fitfzamotion.com
Open in
urlscan Pro
185.27.132.34
Malicious Activity!
Public Scan
Submitted URL: http://r20.rs6.net/tn.jsp?f=001gm7PSsmrCVnfWUXcZTJsVD8e4Ajb2Xjp5fpPBikG1w9Ej24ShV6Ha-V2HwunqhfS5slRGQTULOUviLdlLm_r...
Effective URL: https://fitfzamotion.com/office/
Submission: On April 29 via manual from EU
Effective URL: https://fitfzamotion.com/office/
Submission: On April 29 via manual from EU
Summary
This website contacted 2 IPs
in 4 countries
across 5 domains to perform 10 HTTP transactions.
The main IP is 185.27.132.34, located in
United Kingdom and
belongs to WILDCARD-AS Wildcard UK Limited, GB.
The main domain is fitfzamotion.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 29th 2019. Valid for: 3 months.
This is the only time fitfzamotion.com was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on April 29th 2019. Valid for: 3 months.
This is the only time fitfzamotion.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 208.75.122.11 208.75.122.11 | 40444 (ASN-CC) (ASN-CC - Constant Contact) | |
| 1 1 | 184.31.82.34 184.31.82.34 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 1 | 143.95.237.92 143.95.237.92 | 62729 (ASMALLORA...) (ASMALLORANGE1 - A Small Orange LLC) | |
| 9 | 185.27.132.34 185.27.132.34 | 34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited) | |
| 1 | 2a02:26f0:6c0... 2a02:26f0:6c00:283::35c1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 10 | 2 |
1
208.75.122.11
(Waltham, United States)
ASN40444 (ASN-CC - Constant Contact, Inc, US)
PTR: rs6.net
ASN40444 (ASN-CC - Constant Contact, Inc, US)
PTR: rs6.net
| r20.rs6.net |
1
184.31.82.34
(Amsterdam, Netherlands)
ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-82-34.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-82-34.deploy.static.akamaitechnologies.com
| vopolyt.us20.list-manage.com |
1
143.95.237.92
(Los Angeles, United States)
ASN62729 (ASMALLORANGE1 - A Small Orange LLC, US)
PTR: ip-143-95-237-92.iplocal
ASN62729 (ASMALLORANGE1 - A Small Orange LLC, US)
PTR: ip-143-95-237-92.iplocal
| pauymnr.com |
9
185.27.132.34
(United Kingdom)
ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
PTR: sv2.hosting-server-1022.com
ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
PTR: sv2.hosting-server-1022.com
| fitfzamotion.com |
1
2a02:26f0:6c00:283::35c1
(European Union)
ASN20940 (AKAMAI-ASN1, US)
ASN20940 (AKAMAI-ASN1, US)
| secure.aadcdn.microsoftonline-p.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 9 |
fitfzamotion.com
fitfzamotion.com |
284 KB |
| 1 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com |
199 KB |
| 1 |
pauymnr.com
1 redirects
pauymnr.com |
367 B |
| 1 |
list-manage.com
1 redirects
vopolyt.us20.list-manage.com |
301 B |
| 1 |
rs6.net
1 redirects
r20.rs6.net |
421 B |
| 10 | 5 |
| Domain | Requested by | |
|---|---|---|
| 9 | fitfzamotion.com |
fitfzamotion.com
|
| 1 | secure.aadcdn.microsoftonline-p.com |
fitfzamotion.com
|
| 1 | pauymnr.com | 1 redirects |
| 1 | vopolyt.us20.list-manage.com | 1 redirects |
| 1 | r20.rs6.net | 1 redirects |
| 10 | 5 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| login.microsoftonline.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| fitfzamotion.com Let's Encrypt Authority X3 |
2019-04-29 - 2019-07-28 |
3 months | crt.sh |
| secure.aadcdn.microsoftonline-p.com Microsoft IT TLS CA 1 |
2017-08-15 - 2019-08-15 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://fitfzamotion.com/office/
Frame ID: B36C950B0110A710C79B879BC6AA572A
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://r20.rs6.net/tn.jsp?f=001gm7PSsmrCVnfWUXcZTJsVD8e4Ajb2Xjp5fpPBikG1w9Ej24ShV6Ha-V2HwunqhfS...
HTTP 302
https://vopolyt.us20.list-manage.com/track/click?u=c3449644b4e8e795a87448e54&id=c3aabde3f7&e=f89c761a92 HTTP 302
http://pauymnr.com/index.php/recommends/jkxx/ HTTP 301
https://fitfzamotion.com/office/ Page URL
Detected technologies
Nginx
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
URL: https://login.microsoftonline.com/resetpw.srf?lc=1033&id=10
Title: Can’t access your account?
