dowwr.com
Open in
urlscan Pro
95.216.68.34
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On April 15 via api from GB
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on April 9th 2020. Valid for: 3 months.
This is the only time dowwr.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 8 | 95.216.68.34 95.216.68.34 | 24940 (HETZNER-AS) (HETZNER-AS) | |
2 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:3a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 | 2a00:1450:400... 2a00:1450:4001:825::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a02:26f0:6c0... 2a02:26f0:6c00:183::13b8 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
23 | 23.53.41.227 23.53.41.227 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
13 | 184.50.167.199 184.50.167.199 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
3 | 2620:1ec:c11:... 2620:1ec:c11::200 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2606:2800:133... 2606:2800:133:f17:19e8:2356:251b:2a9 | 15133 (EDGECAST) (EDGECAST) | |
2 | 13.107.3.128 13.107.3.128 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 152.199.19.160 152.199.19.160 | 15133 (EDGECAST) (EDGECAST) | |
1 | 40.77.226.250 40.77.226.250 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 13.107.42.12 13.107.42.12 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 2 | 40.90.23.247 40.90.23.247 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 34.203.98.27 34.203.98.27 | 14618 (AMAZON-AES) (AMAZON-AES) | |
57 | 13 |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-53-41-227.deploy.static.akamaitechnologies.com
spoprod-a.akamaihd.net |
ASN16625 (AKAMAI-AS, US)
PTR: a184-50-167-199.deploy.static.akamaitechnologies.com
r3.res.outlook.com |
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
b.config.skype.com | |
a.config.skype.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
web.vortex.data.microsoft.com |
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
PTR: 1drv.ms
cid-a5792d4d072f42b8.users.storage.live.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-203-98-27.compute-1.amazonaws.com
errors.client.optimizely.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
23 |
akamaihd.net
spoprod-a.akamaihd.net |
2 MB |
13 |
outlook.com
r3.res.outlook.com |
30 KB |
8 |
dowwr.com
1 redirects
dowwr.com |
257 KB |
3 |
live.com
2 redirects
cid-a5792d4d072f42b8.users.storage.live.com login.live.com |
1 KB |
3 |
skype.com
swx.cdn.skype.com b.config.skype.com a.config.skype.com |
9 KB |
3 |
bing.com
www.bing.com |
3 KB |
2 |
optimizely.com
cdn.optimizely.com errors.client.optimizely.com |
81 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
29 KB |
1 |
microsoft.com
web.vortex.data.microsoft.com |
729 B |
1 |
msecnd.net
az725175.vo.msecnd.net |
18 KB |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
57 | 11 |
Domain | Requested by | |
---|---|---|
23 | spoprod-a.akamaihd.net |
dowwr.com
|
13 | r3.res.outlook.com |
dowwr.com
|
8 | dowwr.com |
1 redirects
dowwr.com
|
3 | www.bing.com |
dowwr.com
www.bing.com |
2 | login.live.com | 2 redirects |
2 | maxcdn.bootstrapcdn.com |
dowwr.com
|
1 | errors.client.optimizely.com |
cdn.optimizely.com
|
1 | cid-a5792d4d072f42b8.users.storage.live.com |
dowwr.com
|
1 | web.vortex.data.microsoft.com |
dowwr.com
|
1 | az725175.vo.msecnd.net |
dowwr.com
|
1 | a.config.skype.com |
dowwr.com
|
1 | b.config.skype.com |
dowwr.com
|
1 | swx.cdn.skype.com |
dowwr.com
|
1 | cdn.optimizely.com |
dowwr.com
|
1 | ajax.googleapis.com |
dowwr.com
|
57 | 15 |
This site contains links to these domains. Also see Links.
Domain |
---|
onedrive.live.com |
go.microsoft.com |
onedrive.uservoice.com |
g.live.com |
account.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
mail.dowwr.com Let's Encrypt Authority X3 |
2020-04-09 - 2020-07-08 |
3 months | crt.sh |
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA |
2019-09-14 - 2020-10-13 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-03-24 - 2020-06-16 |
3 months | crt.sh |
cdn.optimizely.com DigiCert SHA2 Secure Server CA |
2020-01-20 - 2021-03-20 |
a year | crt.sh |
a248.e.akamai.net DigiCert Secure Site ECC CA-1 |
2019-08-13 - 2020-08-12 |
a year | crt.sh |
*.res.outlook.com Microsoft IT TLS CA 2 |
2019-10-21 - 2021-10-21 |
2 years | crt.sh |
www.bing.com Microsoft IT TLS CA 2 |
2019-04-30 - 2021-04-30 |
2 years | crt.sh |
*.vo.msecnd.net Microsoft IT TLS CA 2 |
2020-03-18 - 2022-03-18 |
2 years | crt.sh |
edge.skype.com Microsoft IT TLS CA 4 |
2019-10-31 - 2021-10-31 |
2 years | crt.sh |
*.vortex.data.microsoft.com Microsoft IT TLS CA 4 |
2020-01-21 - 2022-01-21 |
2 years | crt.sh |
storage.live.com Microsoft IT TLS CA 4 |
2019-10-02 - 2021-10-02 |
2 years | crt.sh |
errors.client.optimizely.com DigiCert SHA2 High Assurance Server CA |
2018-09-24 - 2020-09-28 |
2 years | crt.sh |
This page contains 3 frames:
Primary Page:
https://dowwr.com/.sharepointdrvedrve/commmon/oauths/owa/enclosed_document/enclosed_document/jj.5drivezip/
Frame ID: 1EB8ED223316DB84E416BC28A2FC49C9
Requests: 55 HTTP requests in this frame
Frame:
https://www.bing.com/secure/Passport.aspx?nocontent=1
Frame ID: DCD6C7394331E2E4805606B26ADD8075
Requests: 1 HTTP requests in this frame
Frame:
https://www.bing.com/secure/Passport.aspx?nocontent=1
Frame ID: FB5B640AEB0AA7BC6A799B82AE8C941F
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://dowwr.com/.sharepointdrvedrve/commmon/oauths/owa/enclosed_document/enclosed_document/j...
HTTP 301
https://dowwr.com/.sharepointdrvedrve/commmon/oauths/owa/enclosed_document/enclosed_document/j... Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
- script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
Title: Office 365 | OneDrive
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Suggest a feature idea
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Title: Developers
Search URL Search Domain Scan URL
Title: Report abuse
Search URL Search Domain Scan URL
Title: My profile
Search URL Search Domain Scan URL
Title: My account
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://dowwr.com/.sharepointdrvedrve/commmon/oauths/owa/enclosed_document/enclosed_document/jj.5drivezip
HTTP 301
https://dowwr.com/.sharepointdrvedrve/commmon/oauths/owa/enclosed_document/enclosed_document/jj.5drivezip/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 52- https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1586910208&rver=6.0.5286.0&wp=MBI_SSL&wreply=https:%2F%2Fwww.bing.com%2Fsecure%2FPassport.aspx%3Fnocontent%3D1&lc=1031&id=264960&checkda=1 HTTP 302
- https://www.bing.com/secure/Passport.aspx?nocontent=1
- https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1520859659&rver=6.0.5286.0&wp=MBI&wreply=https:%2F%2Fwww.bing.com%2Fsecure%2FPassport.aspx%3Fnocontent%3D1&lc=4096&id=264960&checkda=1 HTTP 302
- https://www.bing.com/secure/Passport.aspx?nocontent=1
57 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
dowwr.com/.sharepointdrvedrve/commmon/oauths/owa/enclosed_document/enclosed_document/jj.5drivezip/ Redirect Chain
|
1 MB 97 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shellg2corecss_7cb9a961.css
dowwr.com/.sharepointdrvedrve/commmon/oauths/owa/enclosed_document/enclosed_document/jj.5drivezip/ |
101 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shellg2coremincss_1ece715e.css
dowwr.com/.sharepointdrvedrve/commmon/oauths/owa/enclosed_document/enclosed_document/jj.5drivezip/ |
70 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ |
36 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2523150420.js
cdn.optimizely.com/js/ |
266 KB 81 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcdeferred-1bdf6a03.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/ |
959 KB 219 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcquota-4ba9dba7.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/ |
190 KB 40 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcpushchannel-b2b93a85.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/ |
82 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odrestore-13e6851e.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/ |
485 KB 123 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aria-a7a17852.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/ |
52 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcdeferredcontrols-8f92476a.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/ |
1 MB 227 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
msajax_6fda701a.js
r3.res.outlook.com/o365/versionless/ |
58 KB 16 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shellg2strings_e0546f21.js
r3.res.outlook.com/o365/versionless/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shellcoreming2m_b45c90f5.js
r3.res.outlook.com/o365/versionless/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shellconsumerdata_e381223.js
r3.res.outlook.com/o365/versionless/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shellg2coremincss_592985a3.css
r3.res.outlook.com/o365/versionless/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcdeferred.resx-5ecbc699.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/en-us/ |
26 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcextended-aec6f085.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/ |
55 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shellg2corecss_a28e41a3.css
r3.res.outlook.com/o365/versionless/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
init
www.bing.com/as/ |
7 KB 3 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcdeferredcontrols.resx-7f34dbef.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/en-us/ |
15 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcfirstrun-46ef0197.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/ |
116 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shellg2coreminthemecss_fa4e44fb.css
r3.res.outlook.com/o365/versionless/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shellg2pluscss_52fe3c08.css
r3.res.outlook.com/o365/versionless/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SkypeBootstrap.min.js
swx.cdn.skype.com/shared/v/1.2.29/ |
6 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shellarialogger_3cefa9b2.js
r3.res.outlook.com/o365/versionless/ |
53 KB 14 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
905_1.2.29.0
b.config.skype.com/config/v1/SkypeLyncWebExperience/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
905_1.2.29.0
a.config.skype.com/config/v1/SkypeLyncWebExperience/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jsll-4.js
az725175.vo.msecnd.net/scripts/ |
54 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcquota.resx-e7cc989a.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/en-us/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
t.js
web.vortex.data.microsoft.com/collect/v1/ |
45 B 729 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcfirstrun.resx-ba99cb83.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/en-us/ |
22 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcextended.resx-a107375c.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/en-us/ |
209 B 617 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcphotos-53821e85.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/ |
109 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcphotos.resx-c82fa0c3.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/en-us/ |
799 B 819 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcnotifications-9dd1c99a.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/ |
14 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcnotifications.resx-2d36a48d.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/en-us/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcexecutors-fbb1a118.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/ |
828 KB 174 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcexecutors.resx-c26e430d.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/en-us/ |
28 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcfilepicker-03a5457b.js
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/ |
109 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MeControlMediumUserTile
cid-a5792d4d072f42b8.users.storage.live.com/users/0xa5792d4d072f42b8/myprofile/expressionprofile/profilephoto:UserTileMedium,UserTileStatic,UserTileSmall/ |
0 430 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
curatedfolders.gif
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/odsp-media/images/newfeatureexperience/v3/ |
621 KB 622 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
officelens.gif
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/odsp-media/images/newfeatureexperience/v3/ |
98 KB 98 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
photosview.gif
spoprod-a.akamaihd.net/files/odsp-next-prod_2018-02-23_20180226.002/odsp-media/images/newfeatureexperience/v3/ |
451 KB 452 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ccc.JPG
dowwr.com/.sharepointdrvedrve/commmon/oauths/owa/enclosed_document/enclosed_document/jj.5drivezip/ |
29 KB 29 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mem.jpg
dowwr.com/.sharepointdrvedrve/commmon/oauths/owa/enclosed_document/enclosed_document/jj.5drivezip/ |
6 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ccc2.jpg
dowwr.com/.sharepointdrvedrve/commmon/oauths/owa/enclosed_document/enclosed_document/jj.5drivezip/ |
38 KB 38 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shellcoreprimeg2m_5864afef.js
r3.res.outlook.com/o365/versionless/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shellplusg2m_d781360c.js
r3.res.outlook.com/o365/versionless/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shellwofficons_ceb492ec.woff
dowwr.com/.sharepointdrvedrve/commmon/oauths/owa/enclosed_document/enclosed_document/jj.5drivezip/ |
33 KB 33 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shellcoreprimeg2m_5864afef.js
r3.res.outlook.com/o365/versionless/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Passport.aspx
www.bing.com/secure/ Frame DCD6 Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shellplusg2m_d781360c.js
r3.res.outlook.com/o365/versionless/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Passport.aspx
www.bing.com/secure/ Frame FB5B Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
log
errors.client.optimizely.com/ |
0 235 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online)46 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery object| Skype object| O365 function| Sys$Enum$parse function| Sys$Enum$toString function| $addHandler function| $removeHandler function| $get function| Type object| Sys undefined| _ object| _w object| _d boolean| sb_ie boolean| sb_i6 function| _ge function| _qs function| sb_st function| sb_rst function| sb_ct function| sb_gt function| sj_gx boolean| cookieGetAccess object| cookieDesc object| reg object| AutoSuggest function| __extends undefined| sa_inst object| Bing object| _G function| sj_ce object| sj_cook function| sk_merge object| sa_config object| sa_loc object| clienttelemetry_build object| Microsoft object| sct object| microsoft undefined| __assign object| awa string| behaviorKey undefined| __rest0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a.config.skype.com
ajax.googleapis.com
az725175.vo.msecnd.net
b.config.skype.com
cdn.optimizely.com
cid-a5792d4d072f42b8.users.storage.live.com
dowwr.com
errors.client.optimizely.com
login.live.com
maxcdn.bootstrapcdn.com
r3.res.outlook.com
spoprod-a.akamaihd.net
swx.cdn.skype.com
web.vortex.data.microsoft.com
www.bing.com
13.107.3.128
13.107.42.12
152.199.19.160
184.50.167.199
2001:4de0:ac19::1:b:3a
23.53.41.227
2606:2800:133:f17:19e8:2356:251b:2a9
2620:1ec:c11::200
2a00:1450:4001:825::200a
2a02:26f0:6c00:183::13b8
34.203.98.27
40.77.226.250
40.90.23.247
95.216.68.34
029e6334920000089e9c8fef273849f64b527b11b3bd885688a1f894532caff5
0a57958dac14aea8ed09167919bdfcf06654870e44aca5b4a8eae2b1bc8ea4cf
0f3bf895955dcfd02a50113aa6fc0d7b69b0653d8dc4dd0d52580f27d77b6504
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
26afe5c517df89ec32c8368652fa5e98aa8d8c869c103f62292c6defeb64cebe
2898ffdb5b5b9c0dec210f99a7497749d9c8047dadede7cab6f318f65ff07af8
33d94a5fdd75ecf9ce20a8bd90ed22ad026d4b6574df04d5c2894a53fd5263a3
3668bf16b755e969b473a7a384ad52f90135c13bd79b4344e27931d7d7f52cc0
3958fece1642849af03160b2968908de5d479b5f31bedc606eb13ab7340a3c4c
4cb0daa4a9df7190ad09c5d65e9835d5972fd0b84380f886c706ebf9128d293c
4ed951f87bcd97b6122beae9ed747b74a9355aec5db45db717c88b8cf243533b
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5a4844b3021d68cf68db77dfce228a229f7b4ea5d39eb2a8511c62b73cf6c34d
5df985d6d6ae5e8d655a6241b8ed8a6ef1511b88adbd2d46ae88718432240b9c
66892b61254163e734654f8f5fb6146218701b1324b3c809304302730e8d75fe
67807f15dc22717f3f7a48aa2b96b3a601cf161560d24a03aa1e654e212e2c0b
67de2769d67ccee0ba0fee0294c2ef4c6a4cb2c3a5f7975af42b9b4809b536fa
693cee4deb8072141c835c0053ae02d7824d8c8f4f21e823d5bf914e4e7b1a47
6e1f5036adf2892066b87af4c687ed4ab3b614b92fe4caa82db680453e888cff
739b901c9da02ede7f993172b2338897c4cd05a2234075f7944d74935b733867
8014b138022368b006d261fa5b36d1149076e28f42f5669f4a28de544f0142d1
83cba65ad7e5cb0d53d026176cd7f7acf41143ea4e41085f70b360e63704b546
880b1a7c1141c00c7c1c858f508ea57bc02776da8ae5e8dda04dbbc0ab06086b
95777173acad672e08e9d946824900650a445d20a567c77bcd7b13a32084b1d4
957a50e64277da1507d4c581b590f33c43258fe949273f46da9fa197bcf947d3
969d360f5a1b529454a24f2c42c9d636c4ce902638f5177b3fc505129b1d8591
a20616bf30707ec860d2773c3e28c186b6b82ea950dc68dfb94763a184f20b90
a5ecfb696a78030872a66cee7e260312ad4e9231bb50bac9667dc3e803cced4e
b463c6509ea53ed19fc402fee8a215dda6c58ad2c588bba1a1074465b1900301
c1560919a3a8dfa05f771c2bdd706bc3a3849d4a6a0c318860acce4bf417bd5b
c37e2c670b28fade6314d69b0c24c6fb702d3c56d5ee7d9bec7677fb7b256134
c9a4dd7b50eeb82a90457cb58ab085c427494828b3c8c8b5649c6c51b3c65175
d9d7fa18893c67e3c92c8621a64842f8eb1398c43625dce425e1c772ac260ec6
da5f0b5b06ec6d7322e008683434b06daf091c6dcd70059a9e6995c37a01de54
db598556b46d17eab287007752e8b7d25af96e28b942bd2a6d307bf767796608
dc6fc38722d92a1856e7ce580bc807a7ee32bf187b087a9895a00b36b995a67a
ddf3c76e34b9f015315e80273fa301cded697df07d9a3080375462aabc282aff
e093296e54f5f7c9d7d5c0863b63820cce1743e4addf852417ae66fac154668a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f40f2ba08bb05da8d6e8be6a49486892c123461570fb03e070f07580b23d23
e6bbfa4af18fb4f0e9c8a31d6654eac92d0f82dc895c6e5f49b54a8de51e5923
f4c7cecc5728079f818e241991b6268fc5c02b9b5b93f02faf5962790912ea10
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c