scotlandmal.com Open in urlscan Pro
94.74.81.14 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://smarturl.it/mcrst365
Effective URL:
https://scotlandmal.com/lml/Office365/auth/
Submission: On September 05 via manual (September 5th 2017, 11:24:42 am UTC) from SE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 94.74.81.14, located in Ukraine and belongs to BREZHNEV-AS, RU. The main domain is scotlandmal.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 30th 2017. Valid for: 3 months.

This is the only time scotlandmal.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

	IP Address		AS Autonomous System
11	94.74.81.14 94.74.81.14		206963 (BREZHNEV-AS) (BREZHNEV-AS)
11	1

11 94.74.81.14 (Ukraine)

ASN206963 (BREZHNEV-AS, RU)
PTR: specialrenthouses.com

scotlandmal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	scotlandmal.com scotlandmal.com	318 KB
11	1

	Domain	Requested by
11	scotlandmal.com	scotlandmal.com
11	1

This site contains no links.

Subject Issuer	Validity	Valid
scotlandmal.com Let's Encrypt Authority X3	`2017-08-30` - `2017-11-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://scotlandmal.com/lml/Office365/auth/
Frame ID: 2012.1
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js/i

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

318 kB
Transfer

544 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response scotlandmal.com/lml/Office365/auth/ Redirect Chain https://scotlandmal.com/lml/Office365/auth https://scotlandmal.com/lml/Office365/auth/	40 KB 14 KB	91ms 91ms	Document text/html	94.74.81.14 BREZHNEV-AS
General Check archive.org Show headers Download Go to Full URL https://scotlandmal.com/lml/Office365/auth/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.74.81.14 , Ukraine, ASN206963 (BREZHNEV-AS, RU), Reverse DNS specialrenthouses.com Software nginx / Resource Hash `0da82e07dc1388168cc46620c4dd7073d5cf7aa6335c626c8d362b73fc476833` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Pragma no-cache Date Tue, 05 Sep 2017 11:24:31 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection keep-alive Expires Thu, 19 Nov 1981 08:52:00 GMT Redirect headers Location https://scotlandmal.com/lml/Office365/auth/ Date Tue, 05 Sep 2017 11:24:31 GMT Server nginx Connection keep-alive Content-Length 251 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	login.min.css scotlandmal.com/lml/Office365/auth/	21 KB 6 KB	88ms 46ms	Stylesheet text/css	94.74.81.14 BREZHNEV-AS
General Check archive.org Show headers Download Go to Full URL https://scotlandmal.com/lml/Office365/auth/login.min.css Requested by Host: scotlandmal.com URL: https://scotlandmal.com/lml/Office365/auth/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.74.81.14 , Ukraine, ASN206963 (BREZHNEV-AS, RU), Reverse DNS specialrenthouses.com Software nginx / Resource Hash `655aaf60de22be3b78c0dfcf5b9e385b8000dc5625f32f8695ac4f1c87d02fce` Request headers Referer https://scotlandmal.com/lml/Office365/auth/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Pragma public Date Tue, 05 Sep 2017 11:24:31 GMT Content-Encoding gzip Last-Modified Sun, 09 Apr 2017 04:53:18 GMT Server nginx ETag W/"58e9be3e-545c" Transfer-Encoding chunked Content-Type text/css Cache-Control max-age=2592000, public, must-revalidate, proxy-revalidate Connection keep-alive Expires Thu, 05 Oct 2017 11:24:31 GMT
GET H/1.1	200 OK	login_hover.min.css scotlandmal.com/lml/Office365/auth/	89 B 89 B	134ms 45ms	Stylesheet text/css	94.74.81.14 BREZHNEV-AS
General Check archive.org Show headers Download Go to Full URL https://scotlandmal.com/lml/Office365/auth/login_hover.min.css Requested by Host: scotlandmal.com URL: https://scotlandmal.com/lml/Office365/auth/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.74.81.14 , Ukraine, ASN206963 (BREZHNEV-AS, RU), Reverse DNS specialrenthouses.com Software nginx / Resource Hash `91c2b74542e11d0278e02715a980b39582eae2e3b519ddd2d4f9ca939e58109c` Request headers Referer https://scotlandmal.com/lml/Office365/auth/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Pragma public Date Tue, 05 Sep 2017 11:24:31 GMT Last-Modified Sun, 09 Apr 2017 04:53:18 GMT Server nginx ETag "58e9be3e-59" Content-Type text/css Cache-Control max-age=2592000, public, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 89 Expires Thu, 05 Oct 2017 11:24:31 GMT
GET H/1.1	200 OK	jquery.1.11.min.js Show response scotlandmal.com/lml/Office365/auth/	108 KB 44 KB	181ms 91ms	Script application/javascript	94.74.81.14 BREZHNEV-AS
General Check archive.org Show headers Download Go to Full URL https://scotlandmal.com/lml/Office365/auth/jquery.1.11.min.js Requested by Host: scotlandmal.com URL: https://scotlandmal.com/lml/Office365/auth/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.74.81.14 , Ukraine, ASN206963 (BREZHNEV-AS, RU), Reverse DNS specialrenthouses.com Software nginx / Resource Hash `d9c500706bcdb6d8e2ba4de1a6ea3d30d87417b79aa26e51fa2b9b9f4ff37e5f` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Referer https://scotlandmal.com/lml/Office365/auth/ Origin https://scotlandmal.com Response headers Pragma public Date Tue, 05 Sep 2017 11:24:31 GMT Content-Encoding gzip Last-Modified Sun, 09 Apr 2017 04:53:18 GMT Server nginx ETag W/"58e9be3e-1ae50" Transfer-Encoding chunked Content-Type application/javascript Cache-Control max-age=2592000, public, must-revalidate, proxy-revalidate Connection keep-alive Expires Thu, 05 Oct 2017 11:24:31 GMT
GET H/1.1	200 OK	aad.login.min.js Show response scotlandmal.com/lml/Office365/auth/	170 KB 50 KB	189ms 97ms	Script application/javascript	94.74.81.14 BREZHNEV-AS
General Check archive.org Show headers Download Go to Full URL https://scotlandmal.com/lml/Office365/auth/aad.login.min.js Requested by Host: scotlandmal.com URL: https://scotlandmal.com/lml/Office365/auth/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.74.81.14 , Ukraine, ASN206963 (BREZHNEV-AS, RU), Reverse DNS specialrenthouses.com Software nginx / Resource Hash `a6de7aaa058017a8b56002f46900270b673c1e21d62eacd1037727c9762fa8af` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Referer https://scotlandmal.com/lml/Office365/auth/ Origin https://scotlandmal.com Response headers Pragma public Date Tue, 05 Sep 2017 11:24:31 GMT Content-Encoding gzip Last-Modified Sun, 09 Apr 2017 04:53:18 GMT Server nginx ETag W/"58e9be3e-2a638" Transfer-Encoding chunked Content-Type application/javascript Cache-Control max-age=2592000, public, must-revalidate, proxy-revalidate Connection keep-alive Expires Thu, 05 Oct 2017 11:24:31 GMT
