ajccd.org
Open in
urlscan Pro
173.214.172.75
Malicious Activity!
Public Scan
Effective URL: https://ajccd.org/doc/login.html
Submission: On May 30 via api from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 30th 2019. Valid for: 3 months.
This is the only time ajccd.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DocuSign (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.85.173.50 54.85.173.50 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
19 | 173.214.172.75 173.214.172.75 | 19318 (IS-AS-1) (IS-AS-1 - Interserver) | |
2 | 143.204.101.58 143.204.101.58 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
2 | 143.204.101.127 143.204.101.127 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 1 | 107.20.136.0 107.20.136.0 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
23 | 3 |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-85-173-50.compute-1.amazonaws.com
smarturl.it |
ASN19318 (IS-AS-1 - Interserver, Inc, US)
PTR: dns2026b.trouble-free.net
ajccd.org |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-101-58.fra50.r.cloudfront.net
d3hmp0045zy3cs.cloudfront.net |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-101-127.fra50.r.cloudfront.net
d29usylhdk1xyu.cloudfront.net |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-107-20-136-0.compute-1.amazonaws.com
rpxnow.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
ajccd.org
ajccd.org |
659 KB |
4 |
cloudfront.net
d3hmp0045zy3cs.cloudfront.net d29usylhdk1xyu.cloudfront.net |
129 KB |
1 |
rpxnow.com
1 redirects
rpxnow.com |
262 B |
1 |
smarturl.it
1 redirects
smarturl.it |
796 B |
23 | 4 |
Domain | Requested by | |
---|---|---|
19 | ajccd.org |
ajccd.org
|
2 | d29usylhdk1xyu.cloudfront.net |
ajccd.org
|
2 | d3hmp0045zy3cs.cloudfront.net |
ajccd.org
d29usylhdk1xyu.cloudfront.net |
1 | rpxnow.com | 1 redirects |
1 | smarturl.it | 1 redirects |
23 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.docusign.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ajccd.org cPanel, Inc. Certification Authority |
2019-05-30 - 2019-08-28 |
3 months | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2018-10-08 - 2019-10-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ajccd.org/doc/login.html
Frame ID: 6AB6E417CF4CB9625DE79F76949FAB45
Requests: 23 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://smarturl.it/g2t8mw
HTTP 301
https://ajccd.org/doc/login.html Page URL
Detected technologies
LiteSpeed (Web Servers) ExpandDetected patterns
- headers server /^LiteSpeed$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://smarturl.it/g2t8mw
HTTP 301
https://ajccd.org/doc/login.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 14- https://rpxnow.com/js/lib/login.docusign.net/engage.js HTTP 301
- https://d29usylhdk1xyu.cloudfront.net/load/login.docusign.net
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.html
ajccd.org/doc/ Redirect Chain
|
106 KB 33 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login
ajccd.org/doc/login_files/ |
455 KB 456 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
engage.js.download
ajccd.org/doc/login_files/ |
11 KB 11 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-faces.css
ajccd.org/doc/login_files/ |
6 KB 811 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
XmlHttp.js.download
ajccd.org/doc/login_files/ |
14 KB 14 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.10.2.min.js.download
ajccd.org/doc/login_files/ |
91 KB 91 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Framework.css
ajccd.org/doc/login_files/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MemberLogin.css
ajccd.org/doc/login_files/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
providers.css
ajccd.org/doc/login_files/ |
104 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
WebResource.axd
ajccd.org/doc/login_files/ |
26 KB 26 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
docusign.png
ajccd.org/doc/login_files/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
powered_by_docusign_gray.png
ajccd.org/doc/login_files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
btn_arrow_u.png
ajccd.org/doc/login_files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
providers.css
d3hmp0045zy3cs.cloudfront.net/HEAD/ |
104 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login
d29usylhdk1xyu.cloudfront.net/manifest/ |
455 KB 110 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.docusign.net
d29usylhdk1xyu.cloudfront.net/load/ Redirect Chain
|
11 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HelveticaNeue.ttf
ajccd.org/doc/fonts/helvetica-neue/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MavenPro-Bold.ttf
ajccd.org/doc/fonts/maven-pro/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
providers.css
d3hmp0045zy3cs.cloudfront.net/HEAD/ |
104 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HelveticaNeue.woff
ajccd.org/doc/fonts/helvetica-neue/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MavenPro-Bold.woff
ajccd.org/doc/fonts/maven-pro/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HelveticaNeue.otf
