0ff1ce-onedrive-attachment-download-aligzmojy.now.sh
Open in
urlscan Pro
34.65.228.161
Malicious Activity!
Public Scan
Effective URL: https://0ff1ce-onedrive-attachment-download-aligzmojy.now.sh/?_branch_match_id=789092667444865814&utm_medium=marketing
Submission: On May 13 via manual from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on April 5th 2020. Valid for: 3 months.
This is the only time 0ff1ce-onedrive-attachment-download-aligzmojy.now.sh was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2600:9000:201... 2600:9000:2016:7000:19:9934:6a80:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 34.65.228.161 34.65.228.161 | 15169 (GOOGLE) (GOOGLE) | |
14 | 2a02:4780:dea... 2a02:4780:dead:9f0f::1 | 204915 (AWEX) (AWEX) | |
15 | 2 |
ASN15169 (GOOGLE, US)
PTR: 161.228.65.34.bc.googleusercontent.com
0ff1ce-onedrive-attachment-download-aligzmojy.now.sh |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
000webhostapp.com
falsifiable-person.000webhostapp.com |
121 KB |
1 |
now.sh
0ff1ce-onedrive-attachment-download-aligzmojy.now.sh |
2 KB |
1 |
app.link
1 redirects
723mu.app.link |
705 B |
15 | 3 |
Domain | Requested by | |
---|---|---|
14 | falsifiable-person.000webhostapp.com |
0ff1ce-onedrive-attachment-download-aligzmojy.now.sh
|
1 | 0ff1ce-onedrive-attachment-download-aligzmojy.now.sh | |
1 | 723mu.app.link | 1 redirects |
15 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.now.sh Let's Encrypt Authority X3 |
2020-04-05 - 2020-07-04 |
3 months | crt.sh |
*.000webhostapp.com RapidSSL RSA CA 2018 |
2019-06-11 - 2021-07-10 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://0ff1ce-onedrive-attachment-download-aligzmojy.now.sh/?_branch_match_id=789092667444865814&utm_medium=marketing
Frame ID: 7075A0DC936C6C19F3A5185349DC2184
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://723mu.app.link/YneTTDCVi6
HTTP 307
https://0ff1ce-onedrive-attachment-download-aligzmojy.now.sh/?_branch_match_id=789092667444865814&utm_medium=marketing Page URL
Detected technologies
Now (Web Servers) ExpandDetected patterns
- headers server /^now$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://723mu.app.link/YneTTDCVi6
HTTP 307
https://0ff1ce-onedrive-attachment-download-aligzmojy.now.sh/?_branch_match_id=789092667444865814&utm_medium=marketing Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
0ff1ce-onedrive-attachment-download-aligzmojy.now.sh/ Redirect Chain
|
11 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
av011.png
falsifiable-person.000webhostapp.com/vc/wk/wk/home/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bt01.png
falsifiable-person.000webhostapp.com/vc/wk/wk/home/img/ |
491 B 702 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
av021.png
falsifiable-person.000webhostapp.com/vc/wk/wk/home/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
av022.png
falsifiable-person.000webhostapp.com/vc/wk/wk/home/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bt02.png
falsifiable-person.000webhostapp.com/vc/wk/wk/home/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
av031.png
falsifiable-person.000webhostapp.com/vc/wk/wk/home/img/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bt03.png
falsifiable-person.000webhostapp.com/vc/wk/wk/home/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
av041.png
falsifiable-person.000webhostapp.com/vc/wk/wk/home/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bt04.png
falsifiable-person.000webhostapp.com/vc/wk/wk/home/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
av051.png
falsifiable-person.000webhostapp.com/vc/wk/wk/home/img/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bt05.png
falsifiable-person.000webhostapp.com/vc/wk/wk/home/img/ |
923 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
av061.png
falsifiable-person.000webhostapp.com/vc/wk/wk/home/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bt06.png
falsifiable-person.000webhostapp.com/vc/wk/wk/home/img/ |
491 B 702 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
001.png
falsifiable-person.000webhostapp.com/vc/wk/wk/home/img/ |
88 KB 88 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
0ff1ce-onedrive-attachment-download-aligzmojy.now.sh
723mu.app.link
falsifiable-person.000webhostapp.com
2600:9000:2016:7000:19:9934:6a80:93a1
2a02:4780:dead:9f0f::1
34.65.228.161
0ca9497a9e2c19628ef30c1405a682b5eefab5a38821d35c563642e1e79a62a0
137aa9734d8c02300502944ed1376d395a9f4ba97676e701ed32d07dbbf28be6
24a8a365301768ddcf849160e1342d63b1feae4d5dacb1cb3d608c8cb6fa5994
3fe2e6bec88c9dfda8a8a396ef687309fb6663b5da176f5dce730e44763e298b
41f4edeb8e00d84f6df38807c2b6636a63aef7d36ad3d1c41ca396ca1804465b
590f45556412336488ff1db500b4e34104f30e7161e494992e4d0493a3d06dc6
6bdd77a0448306ef0f6aea95131560c6fc2c81aaa25158bf975c91906616a237
9c93e8dbbb882fd57e533f32709d0a28f94e3c7cce2fcaf1729ddc97e61979c3
a15b29fe61cdf379483582fe360b12868747042fa87bb40b0e9af42ccfd548ee
a609042b1ca43d30d0006c66a1417fea56b42766feeaeba8b20803a43e6dff09
b66a50616923e92b5b89fa4f2ca2f9a0281f5a27845885cf21dd397a0c1abb07
bc1a464cf269178d8c6e77030104427d6a443e56551a248e1ba2dd99e46c4967
bfc52d51178c1fb22377b03c09c8479d611e2afecbeb5d5a34988bbbbb60d08c
f4b76a0986dba96e8ca33869dfa3e5c0351140191c52a49ffc8104970978351c