urlscan.io logo urlscan.io
SecurityTrails logo

example-domain-signin.aws.amazon.com.office365tr.com Open in urlscan Pro
2606:4700:3031::6818:66ce  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
Submission: On December 20 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 9 HTTP transactions. The main IP is 2606:4700:3031::6818:66ce, located in United States and belongs to CLOUDFLARENET, US. The main domain is example-domain-signin.aws.amazon.com.office365tr.com.
This is the only time example-domain-signin.aws.amazon.com.office365tr.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AWS (Online)

Domain & IP information

IP Address AS Autonomous System
1 6 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 151.101.2.110 54113 (FASTLY)
2 185.221.86.2 206998 (NEW-2)
9 5
Domain Requested by
6 example-domain-signin.aws.amazon.com.office365tr.com 1 redirects example-domain-signin.aws.amazon.com.office365tr.com
2 bam.eu01.nr-data.net js-agent.newrelic.com
1 js-agent.newrelic.com example-domain-signin.aws.amazon.com.office365tr.com
1 m.media-amazon.com example-domain-signin.aws.amazon.com.office365tr.com
9 4

This site contains links to these domains. Also see Links.

Domain
docs.aws.amazon.com
Subject Issuer Validity Valid
images-fe.ssl-images-amazon.com
GeoTrust RSA CA 2018		 2020-06-24 -
2021-09-23		 a year crt.sh
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-12-17 -
2021-05-07		 5 months crt.sh
*.eu01.nr-data.net
DigiCert SHA2 Secure Server CA		 2020-02-04 -
2022-02-08		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
Frame ID: F881589E3A4DFC440A0340AFCDA7E8E3
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 50%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 100%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 50%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

9
Requests

44 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

567 kB
Transfer

1509 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • http://example-domain-signin.aws.amazon.com.office365tr.com/metrics/pageload HTTP 302
  • http://example-domain-signin.aws.amazon.com.office365tr.com/CustomErrors/404.html

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
example-domain-signin.aws.amazon.com.office365tr.com/ 		646 KB
366 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
Protocol
HTTP/1.1
Server
2606:4700:3031::6818:66ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1586bb0d929f885448e5dc33385978d5d1aa701daefd38c708cdaf70b4ce51f

Request headers

Host
example-domain-signin.aws.amazon.com.office365tr.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 20 Dec 2020 23:39:22 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d15dde0b8626d8f22348dd75cf481aed11608507562; expires=Tue, 19-Jan-21 23:39:22 GMT; path=/; domain=.office365tr.com; HttpOnly; SameSite=Lax ASP.NET_SessionId=sghprnkuuggve5yvhxytg5c3; path=/; HttpOnly; SameSite=Lax
Cache-Control
private
X-AspNet-Version
4.0.30319
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
X-UA-Compatible
IE=edge
CF-Cache-Status
DYNAMIC
cf-request-id
07241eb2e500001f3d771bc000000001
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2B7mBxE59xfSpO4zr1Cwy9KVhaYv3pvqXM25LKaWaL9Ebg2NbA9ZBYsfcMeqnEOhCmHb2xiJsumyEI0qVEcQwpx%2BaUtu1uwTGIGG5nrquT0sYEgcaob8PKq%2FW0BgfX9wnWngN6vbvrSbDQYHmWPUmSxb1LMZj4domOkGrQ%2BDuKn3e"}],"group":"cf-nel","max_age":604800}
NEL
{"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
604d33cb0d211f3d-FRA
Content-Encoding
gzip
fwcim._CB454428048_.js
m.media-amazon.com/images/G/01/x-locale/common/login/ 		406 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.media-amazon.com/images/G/01/x-locale/common/login/fwcim._CB454428048_.js
Requested by
Host: example-domain-signin.aws.amazon.com.office365tr.com
URL: http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:293::108 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
b2cc97c937b2669ac42786fb13c686bf7f24222ad042f0cee1764024d251c4d4
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 23:39:22 GMT
content-encoding
br
surrogate-key
x-cache-154 /images/G/01/x-locale/common/login/fwcim
last-modified
Wed, 16 Dec 2020 09:08:26 GMT
server
Akamai Resource Optimizer
vary
Accept-Encoding
x-cache
Hit from akamai
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=630322179
x-amz-ir-id
4d0931b4-271c-473f-a341-b9336fee29ab
strict-transport-security
max-age=86400
timing-allow-origin
https://www.amazon.com
content-length
98425
expires
Tue, 11 Dec 2040 09:09:01 GMT
jquery-3.0.0.js
example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/ 		364 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-3.0.0.js
Requested by
Host: example-domain-signin.aws.amazon.com.office365tr.com
URL: http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
Protocol
HTTP/1.1
Server
2606:4700:3031::6818:66ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9065e2a0e1ebbb88f32a1a2b859446cdfa4d7886bf009e0f3e3ff475ae16b98

Request headers

Referer
http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 20 Dec 2020 23:39:22 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"report_to":"cf-nel","max_age":604800}
Age
5225
Transfer-Encoding
chunked
Connection
keep-alive
cf-request-id
07241eb39c00001f3d6f9ef000000001
X-UA-Compatible
IE=edge
Last-Modified
Sat, 12 Sep 2020 12:24:41 GMT
Server
cloudflare
ETag
W/"cc6f8db0ff88d61:0"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gkmpkE570FJpPKbjL7NpSQasYSHq4qg2Ro1qjBeDlROcgHBrw70WmwIlAQnpVMnE%2FSkWtVB06EEp4b1PYAYG9CeIiENnuireqZ3UV41CniyESEiQ01umc%2FjWN8ReBjxS6funAb7DJ7ZocRvXIseSjh0cVH10aQBa2Ml6liB0LtRV"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
604d33cc2ec11f3d-FRA
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
jquery-migrate-3.3.1.js
example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/ 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-migrate-3.3.1.js
Requested by
Host: example-domain-signin.aws.amazon.com.office365tr.com
URL: http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
Protocol
HTTP/1.1
Server
2606:4700:3031::6818:66ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
127308bdd96abc9b5ccfcb6d55f2bebbbf617bfa619b63c03715d781421b1b22

Request headers

Referer
http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 20 Dec 2020 23:39:22 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"report_to":"cf-nel","max_age":604800}
Age
5225
Transfer-Encoding
chunked
Connection
keep-alive
cf-request-id
07241eb3a10000062d8d87b000000001
X-UA-Compatible
IE=edge
Last-Modified
Sat, 12 Sep 2020 12:24:41 GMT
Server
cloudflare
ETag
W/"feb8eb0ff88d61:0"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RwExYJMPH26AZIs0Kx5dVl685bovvISEFELR%2F%2Fr5FHf25qI8KnqXyvJoe%2FT12SBRjTkYowh%2BA2DfVXppP5oirIeYoSW%2FBXd8RQ6CO5YyiM85F%2FjiIdZeWNrjLrokYbjNK%2FjI2HHE6CJ3CAxYanj0vbH3LXehvRhIZ0YBbb%2FOx0ci"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
604d33cc3ce7062d-FRA
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
truncated
/ 		32 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
50e56bd81afcef466f4155d50c7225da52d1f0594357c32a13762afa69947b73

Request headers

Referer
http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8d82b1e7faa7f2cdecd63fbe12c5a878d88a70bf383a552c1e66f03d2b795f38

Request headers

Referer
http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
TURL
example-domain-signin.aws.amazon.com.office365tr.com/ContentShow.aspx/ 		119 B
929 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://example-domain-signin.aws.amazon.com.office365tr.com/ContentShow.aspx/TURL
Requested by
Host: example-domain-signin.aws.amazon.com.office365tr.com
URL: http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-3.0.0.js
Protocol
HTTP/1.1
Server
2606:4700:3031::6818:66ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a160758e9a57ab961d25490a598656bcfa7b18d519b7a6892b89483fd32411a

