o365-us.spanningbackup.com Open in urlscan Pro
54.88.78.156 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://o365-us.spanningbackup.com/
Submission: On June 29 via manual (June 29th 2017, 7:02:35 pm UTC) from US

Summary HTTP 21 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 6 domains to perform 21 HTTP transactions. The main IP is 54.88.78.156, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is o365-us.spanningbackup.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on November 15th 2016. Valid for: a year.

This is the only time o365-us.spanningbackup.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
3	54.88.78.156 54.88.78.156	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	52.216.0.43 52.216.0.43	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a00:1450:400... 2a00:1450:4001:81b::200a	15169 (GOOGLE) (GOOGLE - Google Inc.)
4	52.20.48.118 52.20.48.118	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	2a00:1450:400... 2a00:1450:4001:81b::200e	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	104.41.216.16 104.41.216.16	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
7	2a02:26f0:122... 2a02:26f0:122:39e::fb1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
21	8

3 54.88.78.156 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-88-78-156.compute-1.amazonaws.com

o365-us.spanningbackup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.0.43 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81b::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.20.48.118 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-20-48-118.compute-1.amazonaws.com

o365-us.spanningbackup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81b::200e (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.41.216.16 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

login.microsoftonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:122:39e::fb1 (European Union)

ASN20940 (AKAMAI-ASN1, US)

secure.aadcdn.microsoftonline-p.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	microsoftonline-p.com secure.aadcdn.microsoftonline-p.com	163 KB
7	spanningbackup.com o365-us.spanningbackup.com	275 KB
2	google-analytics.com www.google-analytics.com	12 KB
2	googleapis.com fonts.googleapis.com	619 B
1	microsoftonline.com login.microsoftonline.com Failed	14 KB
1	amazonaws.com s3.amazonaws.com	305 KB
21	6

	Domain	Requested by
7	secure.aadcdn.microsoftonline-p.com	login.microsoftonline.com o365-us.spanningbackup.com
7	o365-us.spanningbackup.com	o365-us.spanningbackup.com
2	www.google-analytics.com	o365-us.spanningbackup.com
2	fonts.googleapis.com	o365-us.spanningbackup.com
1	login.microsoftonline.com
1	s3.amazonaws.com	o365-us.spanningbackup.com
21	6

This site contains links to these domains. Also see Links.

Domain
account.live.com
passwordreset.microsoftonline.com
login.live.com
www.microsoft.com
privacy.microsoft.com

Subject Issuer	Validity	Valid
*.spanningbackup.com COMODO RSA Domain Validation Secure Server CA	`2016-11-15` - `2018-01-04`	a year	crt.sh
s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2016-07-29` - `2017-11-29`	a year	crt.sh
*.googleapis.com Google Internet Authority G2	`2017-06-21` - `2017-09-13`	3 months	crt.sh
*.google-analytics.com Google Internet Authority G2	`2017-06-21` - `2017-09-13`	3 months	crt.sh
stamp2.login.microsoftonline.com Symantec Class 3 EV SSL CA - G3	`2016-03-16` - `2018-03-17`	2 years	crt.sh
secure.aadcdn.microsoftonline-p.com Symantec Class 3 Secure Server CA - G4	`2016-09-01` - `2017-09-01`	a year	crt.sh

This page contains 2 frames:

Frame: https://login.microsoftonline.com/common/wsfed?wtrealm=https%3A%2F%2Fspanning365.com%2Fo365backup%2FappURI&wa=wsignin1.0&whr=&wreply=https%3A%2F%2Fo365-us.spanningbackup.com%2Flogin%2Fcallback
Frame ID: 14582.1
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

21
Requests

95 %
HTTPS

43 %
IPv6

6
Domains

6
Subdomains

8
IPs

3
Countries

770 kB
Transfer

1944 kB
Size

5
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://account.live.com/password/reset?wreply=https:%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAeNisNLMKCkpKLbS1y8uSMzLy8xLNzYz1UvOz9XPBzKSEpOzSwv0EwsKQoM8i4S4BLhj072PW1xzny7JWel9kZ9rFaMhTD9IvW5psR7MHIhesFE5-emZefrJiTk5IMELjIwvGBlvMfGEF7ulpqQWJZZk5udtYmYDqszNz7vAwvWKhcmA7wcL4yJWoI0Btl_S_K2T_SZ-idkZK8PJcIpV37Iqwi2pOL-kKiu3LEk_0SnbwMXbzDIzIy9c30A7uMTVI80zUNsjvDzQJd3WyMpwAhvPKTaGXZykuxQA0
Title: Personal account

Search URL Search Domain Scan URL

URL: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAeNisNLMKCkpKLbS1y8uSMzLy8xLNzYz1UvOz9XPBzKSEpOzSwv0EwsKQoM8i4S4BLhj072PW1xzny7JWel9kZ9rFaMhTD9IvW5psR7MHIhesFE5-emZefrJiTk5IMELjIwvGBlvMfGEF7ulpqQWJZZk5udtYmYDqszNz7vAwvWKhcmA7wcL4yJWoI0Btl_S_K2T_SZ-idkZK8PJcIpV37Iqwi2pOL-kKiu3LEk_0SnbwMXbzDIzIy9c30A7uMTVI80zUNsjvDzQJd3WyMpwAhvPKTaGXZykuxQA0&mkt=en-US&hosted=0
Title: Work or school account

Search URL Search Domain Scan URL

URL: https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAeNisNLMKCkpKLbS1y8uSMzLy8xLNzYz1UvOz9XPBzKSEpOzSwv0EwsKQoM8i4S4BLhj072PW1xzny7JWel9kZ9rFaMhTD9IvW5psR7MHIhesFE5-emZefrJiTk5IMELjIwvGBlvMfGEF7ulpqQWJZZk5udtYmYDqszNz7vAwvWKhcmA7wcL4yJWoI0Btl_S_K2T_SZ-idkZK8PJcIpV37Iqwi2pOL-kKiu3LEk_0SnbwMXbzDIzIy9c30A7uMTVI80zUNsjvDzQJd3WyMpwAhvPKTaGXZykuxQA0&id=&uaid=4b675d0b38c747d6971909794bd10f0a&pcexp=false&popupui=
Title: Sign in with a Microsoft account

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-US/servicesagreement/
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en-US/privacystatement
Title: Privacy & Cookies

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request 2

https://cloud.typography.com/6720432/767002/css/fonts.css
https://s3.amazonaws.com/spanning_static/fonts/175706/F225262D81440D571.css

Request 11

https://login.windows.net/common/wsfed?wtrealm=https%3A%2F%2Fspanning365.com%2Fo365backup%2FappURI&wa=wsignin1.0&whr=&wreply=https%3A%2F%2Fo365-us.spanningbackup.com%2Flogin%2Fcallback
https://login.microsoftonline.com/common/wsfed?wtrealm=https%3A%2F%2Fspanning365.com%2Fo365backup%2FappURI&wa=wsignin1.0&whr=&wreply=https%3A%2F%2Fo365-us.spanningbackup.com%2Flogin%2Fcallback

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
o365-us.spanningbackup.com/ 2 KB
787 B 705ms
105ms Document
text/html 54.88.78.156
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://o365-us.spanningbackup.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.88.78.156 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-88-78-156.compute-1.amazonaws.com
Software: / Express
Resource Hash: d0d7ba8eb465f6dca88e0f4a31596277401a25fcb99deaf0e0da04f9d4152c36

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Thu, 29 Jun 2017 19:02:22 GMT
content-encoding: gzip
etag: W/"65f-15ccc52bb68"
last-modified: Wed, 21 Jun 2017 20:23:13 GMT
x-powered-by: Express
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: public, max-age=0
transfer-encoding: chunked
Connection: keep-alive
accept-ranges: bytes

GET
H/1.1 200
OK vendor.da8739d6.css
o365-us.spanningbackup.com/styles/ 20 KB
2 KB 103ms
102ms Stylesheet
text/css 54.88.78.156
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://o365-us.spanningbackup.com/styles/vendor.da8739d6.css
Requested by: Host: o365-us.spanningbackup.com
URL: https://o365-us.spanningbackup.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.88.78.156 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-88-78-156.compute-1.amazonaws.com
Software: / Express
Resource Hash: ec526eb70023b3e9d2cb9aefa4b719eb8c98c489091958fe7d71949796592832

Request headers

Referer: https://o365-us.spanningbackup.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Thu, 29 Jun 2017 19:02:22 GMT
content-encoding: gzip
etag: W/"5196-15ccc52b780"
last-modified: Wed, 21 Jun 2017 20:23:12 GMT
x-powered-by: Express
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
transfer-encoding: chunked
Connection: keep-alive
accept-ranges: bytes

GET
H/1.1 200
OK main.8dbdbebe.css
o365-us.spanningbackup.com/styles/ 237 KB
39 KB 207ms
103ms Stylesheet
text/css 54.88.78.156
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://o365-us.spanningbackup.com/styles/main.8dbdbebe.css
Requested by: Host: o365-us.spanningbackup.com
URL: https://o365-us.spanningbackup.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.88.78.156 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-88-78-156.compute-1.amazonaws.com
Software: / Express
Resource Hash: 45387d6b8fdf7c8133f655872804c7bda8b110c3327e78090ae67850a64ab942

Request headers

Referer: https://o365-us.spanningbackup.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Thu, 29 Jun 2017 19:02:22 GMT
content-encoding: gzip
etag: W/"3b41b-15ccc52afb0"
last-modified: Wed, 21 Jun 2017 20:23:10 GMT
x-powered-by: Express
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
transfer-encoding: chunked
Connection: keep-alive
accept-ranges: bytes

GET
H/1.1

200
OK

F225262D81440D571.css
s3.amazonaws.com/spanning_static/fonts/175706/
Redirect Chain

https://cloud.typography.com/6720432/767002/css/fonts.css
https://s3.amazonaws.com/spanning_static/fonts/175706/F225262D81440D571.css

305 KB
305 KB

506ms
207ms

Stylesheet
text/css

52.216.0.43
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/spanning_static/fonts/175706/F225262D81440D571.css
Requested by: Host: o365-us.spanningbackup.com
URL: https://o365-us.spanningbackup.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.0.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 191859fda3f08706aae1e8949c4eb63e13745242573ecfda98b62f0f525cccab

Request headers

Referer: https://o365-us.spanningbackup.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Thu, 29 Jun 2017 19:02:24 GMT
Last-Modified: Mon, 09 Jun 2014 16:49:59 GMT
Server: AmazonS3
x-amz-request-id: 4E84828D66D8A6AE
ETag: "0fab41c14dc3239f285ec28a5fa6e8fc"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 312509
x-amz-id-2: DwdOmKri1Mz/7+sMMyhA8ld/fZKoQ3SN47okvZ9mmHDgRC70oyiAcu0jSve5Xh5khCzYLntqjHw=

Redirect headers

Date: Thu, 29 Jun 2017 19:02:23 GMT
Last-Modified: Mon, 09 Jun 2014 16:50:58 GMT
Server: Apache
ETag: "5150b16641c9e16bc6046538a50e2d6e:1402332657"
Vary: Accept-Encoding
Content-Type: text/html
Location: https://s3.amazonaws.com/spanning_static/fonts/175706/F225262D81440D571.css
Cache-Control: must-revalidate, private
Connection: keep-alive
Content-Length: 154
Expires: Thu, 29 June 2017 19:02:23 GMT

GET
S 200 css
fonts.googleapis.com/ 1 KB
396 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:81b::200a
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800

Requested by

Host: o365-us.spanningbackup.com
URL: https://o365-us.spanningbackup.com/

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81b::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

ESF /

Resource Hash

639bc2c3f563321368313b467622e90feee112263a12def7a9c37a4f284e8e0d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://o365-us.spanningbackup.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Thu, 29 Jun 2017 19:02:22 GMT
content-encoding: gzip
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
x-xss-protection: 1; mode=block
expires: Thu, 29 Jun 2017 19:02:22 GMT

GET
S 200 css
fonts.googleapis.com/ 258 B
223 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:81b::200a
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Pacifico

Requested by

Host: o365-us.spanningbackup.com
URL: https://o365-us.spanningbackup.com/

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81b::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

ESF /

Resource Hash

0134e9c2a017c24c5a62b27a5c24be4152baaa2f5f552a4e5123c7a82a805ee1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://o365-us.spanningbackup.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Thu, 29 Jun 2017 19:02:22 GMT
content-encoding: gzip
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
x-xss-protection: 1; mode=block
expires: Thu, 29 Jun 2017 19:02:22 GMT

GET
H/1.1 200
OK vendor.8c093ba8.js Show response
o365-us.spanningbackup.com/scripts/ 522 KB
170 KB 399ms
103ms Script
application/javascript 52.20.48.118
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://o365-us.spanningbackup.com/scripts/vendor.8c093ba8.js
Requested by: Host: o365-us.spanningbackup.com
URL: https://o365-us.spanningbackup.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.48.118 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-20-48-118.compute-1.amazonaws.com
Software: / Express
Resource Hash: 11c7b3596652901d8d64849b1fc09692130efb4a1a3a841cc8516c0d640c4d7a

Request headers

Referer: https://o365-us.spanningbackup.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Thu, 29 Jun 2017 19:02:23 GMT
content-encoding: gzip
etag: W/"826a6-15ccc52abc8"
last-modified: Wed, 21 Jun 2017 20:23:09 GMT
x-powered-by: Express
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0
transfer-encoding: chunked
Connection: keep-alive
accept-ranges: bytes

GET
H/1.1 200
OK scripts.d6009594.js Show response
o365-us.spanningbackup.com/scripts/ 401 KB
64 KB 406ms
104ms Script
application/javascript 52.20.48.118
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://o365-us.spanningbackup.com/scripts/scripts.d6009594.js
Requested by: Host: o365-us.spanningbackup.com
URL: https://o365-us.spanningbackup.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.48.118 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-20-48-118.compute-1.amazonaws.com
Software: / Express
Resource Hash: 46f945f9948de9fd708db505370fd049ba3262dc22ae375d522cc4afcf479b4c

Request headers

Referer: https://o365-us.spanningbackup.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Thu, 29 Jun 2017 19:02:23 GMT
content-encoding: gzip
etag: W/"64436-15ccc52abc8"
last-modified: Wed, 21 Jun 2017 20:23:09 GMT
x-powered-by: Express
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0
transfer-encoding: chunked
Connection: keep-alive
accept-ranges: bytes

GET
S 200 analytics.js Show response
www.google-analytics.com/ 29 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81b::200e
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: o365-us.spanningbackup.com
URL: https://o365-us.spanningbackup.com/scripts/vendor.8c093ba8.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81b::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

Golfe2 /

Resource Hash

765010cbfccaf06cb5b9166023a22b655a10b37075c91e276a5550c5ecd855ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://o365-us.spanningbackup.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 06 Jun 2017 00:25:39 GMT
server: Golfe2
age: 2714
date: Thu, 29 Jun 2017 18:17:10 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 12343
expires: Thu, 29 Jun 2017 20:17:10 GMT

GET
H/1.1 200
OK user Show response
o365-us.spanningbackup.com/api/ 42 B
42 B 103ms
103ms XHR
application/json 52.20.48.118
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://o365-us.spanningbackup.com/api/user
Requested by: Host: o365-us.spanningbackup.com
URL: https://o365-us.spanningbackup.com/scripts/vendor.8c093ba8.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.48.118 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-20-48-118.compute-1.amazonaws.com
Software: /
Resource Hash: 6e7e48efc4779b0e1cfe94a4ed26d1f7e03410251c252fb0ffc401df97e60300

Request headers

Accept: application/json, text/plain, */*
Referer: https://o365-us.spanningbackup.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2017 19:02:24 GMT
cache-control: no-store
Connection: keep-alive
Content-Length: 42
content-type: application/json

GET
H/1.1 401
Unauthorized tenant Show response
o365-us.spanningbackup.com/api/ 41 B
41 B 105ms
105ms XHR
application/json 52.20.48.118
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://o365-us.spanningbackup.com/api/tenant
Requested by: Host: o365-us.spanningbackup.com
URL: https://o365-us.spanningbackup.com/scripts/vendor.8c093ba8.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.48.118 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-20-48-118.compute-1.amazonaws.com
Software: /
Resource Hash: 41aaea73eb0a88d427d55ec3411c3e45b8afc94beb21a925972953ef95375eea

Request headers

Accept: application/json, text/plain, */*
Referer: https://o365-us.spanningbackup.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2017 19:02:24 GMT
cache-control: no-store
Connection: keep-alive
Content-Length: 41
content-type: application/json

GET
S 200 collect
www.google-analytics.com/r/ 35 B
44 B 13ms
13ms Image
image/gif 2a00:1450:4001:81b::200e
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j56&a=1457556112&t=pageview&_s=1&dl=https%3A%2F%2Fo365-us.spanningbackup.com%2F&ul=en-us&de=UTF-8&dt=Spanning%20Backup&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABI~&jid=256655407&gjid=1909629257&cid=1322636239.1498762945&tid=UA-XXXXX-X&_gid=1856720166.1498762945&_r=1&z=1091328292

Requested by

Host: o365-us.spanningbackup.com
URL: https://o365-us.spanningbackup.com/

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81b::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://o365-us.spanningbackup.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2017 19:02:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET

wsfed
login.microsoftonline.com/common/
Redirect Chain

https://login.windows.net/common/wsfed?wtrealm=https%3A%2F%2Fspanning365.com%2Fo365backup%2FappURI&wa=wsignin1.0&whr=&wreply=https%3A%2F%2Fo365-us.spanningbackup.com%2Flogin%2Fcallback
https://login.microsoftonline.com/common/wsfed?wtrealm=https%3A%2F%2Fspanning365.com%2Fo365backup%2FappURI&wa=wsignin1.0&whr=&wreply=https%3A%2F%2Fo365-us.spanningbackup.com%2Flogin%2Fcallback

0
0

GET
H/1.1 200
OK wsfed Show response
login.microsoftonline.com/common/ Frame 1461 43 KB
14 KB 357ms
251ms Document
text/html 104.41.216.16
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.microsoftonline.com/common/wsfed?wtrealm=https%3A%2F%2Fspanning365.com%2Fo365backup%2FappURI&wa=wsignin1.0&whr=&wreply=https%3A%2F%2Fo365-us.spanningbackup.com%2Flogin%2Fcallback

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

104.41.216.16 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

da44c528f4d8175e6606e812df50df2d660c28598037f1e7dfea509a03c96293

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
Referer: https://o365-us.spanningbackup.com/#/splash
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Frame-Options: DENY
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 66f43d50-3b4f-4e63-91f4-5cb95d1c0900
Cache-Control: no-cache, no-store
Date: Thu, 29 Jun 2017 19:02:24 GMT
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 14144
Expires: -1

GET
H/1.1 200
OK login.min.css
secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.18/content/cdnbundles/ Frame 1461 22 KB
5 KB 30ms
6ms Stylesheet
text/css 2a02:26f0:122:39e::fb1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.18/content/cdnbundles/login.min.css

Requested by

Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/common/wsfed?wtrealm=https%3A%2F%2Fspanning365.com%2Fo365backup%2FappURI&wa=wsignin1.0&whr=&wreply=https%3A%2F%2Fo365-us.spanningbackup.com%2Flogin%2Fcallback

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:122:39e::fb1 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

1cb99b8f6ef91cab65770c9233f5a9db4e461d1c39c2e561c8606e3994eb1a30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://login.microsoftonline.com/common/wsfed?wtrealm=https%3A%2F%2Fspanning365.com%2Fo365backup%2FappURI&wa=wsignin1.0&whr=&wreply=https%3A%2F%2Fo365-us.spanningbackup.com%2Flogin%2Fcallback
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Thu, 29 Jun 2017 19:02:25 GMT
Content-Encoding: gzip
Last-Modified: Tue, 27 Jun 2017 21:51:47 GMT
Content-MD5: kWZAWCshmJ7GwpEv5MDUtg==
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=452957
Strict-Transport-Security: max-age=31536000
Content-Length: 4943

GET
H/1.1 200
OK jquery.1.11.min.js Show response
secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.18/content/cdnbundles/ Frame 1461 108 KB
38 KB 31ms
6ms Script
application/x-javascript 2a02:26f0:122:39e::fb1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.18/content/cdnbundles/jquery.1.11.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:122:39e::fb1 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

080ff245615e719959bc5537e164ac4495c4b8036462dfee2076dd92f22c8491

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Referer: https://login.microsoftonline.com/common/wsfed?wtrealm=https%3A%2F%2Fspanning365.com%2Fo365backup%2FappURI&wa=wsignin1.0&whr=&wreply=https%3A%2F%2Fo365-us.spanningbackup.com%2Flogin%2Fcallback
Origin: https://login.microsoftonline.com

Response headers

Date: Thu, 29 Jun 2017 19:02:25 GMT
Content-Encoding: gzip
Last-Modified: Tue, 27 Jun 2017 21:51:47 GMT
Content-MD5: uh+HH+n7/grQTOu2+tsxCg==
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=452955
Strict-Transport-Security: max-age=31536000
Content-Length: 38473

GET
H/1.1 200
OK aad.login.min.js Show response
secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.18/content/cdnbundles/ Frame 1461 176 KB
43 KB 31ms
6ms Script
application/x-javascript 2a02:26f0:122:39e::fb1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.18/content/cdnbundles/aad.login.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:122:39e::fb1 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

6ae8b5dd36bc17d5372ea5e78901009118e6f7c9d10538a7c30b7a04d488fe98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Referer: https://login.microsoftonline.com/common/wsfed?wtrealm=https%3A%2F%2Fspanning365.com%2Fo365backup%2FappURI&wa=wsignin1.0&whr=&wreply=https%3A%2F%2Fo365-us.spanningbackup.com%2Flogin%2Fcallback
Origin: https://login.microsoftonline.com

Response headers

Date: Thu, 29 Jun 2017 19:02:25 GMT
Content-Encoding: gzip
Last-Modified: Tue, 27 Jun 2017 21:50:35 GMT
Content-MD5: LsFmMggU7MHe3JFAZKSnWg==
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=452887
Strict-Transport-Security: max-age=31536000
Content-Length: 43789

GET
H/1.1 200
OK close.png
secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.18/content/images/ Frame 1461 190 B
190 B 8ms
6ms Image
image/png 2a02:26f0:122:39e::fb1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.18/content/images/close.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:122:39e::fb1 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

9e444d6e8e9247aa4f8fb0025995c7867fc1d63c182774f4524a3cf8588c10c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://login.microsoftonline.com/common/wsfed?wtrealm=https%3A%2F%2Fspanning365.com%2Fo365backup%2FappURI&wa=wsignin1.0&whr=&wreply=https%3A%2F%2Fo365-us.spanningbackup.com%2Flogin%2Fcallback
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Thu, 29 Jun 2017 19:02:25 GMT
Last-Modified: Tue, 27 Jun 2017 21:53:03 GMT
Content-MD5: YnjsCsEWoilRLuXESGWLFg==
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=452999
Connection: keep-alive
Content-Length: 190

GET
H/1.1 200
OK microsoft_logo.png
secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.18/content/images/ Frame 1461 1 KB
1 KB 6ms
6ms Image
image/png 2a02:26f0:122:39e::fb1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.18/content/images/microsoft_logo.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:122:39e::fb1 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://login.microsoftonline.com/common/wsfed?wtrealm=https%3A%2F%2Fspanning365.com%2Fo365backup%2FappURI&wa=wsignin1.0&whr=&wreply=https%3A%2F%2Fo365-us.spanningbackup.com%2Flogin%2Fcallback
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Thu, 29 Jun 2017 19:02:25 GMT
Last-Modified: Tue, 27 Jun 2017 21:53:08 GMT
Content-MD5: 7ZyesNzhfXUr7eprWs2m2Q==
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=452983
Connection: keep-alive
Content-Length: 1057

GET
H/1.1 200
OK login_hover.min.css
secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.18/content/cdnbundles/ Frame 1461 89 B
82 B 6ms
6ms Stylesheet
text/css 2a02:26f0:122:39e::fb1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.18/content/cdnbundles/login_hover.min.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:122:39e::fb1 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

91c2b74542e11d0278e02715a980b39582eae2e3b519ddd2d4f9ca939e58109c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://login.microsoftonline.com/common/wsfed?wtrealm=https%3A%2F%2Fspanning365.com%2Fo365backup%2FappURI&wa=wsignin1.0&whr=&wreply=https%3A%2F%2Fo365-us.spanningbackup.com%2Flogin%2Fcallback
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Thu, 29 Jun 2017 19:02:25 GMT
Content-Encoding: gzip
Last-Modified: Tue, 27 Jun 2017 21:51:49 GMT
Content-MD5: k+LdzPr5J17LuCAOBMVTBQ==
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=454487
Strict-Transport-Security: max-age=31536000
Content-Length: 82

GET
H/1.1 200
OK default_signin_illustration.png
secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.18/content/images/ Frame 1461 77 KB
77 KB 6ms
6ms Image
image/png 2a02:26f0:122:39e::fb1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.18/content/images/default_signin_illustration.png

Requested by

Host: o365-us.spanningbackup.com
URL: https://o365-us.spanningbackup.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:122:39e::fb1 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

6841eab657904530f619033883b9e9d681b8a568c1b009277818d45ced5f8d9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://login.microsoftonline.com/common/wsfed?wtrealm=https%3A%2F%2Fspanning365.com%2Fo365backup%2FappURI&wa=wsignin1.0&whr=&wreply=https%3A%2F%2Fo365-us.spanningbackup.com%2Flogin%2Fcallback
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Thu, 29 Jun 2017 19:02:25 GMT
Last-Modified: Tue, 27 Jun 2017 21:53:04 GMT
Content-MD5: 5o+Z8BQ4fPD7Ix8knL+T9Q==
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=453674
Connection: keep-alive
Content-Length: 78369

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: login.microsoftonline.com
URL: https://login.microsoftonline.com/common/wsfed?wtrealm=https%3A%2F%2Fspanning365.com%2Fo365backup%2FappURI&wa=wsignin1.0&whr=&wreply=https%3A%2F%2Fo365-us.spanningbackup.com%2Flogin%2Fcallback

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
login.microsoftonline.com/	1970-01-01 00:00:00	Name: stsservicecookie Value: ests
login.microsoftonline.com/	1970-01-01 00:00:00	Name: x-ms-gateway-slice Value: 005
.login.microsoftonline.com/	1970-01-01 00:00:00	Name: esctx Value: AQABAAAAAABnfiG-mA6NTae7CdWW7QfdW6SJfq7o5EkVZJuZX62RfUWddfFcqOarEhLWj3mU3-PfBXymHiDKgwFfomNCEHq1_EUmJVC3hiNRpbprYiL6rSg21AGOFBegm1Uc1XoXJx_JRWIUTpPC1FfsvfyoTvBpIa4kqonwVl31_BrU062MhEBRW7cqWDtuV1UK6W7yCj8gAA
login.microsoftonline.com/	2017-07-29 19:02:27	Name: buid Value: AQABAAEAAABnfiG-mA6NTae7CdWW7QfdF1tFhkbAdRfVf3V11ngOT9jr3Xofli3bZBJ6M4-7SUquymeVeuk9XqT-5sF_RqENe1U1DFwQ0QWnaeBJE3ndLts4tbij1vstetw8eQlg3zQgAA
login.microsoftonline.com/common	1970-01-01 00:00:00	Name: testcookie Value: testcookie

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
login.microsoftonline.com
o365-us.spanningbackup.com
s3.amazonaws.com
secure.aadcdn.microsoftonline-p.com
www.google-analytics.com
login.microsoftonline.com
104.41.216.16
2a00:1450:4001:81b::200a
2a00:1450:4001:81b::200e
2a02:26f0:122:39e::fb1
52.20.48.118
52.216.0.43
54.88.78.156
0134e9c2a017c24c5a62b27a5c24be4152baaa2f5f552a4e5123c7a82a805ee1
080ff245615e719959bc5537e164ac4495c4b8036462dfee2076dd92f22c8491
11c7b3596652901d8d64849b1fc09692130efb4a1a3a841cc8516c0d640c4d7a
191859fda3f08706aae1e8949c4eb63e13745242573ecfda98b62f0f525cccab
1cb99b8f6ef91cab65770c9233f5a9db4e461d1c39c2e561c8606e3994eb1a30
41aaea73eb0a88d427d55ec3411c3e45b8afc94beb21a925972953ef95375eea
45387d6b8fdf7c8133f655872804c7bda8b110c3327e78090ae67850a64ab942
46f945f9948de9fd708db505370fd049ba3262dc22ae375d522cc4afcf479b4c
639bc2c3f563321368313b467622e90feee112263a12def7a9c37a4f284e8e0d
6841eab657904530f619033883b9e9d681b8a568c1b009277818d45ced5f8d9b
6ae8b5dd36bc17d5372ea5e78901009118e6f7c9d10538a7c30b7a04d488fe98
6e7e48efc4779b0e1cfe94a4ed26d1f7e03410251c252fb0ffc401df97e60300
765010cbfccaf06cb5b9166023a22b655a10b37075c91e276a5550c5ecd855ba
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
91c2b74542e11d0278e02715a980b39582eae2e3b519ddd2d4f9ca939e58109c
9e444d6e8e9247aa4f8fb0025995c7867fc1d63c182774f4524a3cf8588c10c5
d0d7ba8eb465f6dca88e0f4a31596277401a25fcb99deaf0e0da04f9d4152c36
da44c528f4d8175e6606e812df50df2d660c28598037f1e7dfea509a03c96293
ec526eb70023b3e9d2cb9aefa4b719eb8c98c489091958fe7d71949796592832
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c

o365-us.spanningbackup.com Open in urlscan Pro 54.88.78.156 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

21 Requests

95 %HTTPS

43 %IPv6

6 Domains

6 Subdomains

8 IPs

3 Countries

770 kBTransfer

1944 kBSize

5 Cookies

5 Outgoing links

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

5 Cookies

Indicators

o365-us.spanningbackup.com Open in urlscan Pro
54.88.78.156 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

95 %
HTTPS

43 %
IPv6

6
Domains

6
Subdomains

8
IPs

3
Countries

770 kB
Transfer

1944 kB
Size

5
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!