watcheschoice.xyz
Open in
urlscan Pro
104.24.105.220
Malicious Activity!
Public Scan
Effective URL: https://watcheschoice.xyz/hermanmiller.com/jorge/SUKUSAKEAY/office365_unrestricted/index.php
Submission: On May 23 via manual from US
Summary
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on May 3rd 2018. Valid for: 6 months.
This is the only time watcheschoice.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 184.168.131.241 184.168.131.241 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
10 | 104.24.105.220 104.24.105.220 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 216.58.208.42 216.58.208.42 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
4 | 216.58.210.3 216.58.210.3 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
15 | 3 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-184-168-131-241.ip.secureserver.net
x.co |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
watcheschoice.xyz |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s12-in-f42.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s07-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
watcheschoice.xyz
watcheschoice.xyz |
263 KB |
4 |
gstatic.com
fonts.gstatic.com |
113 KB |
2 |
x.co
2 redirects
x.co |
336 B |
1 |
googleapis.com
fonts.googleapis.com |
450 B |
15 | 4 |
Domain | Requested by | |
---|---|---|
10 | watcheschoice.xyz |
watcheschoice.xyz
|
4 | fonts.gstatic.com |
watcheschoice.xyz
|
2 | x.co | 2 redirects |
1 | fonts.googleapis.com |
watcheschoice.xyz
|
15 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni181279.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-05-03 - 2018-11-09 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://watcheschoice.xyz/hermanmiller.com/jorge/SUKUSAKEAY/office365_unrestricted/index.php
Frame ID: C6C82A05C7DDB9B0917B87EBA539E33F
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://x.co/hermanmill
HTTP 301
https://x.co/hermanmill HTTP 302
https://watcheschoice.xyz/hermanmiller.com/jorge/SUKUSAKEAY/office365_unrestricted/index.php Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /cloudflare/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://x.co/hermanmill
HTTP 301
https://x.co/hermanmill HTTP 302
https://watcheschoice.xyz/hermanmiller.com/jorge/SUKUSAKEAY/office365_unrestricted/index.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.php
watcheschoice.xyz/hermanmiller.com/jorge/SUKUSAKEAY/office365_unrestricted/ Redirect Chain
|
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
theDocs.all.min.css
watcheschoice.xyz/hermanmiller.com/jorge/SUKUSAKEAY/office365_unrestricted/assets/css/ |
203 KB 36 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom.css
watcheschoice.xyz/hermanmiller.com/jorge/SUKUSAKEAY/office365_unrestricted/assets/css/ |
2 KB 708 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
css
fonts.googleapis.com/ |
1 KB 450 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
watcheschoice.xyz/hermanmiller.com/jorge/SUKUSAKEAY/office365_unrestricted/assets/img/ |
32 KB 32 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sheet.jpg
watcheschoice.xyz/hermanmiller.com/jorge/SUKUSAKEAY/office365_unrestricted/assets/img/ |
17 KB 17 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
watcheschoice.xyz/hermanmiller.com/jorge/SUKUSAKEAY/office365_unrestricted/assets/js/ |
81 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jstz.min.js
watcheschoice.xyz/hermanmiller.com/jorge/SUKUSAKEAY/office365_unrestricted/assets/js/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
theDocs.all.min.js
watcheschoice.xyz/hermanmiller.com/jorge/SUKUSAKEAY/office365_unrestricted/assets/js/ |
222 KB 73 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom.js
watcheschoice.xyz/hermanmiller.com/jorge/SUKUSAKEAY/office365_unrestricted/assets/js/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
S6uyw4BMUTPHjx4wWw.ttf
fonts.gstatic.com/s/lato/v14/ |
59 KB 29 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
1Ptrg8zYS_SKggPNwIYqWqZPBQ.ttf
fonts.gstatic.com/s/raleway/v12/ |
54 KB 25 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
1Ptug8zYS_SKggPNyC0ISg.ttf
fonts.gstatic.com/s/raleway/v12/ |
52 KB 25 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff2
watcheschoice.xyz/hermanmiller.com/jorge/SUKUSAKEAY/office365_unrestricted/assets/fonts/ |
70 KB 70 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
S6u9w4BMUTPHh7USSwiPHA.ttf
fonts.gstatic.com/s/lato/v14/ |
62 KB 33 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| jstz object| _self object| Prism object| httpLanguages object| options string| contentType function| lity function| getFlashVersion function| script function| make_the_delay function| redirect_the function| now_download0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
watcheschoice.xyz
x.co
104.24.105.220
184.168.131.241
216.58.208.42
216.58.210.3
29ec7032bb825dd2ca18a8b223d81f5a1cafc3076c98c2d754c467817a753e06
4977f8d8f865c43ee26dc31409cd4fe8945048d5800719133d79ab053527d859
538f30288aa121eb73b8f5408eaf086bd42ae067460dc99bb859f4a18950bae0
679290044ff37088379121c3590f0c580a94c679f97064d6e1739ab2b56ffda5
7bb77c1f20d649652adeb209baa404339abeffa9da222bde7a0dd035f63a13b2
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
7edfce2723a1a3efb0d10f3e52dbb3ab89bcdb26f5d38dc5431780e33ef23a3b
8efe639c796a66515be088f3b595bc0cd7219ed3cd1369bdaf9bd40f05dc593f
9c4590446dbf83edae05be4ca28ef789ee50a01ef2cb8f1b51c5937d029cac76
b08e393909ef145e97608ca69749b35dea8121276656649405dfb879301a9ea5
c9242c9e38a8f38f4a58d73b3fbeeee4737b123bfe0ec8bfc554b340e2310c52
d3a64b56b8fbbc259a1f50c88eb0e426f2cbc424fa40292af564cf6647bab859
d482871a5e948cb4884fa0972ea98a81abca057b6bd3f8c995a18c12487e761c
ed4d742717edcf36ff57082ad692a5900e5dca71974997dce50a7c86d838c8d0
f81e12f67f4c6f10ed89f3be4a9f7f4685c1e746cae88373f1e5f823980601fb