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

Date
Sun, 20 Dec 2020 23:39:23 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
NEL
{"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DkuBCVL7WV6jYWdpHQB3lFVPmHYdsdL7G2UE1YLRglgr%2BVBcnY%2F7Wp%2FuVnUkwxI60KlbrOV19vXEw1y9Nnt1LQGjGWgd91N7lIuIdo8pwCQkmmb8pY3W5dFc2ZyyHRXfj%2B2A4ekKritE1pP0Zlzd9muLvz35Pshu45dkzNP1Gsc1"}],"group":"cf-nel","max_age":604800}
Content-Type
application/json; charset=utf-8
Cache-Control
private, max-age=0
Connection
keep-alive
CF-RAY
604d33cccf881f3d-FRA
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
cf-request-id
07241eb40000001f3d22888000000001
X-UA-Compatible
IE=edge
truncated
/ 		226 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e89be6bba4cc671c3fe91a5b721d263f88c1e3d1e1bbcccbb035fd7b524f6aa7

Request headers

Referer
http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
nr-1184.min.js
js-agent.newrelic.com/ 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1184.min.js
Requested by
Host: example-domain-signin.aws.amazon.com.office365tr.com
URL: http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.110 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77

Request headers

Referer
http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 20 Dec 2020 23:39:23 GMT
content-encoding
gzip
x-amz-request-id
46B754C9495974E6
x-cache
HIT
content-length
10624
x-amz-id-2
cbTZ4AR07v91iqhm/m+YOgJ5aLRAa0ZKJg1aA6z6qcoy7dLx9vcYvDO3lhmQfV/Gh7Xzp72yqKs=
x-served-by
cache-ams21024-AMS
last-modified
Mon, 28 Sep 2020 16:34:45 GMT
server
AmazonS3
x-timer
S1608507563.063489,VS0,VE0
etag
"3d7f312be60d08a2568e311e4762f3af"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
4822
404.html
example-domain-signin.aws.amazon.com.office365tr.com/CustomErrors/
Redirect Chain
  • http://example-domain-signin.aws.amazon.com.office365tr.com/metrics/pageload
  • http://example-domain-signin.aws.amazon.com.office365tr.com/CustomErrors/404.html
1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
http://example-domain-signin.aws.amazon.com.office365tr.com/CustomErrors/404.html
Protocol
HTTP/1.1
Server
2606:4700:3031::6818:66ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0ffc65048158a9d94bf3990f5bdaa67e3ce6ec6783c9110f8295ddd1783fa76

Request headers

Referer
http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 20 Dec 2020 23:39:23 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Last-Modified
Sat, 12 Sep 2020 12:24:52 GMT
Server
cloudflare
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8SPskNXV19M%2Fi0QeglEZXXyScQF7zEMspBzWMqTtSWS3PORX79wpeUV8kNT17sF42ewM8riciOBQKMjy544b2l%2FOSgOeXfrpQXj9hUMg7dOxY%2F3u96GqkIuMgOKZ9sgqr%2FelhrwnrteeUoK3Jr23TrG8w3JP0oMQgqJ1uOOjXk1D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/html
NEL
{"report_to":"cf-nel","max_age":604800}
Connection
keep-alive
CF-RAY
604d33cd3ea0062d-FRA
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
cf-request-id
07241eb4440000062d2eab5000000001
X-UA-Compatible
IE=edge

Redirect headers

Date
Sun, 20 Dec 2020 23:39:23 GMT
CF-Cache-Status
DYNAMIC
NEL
{"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gm52A4ETs6dUrYXm3wy1TwVe7Bu5v%2F%2BRM85nlSbb%2FPxWO7vpKrMA77XV%2BONeEdb6iMhyWpHWPKvlVI%2BFE0%2F6%2BA0bVxLWXybT0vUKctlNxSDLld5vy3V8uHIyNgP57EwLAdq%2Bi%2F5evlMDt%2Fh%2BxQOncpImPQL1JtgkstMx%2Fw%2BZUICO"}],"group":"cf-nel","max_age":604800}
Content-Type
text/html; charset=UTF-8
Location
http://example-domain-signin.aws.amazon.com.office365tr.com/CustomErrors/404.html
Connection
keep-alive
CF-RAY
604d33ccde06062d-FRA
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
cf-request-id
07241eb4080000062d6a19b000000001
X-UA-Compatible
IE=edge
fa229cc1a3
bam.eu01.nr-data.net/1/ 		57 B
275 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam.eu01.nr-data.net/1/fa229cc1a3?a=606863&v=1184.ab39b52&to=MhBSZQoZVkJXAERRDgtacWIoV1teWBdVVhUWHV9GVhlLQU4%3D&rst=374&ck=1&ref=http://example-domain-signin.aws.amazon.com.office365tr.com/&ap=48&be=125&fe=309&dc=301&perf=%7B%22timing%22:%7B%22of%22:1608507562705,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:14,%22c%22:14,%22ce%22:19,%22rq%22:19,%22rp%22:119,%22rpe%22:197,%22dl%22:121,%22di%22:301,%22ds%22:301,%22de%22:308,%22dc%22:308,%22l%22:308,%22le%22:310%7D,%22navigation%22:%7B%7D%7D&fp=289&fcp=289&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1184.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.221.86.2 , Germany, ASN206998 (NEW-2, IE),
Reverse DNS
Software
/
Resource Hash
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1

