urlscan.io logo urlscan.io
SecurityTrails logo

sharepointfileserver.tk Open in urlscan Pro
23.229.166.161  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://lbelleau.z21.web.core.windows.net/
Effective URL: https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=60858511...
Submission: On January 13 via manual from IN
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 14 HTTP transactions. The main IP is 23.229.166.161, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US. The main domain is sharepointfileserver.tk.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 11th 2020. Valid for: 3 months.
This is the only time sharepointfileserver.tk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: OneDrive (Online)

Domain & IP information

IP Address AS Autonomous System
3 13.84.56.21 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
2 9 23.229.166.161 26496 (AS-26496-...)
3 2.19.34.64 20940 (AKAMAI-ASN1)
14 4
3    13.84.56.21 (San Antonio, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
lbelleau.z21.web.core.windows.net
1    2a00:1450:4001:81a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com
9    23.229.166.161 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-23-229-166-161.ip.secureserver.net
sharepointfileserver.tk
3    2.19.34.64 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-19-34-64.deploy.static.akamaitechnologies.com
static2.sharepointonline.com
Domain Requested by
9 sharepointfileserver.tk 2 redirects lbelleau.z21.web.core.windows.net
sharepointfileserver.tk
3 static2.sharepointonline.com sharepointfileserver.tk
3 lbelleau.z21.web.core.windows.net lbelleau.z21.web.core.windows.net
1 ajax.googleapis.com lbelleau.z21.web.core.windows.net
14 4

This site contains no links.

Subject Issuer Validity Valid
*.web.core.windows.net
Microsoft IT TLS CA 2		 2019-04-30 -
2021-04-30		 2 years crt.sh
*.storage.googleapis.com
GTS CA 1O1		 2019-12-10 -
2020-03-03		 3 months crt.sh
sharepointfileserver.tk
Let's Encrypt Authority X3		 2020-01-11 -
2020-04-10		 3 months crt.sh
*.sharepointonline.com
Microsoft IT TLS CA 4		 2019-09-06 -
2021-09-06		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
Frame ID: BDC7DA24A6FD75B02287D9A136AE5C31
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://lbelleau.z21.web.core.windows.net/ Page URL
  2. https://sharepointfileserver.tk/locator/Doc423943867/auth HTTP 301
    https://sharepointfileserver.tk/locator/Doc423943867/auth/ HTTP 302
    https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encr... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Microsoft-HTTPAPI(?:\/([\d.]+))?/i

Page Statistics

14
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

227 kB
Transfer

459 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://lbelleau.z21.web.core.windows.net/ Page URL
  2. https://sharepointfileserver.tk/locator/Doc423943867/auth HTTP 301
    https://sharepointfileserver.tk/locator/Doc423943867/auth/ HTTP 302
    https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
lbelleau.z21.web.core.windows.net/ 		3 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lbelleau.z21.web.core.windows.net/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.84.56.21 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
700603f133d8d66ea928735a15c73b618e7c463d8ff601b409f6c32bdc35abca

Request headers

Host
lbelleau.z21.web.core.windows.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User
?1

Response headers

Content-Length
3332
Content-Type
text/html
Last-Modified
Sat, 11 Jan 2020 07:08:30 GMT
Accept-Ranges
bytes
ETag
"0x8D7966510333343"
Server
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id
304c6b23-d01e-009c-21dc-c9ede5000000
x-ms-version
2018-03-28
Date
Mon, 13 Jan 2020 06:38:47 GMT
style.css
lbelleau.z21.web.core.windows.net/css/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lbelleau.z21.web.core.windows.net/css/style.css
Requested by
Host: lbelleau.z21.web.core.windows.net
URL: https://lbelleau.z21.web.core.windows.net/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.84.56.21 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

Referer
https://lbelleau.z21.web.core.windows.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-ms-request-id
304c6bba-d01e-009c-26dc-c9ede5000000
Date
Mon, 13 Jan 2020 06:38:48 GMT
x-ms-version
2018-03-28
Server
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code
WebContentNotFound
Content-Length
321
Content-Type
text/html
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.1.0/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js
Requested by
Host: lbelleau.z21.web.core.windows.net
URL: https://lbelleau.z21.web.core.windows.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://lbelleau.z21.web.core.windows.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 21 Nov 2019 18:08:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4537823
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
30211
x-xss-protection
0
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 20 Nov 2020 18:08:25 GMT
scripts.js
lbelleau.z21.web.core.windows.net/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://lbelleau.z21.web.core.windows.net/js/scripts.js
Requested by
Host: lbelleau.z21.web.core.windows.net
URL: https://lbelleau.z21.web.core.windows.net/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.84.56.21 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

Referer
https://lbelleau.z21.web.core.windows.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-ms-request-id
304c6bd5-d01e-009c-3ddc-c9ede5000000
Date
Mon, 13 Jan 2020 06:38:48 GMT
x-ms-version
2018-03-28
Server
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code
WebContentNotFound
Content-Length
321
Content-Type
text/html
Primary Request ashra.html
sharepointfileserver.tk/locator/Doc423943867/auth/
Redirect Chain
  • https://sharepointfileserver.tk/locator/Doc423943867/auth
  • https://sharepointfileserver.tk/locator/Doc423943867/auth/
  • https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connectin...
73 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
Requested by
Host: lbelleau.z21.web.core.windows.net
URL: https://lbelleau.z21.web.core.windows.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-23-229-166-161.ip.secureserver.net
Software
Apache /
Resource Hash
d209f949021be8ea073e20859992e45f26dd4f13701416a13164862ccc6e9e03

Request headers

:method
GET
:authority
sharepointfileserver.tk
:scheme
https
:path
/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://lbelleau.z21.web.core.windows.net/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://lbelleau.z21.web.core.windows.net/

Response headers

status
200
date
Mon, 13 Jan 2020 06:38:58 GMT
server
Apache
last-modified
Wed, 21 Aug 2019 08:51:36 GMT
etag
"ae41f4b-12341-5909cae3bb600-gzip"
accept-ranges
bytes
vary
Accept-Encoding,User-Agent
content-encoding
gzip
content-length
10055
content-type
text/html; charset=UTF-8

Redirect headers

status
302
date
Mon, 13 Jan 2020 06:38:57 GMT
server
Apache
x-powered-by
PHP/7.3.7
location
ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
vary
User-Agent
content-length
0
content-type
text/html; charset=UTF-8
sharepoint.png
sharepointfileserver.tk/locator/Doc423943867/auth/images/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sharepointfileserver.tk/locator/Doc423943867/auth/images/sharepoint.png
Requested by
Host: sharepointfileserver.tk
URL: https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-23-229-166-161.ip.secureserver.net
Software
Apache /
Resource Hash
4305077b3a5eb93ad83197ad9e451c5b28d0fdd119ac66800ead10d86268e17f

Request headers

Referer
https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 13 Jan 2020 06:38:58 GMT
last-modified
Sun, 21 Apr 2019 08:42:58 GMT
server
Apache
etag
"ae41f59-21ce-5870656b7e880"
content-type
image/png
status
200
accept-ranges
bytes
content-length
8654
office365.png
sharepointfileserver.tk/locator/Doc423943867/auth/images/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sharepointfileserver.tk/locator/Doc423943867/auth/images/office365.png
Requested by
Host: sharepointfileserver.tk
URL: https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-23-229-166-161.ip.secureserver.net
Software
Apache /
Resource Hash
df40c793ff83e8430ecd526f3d2fe49485c5b6e5767f55afc70b1823acfc6095

Request headers

Referer
https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 13 Jan 2020 06:38:58 GMT
last-modified
Sun, 21 Apr 2019 05:57:34 GMT
server
Apache
etag
"ae41f57-7c5f-587040733af80"
content-type
image/png
status
200
accept-ranges
bytes
content-length
31839
arrow.png
sharepointfileserver.tk/locator/Doc423943867/auth/images/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sharepointfileserver.tk/locator/Doc423943867/auth/images/arrow.png
Requested by
Host: sharepointfileserver.tk
URL: https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-23-229-166-161.ip.secureserver.net
Software
Apache /
Resource Hash
406c4becf83ab8f58c783155e96cf0b075a4915daad184758ffc87305affbef5

Request headers

Referer
https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 13 Jan 2020 06:38:58 GMT
last-modified
Sun, 21 Apr 2019 09:13:40 GMT
server
Apache
etag
"ae41f50-44ba-58706c4829900"
content-type
image/png
status
200
accept-ranges
bytes
content-length
17594
email.jpg
sharepointfileserver.tk/locator/Doc423943867/auth/images/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sharepointfileserver.tk/locator/Doc423943867/auth/images/email.jpg
Requested by
Host: sharepointfileserver.tk
URL: https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-23-229-166-161.ip.secureserver.net
Software
Apache /
Resource Hash
76c0751bb7080046bb2ff1705e4dbef292677531f4935cfa2bc9ee4695d3cb12

Request headers

Referer
https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 13 Jan 2020 06:38:58 GMT
last-modified
Sun, 21 Apr 2019 06:49:08 GMT
server
Apache
etag
"ae41f51-52b3-58704bf9e6100"
content-type
image/jpeg
status
200
accept-ranges
bytes
content-length
21171
microsoft.svg
sharepointfileserver.tk/locator/Doc423943867/auth/images/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sharepointfileserver.tk/locator/Doc423943867/auth/images/microsoft.svg
Requested by
Host: sharepointfileserver.tk
URL: https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-23-229-166-161.ip.secureserver.net
Software
Apache /
Resource Hash
2ab2f46cc0148f1ebb34da7a984b8a8b71b4881f52485ed14246739d5c694c69

Request headers

Referer
https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 13 Jan 2020 06:38:58 GMT
content-encoding
gzip
last-modified
Fri, 30 Nov 2018 06:14:06 GMT
server
Apache
etag
"ae41f55-1280-57bdbb4dd2780-gzip"
vary
Accept-Encoding,User-Agent
content-type
image/svg+xml
status
200
accept-ranges
bytes
content-length
1850
grid.svg
sharepointfileserver.tk/locator/Doc423943867/auth/images/ 		117 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sharepointfileserver.tk/locator/Doc423943867/auth/images/grid.svg
Requested by
Host: sharepointfileserver.tk
URL: https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-23-229-166-161.ip.secureserver.net
Software
Apache /
Resource Hash
d6b7e036b0f282ef6acde352f5419cc847aeb2d876a253f79b2327f6000b3dbe

Request headers

Referer
https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 13 Jan 2020 06:38:58 GMT
content-encoding
gzip
last-modified
Fri, 30 Nov 2018 06:14:04 GMT
server
Apache
etag
"ae41f53-1d549-57bdbb4bea300-gzip"
vary
Accept-Encoding,User-Agent
content-type
image/svg+xml
status
200
accept-ranges
bytes
content-length
3428
segoeui-regular.woff2
static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/ 		35 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-regular.woff2
Requested by
Host: sharepointfileserver.tk
URL: https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.19.34.64 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-19-34-64.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
94ef87ee295c67526205d67124f404e246226105e939e14c435a20c29a956f49

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
Origin
https://sharepointfileserver.tk

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Mon, 13 Jan 2020 06:38:58 GMT
last-modified
Thu, 02 Nov 2017 17:22:02 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
hl8dtlRfyUovRETdYOe7xg==
access-control-allow-origin
*
etag
0x8D522163B704E10
content-type
application/font-woff2
status
200
x-ms-request-id
9390ca86-a01e-00b7-5556-9d12d7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control
public, max-age=26421137
x-ms-version
2009-09-19
content-length
36344
segoeui-semibold.woff2
static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/ 		31 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold.woff2
Requested by
Host: sharepointfileserver.tk
URL: https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.19.34.64 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-19-34-64.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
22e7ac6e00b3f7463f2c89c577877ed717686d6f219614c890317d86560c413d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
Origin
https://sharepointfileserver.tk

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Mon, 13 Jan 2020 06:38:58 GMT
last-modified
Thu, 26 Oct 2017 19:02:14 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
ZtEeVbekE932qE6Fhpfntg==
access-control-allow-origin
*
etag
0x8D51CA4122953A7
content-type
application/font-woff2
status
200
x-ms-request-id
20eadca3-b01e-008a-2790-9fa7f1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control
public, max-age=26666348
x-ms-version
2009-09-19
content-length
31824
segoeui-bold.woff2
static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/ 		32 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-bold.woff2
Requested by
Host: sharepointfileserver.tk
URL: https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.19.34.64 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-19-34-64.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
c599144a6ee494d56d4622e7cc57873a3ba7b3413e525f3e3b4aa7d8298aa2ec

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://sharepointfileserver.tk/locator/Doc423943867/auth/ashra.html?accessToFile=true&fileAccess=53017&encryptedCookie=608585111c20a11bc30dd5906f174866&u=56fbb99b63649559f38d3f8b6ab28b00&connecting=f7671acacfb55516b19d4199f7cf4ead&phaseAccess=bef03b6be1ba116c9f5825625c0e865f&p=ac76a5f6111f40b74d7910cc79019055
Origin
https://sharepointfileserver.tk

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Mon, 13 Jan 2020 06:38:58 GMT
last-modified
Thu, 02 Nov 2017 17:22:02 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
LEcXW4kKJ4gkTbuwT9FYEA==
access-control-allow-origin
*
etag
0x8D522163B57DFC5
content-type
application/font-woff2
status
200
x-ms-request-id
34a41b46-b01e-008a-18ec-d9a7f1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control
public, max-age=4915585
x-ms-version
2009-09-19
content-length
32964

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OneDrive (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies