet text/css	2a02:26f0:6c00:2b4::35c1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/cdnbundles/converged.v2.login.min_t7iocdq0wq2qh0nv233jig2.css Requested by Host: sosh21.mogilev.by URL: http://sosh21.mogilev.by/IDES/office365-2019/cmd-login=6bd776c64db2a10f365870ef72374c26/uwb9n66oos5mrefmhyr7sq6g.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:2b4::35c1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 190c090f07c94b7f907c4d4264d56d5ffba32d25706433847af09eda9fe8e5ed Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Origin http://sosh21.mogilev.by Referer http://sosh21.mogilev.by/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 26 Jul 2021 16:06:43 GMT Content-Encoding gzip Last-Modified Sat, 18 May 2019 23:33:23 GMT Content-MD5 PPjUxRT1jqzNE8fzcJZLgA== Vary Accept-Encoding Connection keep-alive Content-Type text/css Access-Control-Allow-Origin * Cache-Control public, max-age=249903 Strict-Transport-Security max-age=31536000 Content-Length 18121
GET H/1.1	200 OK	microsoft_logo.svg secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/	4 KB 2 KB	6ms 6ms	Image image/svg+xml	2a02:26f0:6c00:2b4::35c1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/microsoft_logo.svg?x=ee5c8d9fb6248c938fd0dc19370e90bd Requested by Host: sosh21.mogilev.by URL: http://sosh21.mogilev.by/IDES/office365-2019/cmd-login=6bd776c64db2a10f365870ef72374c26/uwb9n66oos5mrefmhyr7sq6g.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:2b4::35c1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer http://sosh21.mogilev.by/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 26 Jul 2021 16:06:43 GMT Content-Encoding gzip Last-Modified Sat, 18 May 2019 23:35:05 GMT Content-MD5 nzaLxFgP7ZB3dfMcaybWzw== Vary Accept-Encoding Connection keep-alive Content-Type image/svg+xml Access-Control-Allow-Origin * Cache-Control public, max-age=341396 Strict-Transport-Security max-age=31536000 Content-Length 1435
GET H/1.1	200 OK	0-small.jpg secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/backgrounds/	3 KB 3 KB	6ms 6ms	Image image/jpeg	2a02:26f0:6c00:2b4::35c1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d Requested by Host: sosh21.mogilev.by URL: http://sosh21.mogilev.by/IDES/office365-2019/cmd-login=6bd776c64db2a10f365870ef72374c26/uwb9n66oos5mrefmhyr7sq6g.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:2b4::35c1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer http://sosh21.mogilev.by/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 26 Jul 2021 16:06:43 GMT Last-Modified Sat, 18 May 2019 23:34:28 GMT Content-MD5 E4vO5iT6BO+bdehiEan+DQ== Strict-Transport-Security max-age=31536000 Content-Type image/jpeg Access-Control-Allow-Origin * Cache-Control public, max-age=459337 Connection keep-alive Content-Length 3006
GET H/1.1	200 OK	0.jpg secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/backgrounds/	277 KB 277 KB	21ms 14ms	Image image/jpeg	2a02:26f0:6c00:2b4::35c1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0 Requested by Host: sosh21.mogilev.by URL: http://sosh21.mogilev.by/IDES/office365-2019/cmd-login=6bd776c64db2a10f365870ef72374c26/uwb9n66oos5mrefmhyr7sq6g.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:2b4::35c1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer http://sosh21.mogilev.by/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 26 Jul 2021 16:06:43 GMT Last-Modified Sat, 18 May 2019 23:35:05 GMT Content-MD5 pdvUOT/2pyXH5ith335y8A== Strict-Transport-Security max-age=31536000 Content-Type image/jpeg Access-Control-Allow-Origin * Cache-Control public, max-age=459337 Connection keep-alive Content-Length 283351

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	sameorigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

secure.aadcdn.microsoftonline-p.com
sosh21.mogilev.by
2a02:26f0:6c00:2b4::35c1
93.85.84.114
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
190c090f07c94b7f907c4d4264d56d5ffba32d25706433847af09eda9fe8e5ed
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
60dd8331dc9735a186627053ced0474c919f4845b06e43913d2d74ea56a36486
66e9de29878a5927cfefca2321c52f2778df22690cd704f6fb5bb3752e0c172d
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea