example-domain-signin.aws.amazon.com.office365tr.com Open in urlscan Pro
2606:4700:3031::6818:66ce Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=0d5070cc-fd82-4c76-a4a9-c9c17a3e1817
Submission: On December 21 via manual (December 21st 2020, 2:33:50 am UTC) from US

Summary HTTP 9 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 9 HTTP transactions. The main IP is 2606:4700:3031::6818:66ce, located in United States and belongs to CLOUDFLARENET, US. The main domain is example-domain-signin.aws.amazon.com.office365tr.com.

This is the only time example-domain-signin.aws.amazon.com.office365tr.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AWS (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 6	2606:4700:303... 2606:4700:3031::6818:66ce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:62:... 2a04:4e42:62::272	54113 (FASTLY) (FASTLY)
1	151.101.114.110 151.101.114.110	54113 (FASTLY) (FASTLY)
2	185.221.86.34 185.221.86.34	206998 (NEW-2) (NEW-2)
9	5

6 2606:4700:3031::6818:66ce (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

example-domain-signin.aws.amazon.com.office365tr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:62::272 (Ascension Island)

ASN54113 (FASTLY, US)

m.media-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.221.86.34 (Germany)

ASN206998 (NEW-2, IE)

bam.eu01.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	office365tr.com 1 redirects example-domain-signin.aws.amazon.com.office365tr.com	460 KB
2	nr-data.net bam.eu01.nr-data.net	493 B
1	newrelic.com js-agent.newrelic.com	11 KB
1	media-amazon.com m.media-amazon.com	115 KB
9	4

	Domain	Requested by
6	example-domain-signin.aws.amazon.com.office365tr.com	1 redirects example-domain-signin.aws.amazon.com.office365tr.com
2	bam.eu01.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	example-domain-signin.aws.amazon.com.office365tr.com
1	m.media-amazon.com	example-domain-signin.aws.amazon.com.office365tr.com
9	4

This site contains links to these domains. Also see Links.

Domain
docs.aws.amazon.com

Subject Issuer	Validity	Valid
images-na.ssl-images-amazon.com DigiCert Global CA G2	`2020-09-16` - `2021-09-21`	a year	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-12-17` - `2021-05-07`	5 months	crt.sh
*.eu01.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-04` - `2022-02-08`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=0d5070cc-fd82-4c76-a4a9-c9c17a3e1817
Frame ID: 35E94C23545CCEF33FAD1A62A735FF9D
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

9
Requests

44 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

586 kB
Transfer

1509 kB
Size

2
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_u2f.html?icmpid=docs_iam_console
Title: Learn more

Search URL Search Domain Scan URL

URL: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_u2f_supported_configurations.html?icmpid=docs_iam_console
Title: See the list of compatible browsers

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

http://example-domain-signin.aws.amazon.com.office365tr.com/metrics/pageload HTTP 302
http://example-domain-signin.aws.amazon.com.office365tr.com/CustomErrors/404.html

9 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response example-domain-signin.aws.amazon.com.office365tr.com/	646 KB 366 KB	123ms 109ms	Document text/html	2606:4700:3031::6818:66ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=0d5070cc-fd82-4c76-a4a9-c9c17a3e1817 Protocol HTTP/1.1 Server 2606:4700:3031::6818:66ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0db6e6fdb2faf2c9a565f9cb576c4f106ba3131389179a6abe9ca1f16426d69a` Request headers Host example-domain-signin.aws.amazon.com.office365tr.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 21 Dec 2020 02:33:34 GMT Content-Type text/html; charset=utf-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie __cfduid=d108ffc47e1c0b7c86a71f87d5a4cc39d1608518014; expires=Wed, 20-Jan-21 02:33:34 GMT; path=/; domain=.office365tr.com; HttpOnly; SameSite=Lax ASP.NET_SessionId=lz024gpyagy0xrfjsy24ryb4; path=/; HttpOnly; SameSite=Lax Cache-Control private X-AspNet-Version 4.0.30319 Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept X-UA-Compatible IE=edge CF-Cache-Status DYNAMIC cf-request-id 0724be2ed2000005b3f48ba000000001 Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PKwo2boEKgDPFVrG0bATM9Vk0QWg4nUNd56%2BzsUFJ9kj7aPpUpG%2BN04sebYAMXuGc4uxDLoq3temCE%2BL%2FKpK8XmIpBnoVCV2NDskDfXW43%2Fegv5CuWYC9ib%2F043xVZNQNp3r8MXe9dVmJYLbak10rhbZb%2BL0OQbCFr9t8n858LZD"}],"group":"cf-nel","max_age":604800} NEL {"report_to":"cf-nel","max_age":604800} Server cloudflare CF-RAY 604e32f7bc3105b3-FRA Content-Encoding gzip
GET H2	200	fwcim._CB454428048_.js Show response m.media-amazon.com/images/G/01/x-locale/common/login/	406 KB 115 KB	20ms 6ms	Script application/x-javascript	2a04:4e42:62::272 FASTLY
General Check archive.org Show headers Download Go to Full URL https://m.media-amazon.com/images/G/01/x-locale/common/login/fwcim._CB454428048_.js Requested by Host: example-domain-signin.aws.amazon.com.office365tr.com URL: http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=0d5070cc-fd82-4c76-a4a9-c9c17a3e1817 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:62::272 , Ascension Island, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash `b2cc97c937b2669ac42786fb13c686bf7f24222ad042f0cee1764024d251c4d4` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=0d5070cc-fd82-4c76-a4a9-c9c17a3e1817 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 21 Dec 2020 02:33:34 GMT content-encoding gzip last-modified Wed, 13 Feb 2019 17:16:46 GMT age 23366782 vary Accept-Encoding x-cache HIT from fastly, HIT from fastly content-type application/x-javascript access-control-allow-origin * expires Tue, 13 Mar 2040 02:09:05 GMT cache-control max-age=630720000,public x-amz-ir-id c37ea5ef-8afb-4556-9556-e1719c6a19b1 accept-ranges bytes timing-allow-origin https://www.amazon.com content-length 117246 x-served-by cache-dca17742-DCA, cache-hhn11550-HHN
GET H/1.1	200 OK	jquery-3.0.0.js Show response example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/	364 KB 82 KB	54ms 54ms	Script application/javascript	2606:4700:3031::6818:66ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-3.0.0.js Requested by Host: example-domain-signin.aws.amazon.com.office365tr.com URL: http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=0d5070cc-fd82-4c76-a4a9-c9c17a3e1817 Protocol HTTP/1.1 Server 2606:4700:3031::6818:66ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b9065e2a0e1ebbb88f32a1a2b859446cdfa4d7886bf009e0f3e3ff475ae16b98` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=0d5070cc-fd82-4c76-a4a9-c9c17a3e1817 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 21 Dec 2020 02:33:34 GMT Content-Encoding gzip CF-Cache-Status REVALIDATED NEL {"report_to":"cf-nel","max_age":604800} Transfer-Encoding chunked Connection keep-alive cf-request-id 0724be2fa3000005b3188c6000000001 X-UA-Compatible IE=edge Last-Modified Sat, 12 Sep 2020 12:24:41 GMT Server cloudflare ETag W/"cc6f8db0ff88d61:0" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ht5a1q4%2BDB3hHRrHG8m5hzgtwL0bIBTv4odES5REPGwlyrTTr9rs6pU8nz15oYcgCf8vAbrBJmQVo8Uv0FbT3Xv06o0qqwdEYWgQw5INjomIYGSVols5F35WwJB9ESEuSYcH5aKw0Y%2BdrIPrn37O2Qwuqp5OyB30z3QTtPe4L8Hd"}],"group":"cf-nel","max_age":604800} Content-Type application/javascript Cache-Control max-age=14400 CF-RAY 604e32f90d4b05b3-FRA Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept
GET H/1.1	200 OK	jquery-migrate-3.3.1.js Show response example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/	30 KB 9 KB	104ms 98ms	Script application/javascript	2606:4700:3031::6818:66ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-migrate-3.3.1.js Requested by Host: example-domain-signin.aws.amazon.com.office365tr.com URL: http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=0d5070cc-fd82-4c76-a4a9-c9c17a3e1817 Protocol HTTP/1.1 Server 2606:4700:3031::6818:66ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `127308bdd96abc9b5ccfcb6d55f2bebbbf617bfa619b63c03715d781421b1b22` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=0d5070cc-fd82-4c76-a4a9-c9c17a3e1817 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 21 Dec 2020 02:33:34 GMT Content-Encoding gzip CF-Cache-Status REVALIDATED NEL {"report_to":"cf-nel","max_age":604800} Transfer-Encoding chunked Connection keep-alive cf-request-id 0724be2fac00000eafe9228000000001 X-UA-Compatible IE=edge Last-Modified Sat, 12 Sep 2020 12:24:41 GMT Server cloudflare ETag W/"feb8eb0ff88d61:0" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DedA4utQAGEqU2FW5BWZruuWuQdqoZMxeS%2BM8u2R%2B28k5qOvh5nKYr3JtK%2B7U9KuUmsuZtT%2BYlj9SzLaKbqregfIV6WAoLjkUKcXO%2FnRsckwnqIO7dewhF9tM7ygu7L66KKZaqNxDQukhQE2HTSgkJZph8uJNux6EzRUWZRle6xy"}],"group":"cf-nel","max_age":604800} Content-Type application/javascript Cache-Control max-age=14400 CF-RAY 604e32f9096e0eaf-FRA Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept
GET DATA	200 OK	truncated /	32 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `50e56bd81afcef466f4155d50c7225da52d1f0594357c32a13762afa69947b73` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=0d5070cc-fd82-4c76-a4a9-c9c17a3e1817 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8d82b1e7faa7f2cdecd63fbe12c5a878d88a70bf383a552c1e66f03d2b795f38` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=0d5070cc-fd82-4c76-a4a9-c9c17a3e1817 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	226 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e89be6bba4cc671c3fe91a5b721d263f88c1e3d1e1bbcccbb035fd7b524f6aa7` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=0d5070cc-fd82-4c76-a4a9-c9c17a3e1817 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf8
POST H/1.1	200 OK	TURL Show response example-domain-signin.aws.amazon.com.office365tr.com/ContentShow.aspx/	119 B 933 B	51ms 51ms	XHR application/json	2606:4700:3031::6818:66ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://example-domain-signin.aws.amazon.com.office365tr.com/ContentShow.aspx/TURL Requested by Host: example-domain-signin.aws.amazon.com.office365tr.com URL: http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-3.0.0.js Protocol HTTP/1.1 Server 2606:4700:3031::6818:66ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1a160758e9a57ab961d25490a598656bcfa7b18d519b7a6892b89483fd32411a` Request headers Accept application/json, text/javascript, /; q=0.01 Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=0d5070cc-fd82-4c76-a4a9-c9c17a3e1817 X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type application/json; charset=UTF-8 Response headers Date Mon, 21 Dec 2020 02:33:35 GMT Content-Encoding gzip CF-Cache-Status DYNAMIC NEL {"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NzjhKxRBn7JgkUq%2BFjREFf6jEmZcpVeFpIFAr7LAhzbr7ZPWG3KBiO5YDuQ1PSo92EnEW6S%2FpzUcLBPZE%2BaiTSc8CTZ8%2BFgvTxyjBUJcC4nGmOjnO9IH9U1cs67HvYl1QqJfL7W9SsvLdqUjQkBkUkg4zRf4z%2FcRAD3AF%2B7ZbAUs"}],"group":"cf-nel","max_age":604800} Content-Type application/json; charset=utf-8 Cache-Control private, max-age=0 Connection keep-alive CF-RAY 604e32f9b9e90eaf-FRA Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept cf-request-id 0724be301000000eafb91dc000000001 X-UA-Compatible IE=edge
GET H2	200	nr-1184.min.js Show response js-agent.newrelic.com/	27 KB 11 KB	141ms 46ms	Script application/javascript	151.101.114.110 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js-agent.newrelic.com/nr-1184.min.js Requested by Host: example-domain-signin.aws.amazon.com.office365tr.com URL: http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=0d5070cc-fd82-4c76-a4a9-c9c17a3e1817 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash `780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=0d5070cc-fd82-4c76-a4a9-c9c17a3e1817 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 21 Dec 2020 02:33:35 GMT content-encoding gzip x-amz-request-id A21809B1C987C063 x-cache HIT content-length 10624 x-amz-id-2 5/0iWHe8AbcxZN6Jo3BmJ2Q+tztfRSNwr+lcNTrsM79nJm6KurTN6rNwf14f8ELquc1TIDOjlf4= x-served-by cache-hhn4023-HHN last-modified Mon, 28 Sep 2020 16:34:45 GMT server AmazonS3 x-timer S1608518015.115387,VS0,VE0 etag "3d7f312be60d08a2568e311e4762f3af" vary Accept-Encoding content-type application/javascript via 1.1 varnish cache-control public, max-age=7200, stale-if-error=604800 accept-ranges bytes x-cache-hits 7052
GET H/1.1	200 OK	404.html Show response example-domain-signin.aws.amazon.com.office365tr.com/CustomErrors/ Redirect Chain http://example-domain-signin.aws.amazon.com.office365tr.com/metrics/pageload http://example-domain-signin.aws.amazon.com.office365tr.com/CustomErrors/404.html	1 KB 1 KB	28ms 27ms	XHR text/html	2606:4700:3031::6818:66ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://example-domain-signin.aws.amazon.com.office365tr.com/CustomErrors/404.html Protocol HTTP/1.1 Server 2606:4700:3031::6818:66ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d0ffc65048158a9d94bf3990f5bdaa67e3ce6ec6783c9110f8295ddd1783fa76` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=0d5070cc-fd82-4c76-a4a9-c9c17a3e1817 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 21 Dec 2020 02:33:35 GMT Content-Encoding gzip CF-Cache-Status DYNAMIC Last-Modified Sat, 12 Sep 2020 12:24:52 GMT Server cloudflare Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=EIKi2067gnkgQrgfwUCEKKDexzOXgF1ZFC%2B%2F7bry8Dz4%2Fpd5lYjsxtQjzMC7SLGOi6lmdCMsvByAn%2B%2BnAve%2F0m0%2Fr8A6J3Gcwi4cQWw2GDZXU8o2lCBSLxvRIiFHcgVhQKkn%2BIVn2doRRT69%2Fw%2F6iWXItZweK7B%2B1kC6v4fAzXqT"}],"group":"cf-nel","max_age":604800} Content-Type text/html NEL {"report_to":"cf-nel","max_age":604800} Connection keep-alive CF-RAY 604e32fa0a250eaf-FRA Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept cf-request-id 0724be304300000eafd8905000000001 X-UA-Compatible IE=edge Redirect headers Date Mon, 21 Dec 2020 02:33:35 GMT CF-Cache-Status DYNAMIC NEL {"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mhfHBaqkBkXxfW283jDZqSAkRt6s9Lz8N9SVnX4yd6ec5HDmcIt%2FCDy6Dqya5AR%2F%2BgK1JdvMHTSYro7FcSFUawKv2UblC2Qpgfr7sRUEsotoPy4MZTAmHEURj8IIs8pifUskC3FvwKTrLuQUPiDGQonWF3t7C56s0orRCLSTTpmS"}],"group":"cf-nel","max_age":604800} Content-Type text/html; charset=UTF-8 Location http://example-domain-signin.aws.amazon.com.office365tr.com/CustomErrors/404.html Connection keep-alive CF-RAY 604e32f9cdf605b3-FRA Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept cf-request-id 0724be3018000005b3e3934000000001 X-UA-Compatible IE=edge
GET H/1.1	200 OK	fa229cc1a3 Show response bam.eu01.nr-data.net/1/	57 B 275 B	235ms 57ms	Script text/javascript	185.221.86.34 NEW-2
General Check archive.org Show headers Download Go to Full URL https://bam.eu01.nr-data.net/1/fa229cc1a3?a=606863&v=1184.ab39b52&to=MhBSZQoZVkJXAERRDgtacWIoV1teWBdVVhUWHV9GVhlLQU4%3D&rst=488&ck=1&ref=http://example-domain-signin.aws.amazon.com.office365tr.com/&ap=50&be=133&fe=339&dc=333&perf=%7B%22timing%22:%7B%22of%22:1608518014658,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:10,%22c%22:10,%22ce%22:15,%22rq%22:15,%22rp%22:124,%22rpe%22:219,%22dl%22:129,%22di%22:333,%22ds%22:333,%22de%22:339,%22dc%22:339,%22l%22:339,%22le%22:340%7D,%22navigation%22:%7B%7D%7D&fp=310&fcp=310&jsonp=NREUM.setToken Requested by Host: js-agent.newrelic.com URL: https://js-agent.newrelic.com/nr-1184.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.221.86.34 , Germany, ASN206998 (NEW-2, IE), Reverse DNS Software / Resource Hash `d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=0d5070cc-fd82-4c76-a4a9-c9c17a3e1817 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Expires Thu, 01 Jan 1970 00:00:00 GMT Content-Length 57 Content-Type text/javascript;charset=ISO-8859-1
POST H/1.1	200 OK	fa229cc1a3 Show response bam.eu01.nr-data.net/events/1/	24 B 218 B	58ms 57ms	XHR image/gif	185.221.86.34 NEW-2
General Check archive.org Show headers Download Go to Full URL https://bam.eu01.nr-data.net/events/1/fa229cc1a3?a=606863&v=1184.ab39b52&to=MhBSZQoZVkJXAERRDgtacWIoV1teWBdVVhUWHV9GVhlLQU4%3D&rst=10489&ck=1&ref=http://example-domain-signin.aws.amazon.com.office365tr.com/ Requested by Host: js-agent.newrelic.com URL: https://js-agent.newrelic.com/nr-1184.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.221.86.34 , Germany, ASN206998 (NEW-2, IE), Reverse DNS Software / Resource Hash `0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=0d5070cc-fd82-4c76-a4a9-c9c17a3e1817 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 content-type text/plain Response headers Access-Control-Allow-Origin http://example-domain-signin.aws.amazon.com.office365tr.com Access-Control-Allow-Credentials true Content-Length 24 Content-Type image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AWS (Online)

172 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			example-domain-signin.aws.amazon.com.office365tr.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: lz024gpyagy0xrfjsy24ryb4
			.office365tr.com/	1970-01-19 15:31:50	Name: __cfduid Value: d108ffc47e1c0b7c86a71f87d5a4cc39d1608518014

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-migrate-3.3.1.js(Line 69) Message: JQMIGRATE: Migrate is installed with logging active, version 3.3.1
console-api	warning	URL: http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-migrate-3.3.1.js(Line 100) Message: JQMIGRATE: jQuery.fn.keypress() event shorthand is deprecated
console-api	log	URL: http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-migrate-3.3.1.js(Line 102) Message: console.trace
console-api	warning	URL: http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-migrate-3.3.1.js(Line 100) Message: JQMIGRATE: jQuery.fn.click() event shorthand is deprecated
console-api	log	URL: http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-migrate-3.3.1.js(Line 102) Message: console.trace

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam.eu01.nr-data.net
example-domain-signin.aws.amazon.com.office365tr.com
js-agent.newrelic.com
m.media-amazon.com
151.101.114.110
185.221.86.34
2606:4700:3031::6818:66ce
2a04:4e42:62::272
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0db6e6fdb2faf2c9a565f9cb576c4f106ba3131389179a6abe9ca1f16426d69a
127308bdd96abc9b5ccfcb6d55f2bebbbf617bfa619b63c03715d781421b1b22
1a160758e9a57ab961d25490a598656bcfa7b18d519b7a6892b89483fd32411a
50e56bd81afcef466f4155d50c7225da52d1f0594357c32a13762afa69947b73
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77
8d82b1e7faa7f2cdecd63fbe12c5a878d88a70bf383a552c1e66f03d2b795f38
b2cc97c937b2669ac42786fb13c686bf7f24222ad042f0cee1764024d251c4d4
b9065e2a0e1ebbb88f32a1a2b859446cdfa4d7886bf009e0f3e3ff475ae16b98
d0ffc65048158a9d94bf3990f5bdaa67e3ce6ec6783c9110f8295ddd1783fa76
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1
e89be6bba4cc671c3fe91a5b721d263f88c1e3d1e1bbcccbb035fd7b524f6aa7

example-domain-signin.aws.amazon.com.office365tr.com Open in urlscan Pro 2606:4700:3031::6818:66ce Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

44 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

5 IPs

3 Countries

586 kBTransfer

1509 kBSize

2 Cookies

2 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

172 JavaScript Global Variables

2 Cookies

5 Console Messages

Indicators

example-domain-signin.aws.amazon.com.office365tr.com Open in urlscan Pro
2606:4700:3031::6818:66ce Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

44 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

586 kB
Transfer

1509 kB
Size

2
Cookies

9 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!