ajccd.org/doc/fonts/helvetica-neue/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MavenPro-Bold.otf
ajccd.org/doc/fonts/maven-pro/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DocuSign (Online)143 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| janrain number| _recaptchaVersion boolean| _recaptchaInvisible object| timeInfo number| XmlLoaderCount function| XmlLoader function| IEXmlLoader function| MoXmlLoader number| currBrowserVer undefined| ua undefined| re function| XmlWrapper function| XmlWrapperFromXml function| IEXmlWrapper function| IEXmlWrapperFromXml function| MOXmlWrapper function| intro function| MOXmlWrapperFromXml function| WindowTracer function| SpanTracer function| GetURLTimeStamp function| xDom function| SingleNode function| SingleNodeT function| xSelectNodes function| $ function| jQuery function| AuthenticateO365 string| bdyId string| formbodyId string| borderId string| headertabsId string| headerId string| footerId string| tiId string| headerContentId string| hldrOutside string| masterIsMobile string| masterIsSafari boolean| leavemastermenuopen function| BtnCancelMD function| ChangeSelectedAccount function| CE function| MasterPageAction function| ChangeSite function| CloseMasterPageMenus function| OpenMasterPageMenu function| ShowAccounts function| LogoSizePage function| MasterPageBrowserWidth function| MasterPageScrollLeft function| upgradeClick function| webkitAudioContext object| theForm function| __doPostBack string| Page_ValidationVer boolean| Page_IsValid boolean| Page_BlockSubmit object| Page_InvalidControlToBeFocused object| Page_TextTypes function| ValidatorUpdateDisplay function| ValidatorUpdateIsValid function| AllValidatorsValid function| ValidatorHookupControlID function| ValidatorHookupControl function| ValidatorHookupEvent function| ValidatorGetValue function| ValidatorGetValueRecursive function| Page_ClientValidate function| ValidatorCommonOnSubmit function| ValidatorEnable function| ValidatorOnChange function| ValidatedTextBoxOnKeyPress function| ValidatedControlOnBlur function| ValidatorValidate function| ValidatorSetFocus function| IsInVisibleContainer function| IsValidationGroupMatch function| ValidatorOnLoad function| ValidatorConvert function| ValidatorCompare function| CompareValidatorEvaluateIsValid function| CustomValidatorEvaluateIsValid function| RegularExpressionValidatorEvaluateIsValid function| ValidatorTrim function| RequiredFieldValidatorEvaluateIsValid function| RangeValidatorEvaluateIsValid function| ValidationSummaryOnSubmit function| WebForm_OnSubmit function| linkClick_TermsOfUse function| linkClick_CorporateSupport function| linkClick_Feedback function| linkClick_IntellectualProp function| linkClick_PrivacyPolicy object| Page_Validators object| ds_hldrBdy_revLogin object| ds_hldrBdy_valLogin object| ds_hldrBdy_valPassword undefined| pm undefined| bdy boolean| Page_ValidationActive function| ValidatorOnSubmit string| myBrowser function| GoogleSource string| Login_SSOCorportate string| DocuSign_NavNext string| Global_LogIn string| MemberLogin_ResendFailed string| MemberLogin_NewActivationSent boolean| cbofocus function| removeSpaces function| FocusSet function| base64_decode function| extractEmailDomain function| extractEmail object| xmlPost boolean| overrideCorpSAML function| isSSOExcluded function| isSSOError function| isSSODone function| strEndsWith function| isSSOSaml function| FederationCheck function| EvaluateFederationStatus function| GetHomeRealmXMLResult function| CheckAccountServerThenSSO function| disablePasswordForAccountServer function| enablePasswordForAccountServer function| getViewportHeight function| getViewportWidth function| GetE function| doLoad function| CheckEnter function| ResendActivation function| ResendError function| ResendDone object| Page_ValidationSummaries boolean| cssNotFound boolean| _noReturnExperience number| oneRowHeaderHeight0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajccd.org
d29usylhdk1xyu.cloudfront.net
d3hmp0045zy3cs.cloudfront.net
rpxnow.com
smarturl.it
107.20.136.0
143.204.101.127
143.204.101.58
173.214.172.75
54.85.173.50
07bde2e3c7c53b6d539b496f835e0ef274c87a56d7061f812fa20bdd82188ccd
0f238de0cd768e9b29a3e72435a127494cfb4a2c7d4123f287a42ebdd78b6459
129f4c25b5ec38ba815cbdf948a6f73c388b12774b32ed200eed51318dd06bde
29c9e8752f25b17961e3c6ff72de34b1f1a157dfc5fabb68bd148b8ec9002b17
2a5179b8851c8e3dfc77d7dcb33b3963afa037608336d6ae412acaa38ad59d22
316edc0bf34bd527c50793eb5c134ad5582060f7743ae28b6ee2c07ac391de93
3d403ae21529c9c3d5a8a723803493d19374091d0f7c70f2fba9230d961f3c0a
57f373010bd7dc9274ba88e0065b66edceddfc811c69e6d9454ef4e15c972931
5ca72332bf1702655bb8fd7563fcfdaae5b12f4a83ef72718c76520c4cdf72bb
815fa50c57a64007c5abe9adbcf9bfe5289e16ceb79e8ac82e6e010a73014f1b
98314ef8d84ac885817ecff9332a07e5755432c26839bfe2ab99e1f6a711ebca
a2f8ddc13e9284ab01c4b6ce45e1fe58b5cde083ecdedb0f072420829120d59b
ef9453f74b2617d43dcef4242cf5845101fcfb57289c81bceb20042b0023a192
fa2776137cbda7fb85aaa56be710f14e5d3d18e231756cfbe283a2938e7d6620