![](/screenshots/1d98e2bf-e0ad-4f30-b28c-8a58ed567207.png)
office365complimente.blob.core.windows.net
Open in
urlscan Pro
52.239.214.164
Malicious Activity!
Public Scan
Effective URL: https://office365complimente.blob.core.windows.net/onedrivedetinue82328/index.html
Submission: On October 31 via manual from US
Summary
TLS certificate: Issued by Microsoft IT TLS CA 5 on November 9th 2017. Valid for: 2 years.
This is the only time office365complimente.blob.core.windows.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DocuSign (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.11 67.199.248.11 | 395224 (BITLY-AS) (BITLY-AS - Bitly Inc) | |
1 1 | 206.189.125.60 206.189.125.60 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean) | |
1 | 142.93.191.70 142.93.191.70 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean) | |
12 | 52.239.214.164 52.239.214.164 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
1 | 2a00:1450:400... 2a00:1450:4001:825::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
14 | 3 |
ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
PTR: ubuntu-linkshorten-jomstat.bid
aweurl.us |
ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
PTR: vps.checksecure.xyz
a.checksecure.xyz |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
office365complimente.blob.core.windows.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
windows.net
office365complimente.blob.core.windows.net |
460 KB |
1 |
googleapis.com
ajax.googleapis.com |
33 KB |
1 |
checksecure.xyz
a.checksecure.xyz |
1 KB |
1 |
aweurl.us
1 redirects
aweurl.us |
1 KB |
1 |
bit.ly
1 redirects
bit.ly |
415 B |
14 | 5 |
Domain | Requested by | |
---|---|---|
12 | office365complimente.blob.core.windows.net |
a.checksecure.xyz
office365complimente.blob.core.windows.net |
1 | ajax.googleapis.com |
office365complimente.blob.core.windows.net
|
1 | a.checksecure.xyz | |
1 | aweurl.us | 1 redirects |
1 | bit.ly | 1 redirects |
14 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
a.checksecure.xyz Let's Encrypt Authority X3 |
2018-10-28 - 2019-01-26 |
3 months | crt.sh |
*.blob.core.windows.net Microsoft IT TLS CA 5 |
2017-11-09 - 2019-11-09 |
2 years | crt.sh |
*.googleapis.com Google Internet Authority G3 |
2018-10-09 - 2019-01-01 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://office365complimente.blob.core.windows.net/onedrivedetinue82328/index.html
Frame ID: FF845100CCD5DF0B80B181B65B640788
Requests: 14 HTTP requests in this frame
Screenshot
![](/screenshots/1d98e2bf-e0ad-4f30-b28c-8a58ed567207.png)
Page URL History Show full URLs
-
https://bit.ly/2ET91c3
HTTP 301
http://aweurl.us/YDiP3 HTTP 301
https://a.checksecure.xyz/muarrb.html?a=d9712265-a789-422d-97f8-aaf547e84cb4 Page URL
- https://office365complimente.blob.core.windows.net/onedrivedetinue82328/index.html Page URL
Detected technologies
![](/vendor/wappa/icons/Ubuntu.png)
Detected patterns
- headers server /Ubuntu/i
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Twitter Bootstrap () Expand
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
- script /(?:twitter\.github\.com\/bootstrap|bootstrap(?:\.js|\.min\.js))/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bit.ly/2ET91c3
HTTP 301
http://aweurl.us/YDiP3 HTTP 301
https://a.checksecure.xyz/muarrb.html?a=d9712265-a789-422d-97f8-aaf547e84cb4 Page URL
- https://office365complimente.blob.core.windows.net/onedrivedetinue82328/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://bit.ly/2ET91c3 HTTP 301
- http://aweurl.us/YDiP3 HTTP 301
- https://a.checksecure.xyz/muarrb.html?a=d9712265-a789-422d-97f8-aaf547e84cb4
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
muarrb.html
a.checksecure.xyz/ Redirect Chain
|
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
index.html
office365complimente.blob.core.windows.net/onedrivedetinue82328/ |
3 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
office365complimente.blob.core.windows.net/onedrivedetinue82328/css/ |
139 KB 139 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
office365complimente.blob.core.windows.net/onedrivedetinue82328/css/ |
3 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
office365complimente.blob.core.windows.net/onedrivedetinue82328/img/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1%20Logo%2033x33%201.png
office365complimente.blob.core.windows.net/onedrivedetinue82328/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
B%2033x33.png
office365complimente.blob.core.windows.net/onedrivedetinue82328/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
C%20%2033x33.png
office365complimente.blob.core.windows.net/onedrivedetinue82328/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
D%20%2033x33.png
office365complimente.blob.core.windows.net/onedrivedetinue82328/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
E%2031x37.png
office365complimente.blob.core.windows.net/onedrivedetinue82328/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
F%20%2033x33.png
office365complimente.blob.core.windows.net/onedrivedetinue82328/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ |
95 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
office365complimente.blob.core.windows.net/onedrivedetinue82328/js/ |
36 KB 37 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
task.png
office365complimente.blob.core.windows.net/onedrivedetinue82328/img/ |
241 KB 241 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DocuSign (Online)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| jQuery112400145735226292991180 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000; includeSubdomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a.checksecure.xyz
ajax.googleapis.com
aweurl.us
bit.ly
office365complimente.blob.core.windows.net
142.93.191.70
206.189.125.60
2a00:1450:4001:825::200a
52.239.214.164
67.199.248.11
149b07b3fd6e5b17c9949a3dcee35dfc68cefed55e4dfcaf044d3a8be627cd7b
1bb37dfeefd1cdf006d4b794aa7b10787e705c87a45a51e092deda0850dab438
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5596af5d0b179054ce4975eda5d5b11694a7f7fb58fd9cdf42e69bd6d417bede
5a6a8df29a73e04fb717abc01af86ebf91a36de8153af5182a9bbd29e31b9413
5a821ec96b40392e08509cba6752cb8f030b3365bef25abd6ae8a7ed962e3064
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
9e76aca475b670b4e19afb531cf838384770fee3290448af8c586837d87b1097
a166a16d575db967f6aa3c80e6b368aaafcd2792d40ed850a09d95cb65d86e2b
b84d6d3dcaa772e962faf2a0b1cd77a110da805d2131356cfaa11722b7f2b180
bc78480645b47df93a53d609d84c0740bc671465cd50169f8a1a266e9b77753c
e4097d53131a0516a822847d086323ae5684dd8a5d0f0bc62ddad1ab9acc217b
f50990dea219dbe1322b36ad2cfb28264eb9546480c1997eb81b589ad4ad2eec
f6ce72e5764f461be8fe13e9634d518f092669297034c551781ed13d86d7aaef