GET H/1.1	200 OK	heroillustration.png scotlandmal.com/lml/Office365/auth/	199 KB 199 KB	44ms 44ms	Image image/png	94.74.81.14 BREZHNEV-AS
General Check archive.org Show headers Download Go to Show image Full URL https://scotlandmal.com/lml/Office365/auth/heroillustration.png Requested by Host: scotlandmal.com URL: https://scotlandmal.com/lml/Office365/auth/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.74.81.14 , Ukraine, ASN206963 (BREZHNEV-AS, RU), Reverse DNS specialrenthouses.com Software nginx / Resource Hash `7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b` Request headers Referer https://scotlandmal.com/lml/Office365/auth/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Pragma public Date Tue, 05 Sep 2017 11:24:31 GMT Last-Modified Sun, 09 Apr 2017 04:53:18 GMT Server nginx ETag "58e9be3e-31a1e" Content-Type image/png Cache-Control max-age=2592000, public, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 203294 Expires Thu, 05 Oct 2017 11:24:31 GMT
GET H/1.1	200 OK	bannerlogo.png scotlandmal.com/lml/Office365/auth/	4 KB 4 KB	46ms 45ms	Image image/png	94.74.81.14 BREZHNEV-AS
General Check archive.org Show headers Download Go to Show image Full URL https://scotlandmal.com/lml/Office365/auth/bannerlogo.png Requested by Host: scotlandmal.com URL: https://scotlandmal.com/lml/Office365/auth/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.74.81.14 , Ukraine, ASN206963 (BREZHNEV-AS, RU), Reverse DNS specialrenthouses.com Software nginx / Resource Hash `fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603` Request headers Referer https://scotlandmal.com/lml/Office365/auth/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Pragma public Date Tue, 05 Sep 2017 11:24:31 GMT Last-Modified Sun, 09 Apr 2017 04:53:18 GMT Server nginx ETag "58e9be3e-11e9" Content-Type image/png Cache-Control max-age=2592000, public, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 4585 Expires Thu, 05 Oct 2017 11:24:31 GMT
GET H/1.1	404 Not Found	bannerlogo.pn scotlandmal.com/lml/Office365/auth/	349 B 0	48ms 48ms	Image text/html	94.74.81.14 BREZHNEV-AS
General Check archive.org Show headers Download Go to Show image Full URL https://scotlandmal.com/lml/Office365/auth/bannerlogo.pn Requested by Host: scotlandmal.com URL: https://scotlandmal.com/lml/Office365/auth/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.74.81.14 , Ukraine, ASN206963 (BREZHNEV-AS, RU), Reverse DNS specialrenthouses.com Software nginx / Resource Hash `15c2daa072dc0bac25185e2f8c4ef826e7d514d865a934a35fe10d3a342dc822` Request headers Referer https://scotlandmal.com/lml/Office365/auth/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Tue, 05 Sep 2017 11:24:31 GMT Server nginx Connection keep-alive Content-Length 349 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	microsoft_logo.png scotlandmal.com/lml/Office365/auth/	1 KB 1 KB	48ms 47ms	Image image/png	94.74.81.14 BREZHNEV-AS
General Check archive.org Show headers Download Go to Show image Full URL https://scotlandmal.com/lml/Office365/auth/microsoft_logo.png Requested by Host: scotlandmal.com URL: https://scotlandmal.com/lml/Office365/auth/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.74.81.14 , Ukraine, ASN206963 (BREZHNEV-AS, RU), Reverse DNS specialrenthouses.com Software nginx / Resource Hash `988e349f2bf4e87154738c7b2c1fa86618713a8cfa0cef60a046f5add89bd9de` Request headers Referer https://scotlandmal.com/lml/Office365/auth/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Pragma public Date Tue, 05 Sep 2017 11:24:31 GMT Last-Modified Sun, 09 Apr 2017 04:53:18 GMT Server nginx ETag "58e9be3e-410" Content-Type image/png Cache-Control max-age=2592000, public, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 1040 Expires Thu, 05 Oct 2017 11:24:31 GMT
GET H/1.1	200 OK	work_account.png scotlandmal.com/lml/Office365/auth/	1 KB 1 KB	45ms 45ms	Image image/png	94.74.81.14 BREZHNEV-AS
General Check archive.org Show headers Download Go to Show image Full URL https://scotlandmal.com/lml/Office365/auth/work_account.png Requested by Host: scotlandmal.com URL: https://scotlandmal.com/lml/Office365/auth/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.74.81.14 , Ukraine, ASN206963 (BREZHNEV-AS, RU), Reverse DNS specialrenthouses.com Software nginx / Resource Hash `9fc929be7892b2f4498627d22bc1b3990dc380efcfe40fe6c3cac2dea7565c8e` Request headers Referer https://scotlandmal.com/lml/Office365/auth/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Pragma public Date Tue, 05 Sep 2017 11:24:32 GMT Last-Modified Sun, 09 Apr 2017 04:53:18 GMT Server nginx ETag "58e9be3e-5cf" Content-Type image/png Cache-Control max-age=2592000, public, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 1487 Expires Thu, 05 Oct 2017 11:24:32 GMT
GET H/1.1	404 Not Found	use_another_account.png scotlandmal.com/lml/Office365/auth/	359 B 0	49ms 49ms	Image text/html	94.74.81.14 BREZHNEV-AS
General Check archive.org Show headers Download Go to Show image Full URL https://scotlandmal.com/lml/Office365/auth/use_another_account.png Requested by Host: scotlandmal.com URL: https://scotlandmal.com/lml/Office365/auth/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 94.74.81.14 , Ukraine, ASN206963 (BREZHNEV-AS, RU), Reverse DNS specialrenthouses.com Software nginx / Resource Hash `7e3f13824bbf376c144f17851f45af07417cd7bbd1bc707da95affcd37d37451` Request headers Referer https://scotlandmal.com/lml/Office365/auth/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Tue, 05 Sep 2017 11:24:32 GMT Server nginx Connection keep-alive Content-Length 359 Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			scotlandmal.com/	1970-01-01 00:00:00	Name: PHPSESSID Value: re366vq7qugliatmfd0gsgsdh7
			scotlandmal.com/lml/Office365/auth	1970-01-01 00:00:00	Name: testcookie Value: testcookie

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

scotlandmal.com
94.74.81.14
0da82e07dc1388168cc46620c4dd7073d5cf7aa6335c626c8d362b73fc476833
15c2daa072dc0bac25185e2f8c4ef826e7d514d865a934a35fe10d3a342dc822
655aaf60de22be3b78c0dfcf5b9e385b8000dc5625f32f8695ac4f1c87d02fce
7e3f13824bbf376c144f17851f45af07417cd7bbd1bc707da95affcd37d37451
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
91c2b74542e11d0278e02715a980b39582eae2e3b519ddd2d4f9ca939e58109c
988e349f2bf4e87154738c7b2c1fa86618713a8cfa0cef60a046f5add89bd9de
9fc929be7892b2f4498627d22bc1b3990dc380efcfe40fe6c3cac2dea7565c8e
a6de7aaa058017a8b56002f46900270b673c1e21d62eacd1037727c9762fa8af
d9c500706bcdb6d8e2ba4de1a6ea3d30d87417b79aa26e51fa2b9b9f4ff37e5f
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603

scotlandmal.com Open in urlscan Pro 94.74.81.14 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

318 kBTransfer

544 kBSize

2 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

2 Cookies

Indicators

scotlandmal.com Open in urlscan Pro
94.74.81.14 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

318 kB
Transfer

544 kB
Size

2
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!