Request headers

Referer
http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
57
Content-Type
text/javascript;charset=ISO-8859-1
fa229cc1a3
bam.eu01.nr-data.net/events/1/ 		24 B
218 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bam.eu01.nr-data.net/events/1/fa229cc1a3?a=606863&v=1184.ab39b52&to=MhBSZQoZVkJXAERRDgtacWIoV1teWBdVVhUWHV9GVhlLQU4%3D&rst=10374&ck=1&ref=http://example-domain-signin.aws.amazon.com.office365tr.com/
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1184.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.221.86.2 , Germany, ASN206998 (NEW-2, IE),
Reverse DNS
Software
/
Resource Hash
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer
http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type
text/plain

Response headers

Access-Control-Allow-Origin
http://example-domain-signin.aws.amazon.com.office365tr.com
Access-Control-Allow-Credentials
true
Content-Length
24
Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AWS (Online)

172 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated object| NREUM object| newrelic function| __nr_require function| getParameterByName function| reportMetric function| reportMetrics string| U2F_METRICS_PATH string| CANDIDATE_METRICS_PATH string| U2F_COUPLED_ROOT string| U2F_DECOUPLED_ROOT string| U2F_CANDIDATE_COUPLED_ROOT string| CANDIDATE_ROOT_LOGIN string| U2F_IAM_USER string| U2F_ERROR_CODE string| U2F_CLIENT_LIBRARY_ERROR string| CANDIDATE_MFA_CANCEL string| COMPATIBLE string| INCOMPATIBLE string| UNKNOWN string| INVALID string| OPT_IN_REGION_FAILURE string| isU2FCompatible boolean| isMobileApp string| loginpage_error_title_unknownaccount string| loginpage_error_message_unknownaccount string| loginpage_resolveaccountdiv_warning_invalid string| loginpage_resolveaccountdiv_warning_empty string| loginpage_logindiv_password_empty string| loginpage_captchadiv_error_title string| loginpage_captchadiv_error_message string| loginpage_otpdiv_general_message_before_email string| loginpage_otpdiv_general_message_after_email string| loginpage_otpdiv_error_title string| loginpage_otpdiv_error_message string| loginpage_otpdiv_error_expired_title string| loginpage_otpdiv_error_expired_message string| loginpage_otpdiv_error_maximum_attempt_reached_title string| loginpage_otpdiv_error_maximum_attempt_reached_message string| loginpage_otpdiv_resend_title string| loginpage_otpdiv_resend_message string| general_error_internal_server_error_title string| general_error_internal_server_error_message string| general_error_bad_request_title string| general_error_bad_request_message string| general_authenticate_error_title string| general_authenticate_error_message function| requestParameters string| signupUrl string| contactUsMfaUrl string| contactPremiumSupportUrl string| authPortalUrl string| authPortalForgotPasswordUrl string| authPortalTroubleshootMfaUrl string| iamLoginUrl boolean| isAccountUpdateReAuth boolean| showErrorMessage string| errorTitle string| errorMessage boolean| __fwcimLoaded object| fwcim boolean| isFlashEnabled boolean| __fwcimShimProfileReady object| u2f undefined| js_api_version number| state number| VERIFY_EMAIL number| SIGNIN number| AFA string| captchaStatusToken string| csrf string| sessionId string| possessionChallengeOtpToken string| otpGuess string| u2fResponse boolean| skipU2FValidation string| mfaSerial string| u2fMfaSerial string| mfaResponse string| candidateMfaResponse boolean| bypassCaptcha function| handleCandidateU2fLogin function| getMetadata object| errorMessageController object| otpErrorMessageController object| otpSuccessMessageController object| u2fMfaController object| resolverContainerController object| loginContainerController object| candidateLoginContainerController object| candidateMfaContainer function| getCookie function| resolveIdentifier function| resolveAccountType function| resolveAccountTypeWithMetadata function| clearCaptchaState function| clearMfaUserInput function| hideAllContainers function| hideMarketingContainer function| hideSigninInnerContainer function| hideSigninInnerFullWidthContainer function| showMarketingContainer function| showSigninInnerContainer function| showSigninInnerFullWidthContainer function| hideErrors function| showSpinnerOnSigninButtonAndDisableTheButton function| removeSpinnerOnSigninButtonAndEnableTheButton function| showSpinnerOnMfaSubmitButtonAndDisableTheButton function| removeSpinnerOnMfaSubmitButtonAndEnableTheButton function| showSpinnerOnResyncMfaButtonAndDisableTheButton function| removeSpinnerOnResyncMfaButtonAndEnableTheButton function| showSpinnerOnAfaButtonAndDisableTheButton function| removeSpinnerOnAfaButtonAndEnableTheButton function| showSpinnerOnOTPButtonAndDisableTheButton function| removeSpinnerOnOTPButtonAndEnableTheButton function| DisableOTPButton function| EnableOTPButton function| showIamSignin function| showMfaDeviceConfirmation function| showResyncMfa function| showResolverContainer function| showPasswordEntry function| showMfaEntry function| showU2fMfa function| handleU2fData function| showSuspendedUserDiv function| showMfaCustomerSupport function| showForgotPasswordPopupError function| signin function| setU2FSignResponse function| signinWithMetadata function| showCaptcha function| showOTP function| clearPossessionChallengeTokenAndOtpGuess object| otpContainerController function| handleResendOtp function| handleResendOtpWithMetadata function| populateCaptcha function| handleForgotPasswordFlow function| handleGetResetPasswordToken function| handleGetResetPasswordTokenWithMetadata function| populatePasswordRecoveryCaptcha function| refreshForgotPasswordCaptcha function| showForgotPasswordPopupWithoutCaptcha function| showForgotPasswordPopupWithCaptcha function| showForgotPasswordPopup function| dismissForgotPasswordPopup function| hideAllOnPasswordRecoveryPage function| showCandidatePasswordEntry function| handleAjaxCallFailure function| showCandidateMfaEntry function| $ function| jQuery object| SCSM number| currentYear function| handleLanguageOptions function| changeLanguage boolean| urld string| urlt function| TURL function| scorePassword function| checkPassStrength function| checkPassStrength2 function| Captured function| changeFavicon function| executeFunctionByName object| core string| currentPath

2 Cookies

Domain/Path Name / Value
example-domain-signin.aws.amazon.com.office365tr.com/ Name: ASP.NET_SessionId
Value: sghprnkuuggve5yvhxytg5c3
.office365tr.com/ Name: __cfduid
Value: d15dde0b8626d8f22348dd75cf481aed11608507562

5 Console Messages

Source Level URL
Text
console-api log URL: http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-migrate-3.3.1.js(Line 69)
Message:
JQMIGRATE: Migrate is installed with logging active, version 3.3.1
console-api warning URL: http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-migrate-3.3.1.js(Line 100)
Message:
JQMIGRATE: jQuery.fn.keypress() event shorthand is deprecated
console-api log URL: http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-migrate-3.3.1.js(Line 102)
Message:
console.trace
console-api warning URL: http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-migrate-3.3.1.js(Line 100)
Message:
JQMIGRATE: jQuery.fn.click() event shorthand is deprecated
console-api log URL: http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-migrate-3.3.1.js(Line 102)
Message:
console.trace