Title: Can’t access your account?
Search URL Search Domain Scan URL
URL: http://login.microsoftonline.com/gls.srf?urlID=WLFeedback&mkt=EN-US&vv=2020
Title: Feedback
Title: Feedback
Search URL Search Domain Scan URL
URL: http://login.microsoftonline.com/gls.srf?urlID=Legal&mkt=EN-US&vv=2020
Title: Legal
Title: Legal
Search URL Search Domain Scan URL
URL: http://login.microsoftonline.com/gls.srf?urlID=WinLivePrivacyStatement&mkt=EN-US&vv=2020
Title: Privacy
Title: Privacy
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://r20.rs6.net/tn.jsp?f=001gm7PSsmrCVnfWUXcZTJsVD8e4Ajb2Xjp5fpPBikG1w9Ej24ShV6Ha-V2HwunqhfS5slRGQTULOUviLdlLm_rTENdJAHvsX5U6j1ta_tncjlR5RhGgcs2iaGEdtTqBSxM24wX_59JeTGMPgHrw_812Qf-sGY7L3pBXPxyAHyUqkJ7ljvF_5LWgLHH6E0lQ6Yo1hoC7Wube8_pW5j9_pZSFx5rBWxJnbL_z2pjXbAUMHQdh8OCsxXIdJYnYkdnBvaeER6V8uzKiRY=&c=OqF2jDvwCNpMsGeK7JPED6ex8nnrn5WAg4V_30v-gJ7mNmm4khBFCQ==&ch=fhme_hmlmc_kxDk3LHd2FkqEJ315vxrjnkQVakSzfdl0qWGms2nEvg==
HTTP 302
https://vopolyt.us20.list-manage.com/track/click?u=c3449644b4e8e795a87448e54&id=c3aabde3f7&e=f89c761a92 HTTP 302
http://pauymnr.com/index.php/recommends/jkxx/ HTTP 301
https://fitfzamotion.com/office/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
fitfzamotion.com/office/ Redirect Chain
|
11 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login.ltr.css
fitfzamotion.com/office/storage/ |
27 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-1.11.2.min.js.indir
fitfzamotion.com/office/storage/ |
94 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-migrate-1.2.1.min.js.indir
fitfzamotion.com/office/storage/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
aad.login.js.indir
fitfzamotion.com/office/storage/ |
126 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.easing.1.3.js.indir
fitfzamotion.com/office/storage/ |
9 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
illustration.jpg
fitfzamotion.com/office/storage/ |
199 KB 199 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.png
fitfzamotion.com/office/storage/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
AD_Glyph_Footer_30x30.png
fitfzamotion.com/office/storage/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
illustration.jpg
secure.aadcdn.microsoftonline-p.com/aadbranding/1.0.1/aadlogin/Office365/ |
199 KB 199 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)38 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery object| ErrorCodes object| Constants object| Context object| Background object| Logo object| Instrument object| User object| tenant_info function| pageOnReady object| Util object| PostType object| LoginOption object| Post function| origHide function| origShow function| origAddClass function| origRemoveClass object| Support object| users object| Tiles object| HIP object| EmailDiscovery object| ProofUp object| StrongAuthCheck object| ThirdPartyCookieStates object| TenantBranding object| MSLogin object| jQuery111205378910767334881 object| HIP_MODE object| MSStrongAuth object| MSLogout object| body string| alt_background_image0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fitfzamotion.com
pauymnr.com
r20.rs6.net
secure.aadcdn.microsoftonline-p.com
vopolyt.us20.list-manage.com
143.95.237.92
184.31.82.34
185.27.132.34
208.75.122.11
2a02:26f0:6c00:283::35c1
0764cd74693cbf231ec1841cea80d3308cb39892dacdf906044ad6c0622cada2
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
8d056d74128b3e0521092f17a780dce77d6c05a9ff53e225029addecf3665f0b
a271a3f9e3cae897ced669d6652699e947928ef095e56384c4f9dd04bbb942ec
b3c4fd39a0c96930c595c60d3bd41ed0fb032380017fb367db5e7c4c9cf0bf52
c4d24f6b27cc7ceea56fbec786bb1f486fdad9a1f998f760f76d1f44671e105c
e9f76a23a17184eec1ee54b5fa9d25ae90439b9f8edf31391ee19332010fb698
f902d8b3484872d0bb6fdb71084823e6363905e3f0ebaeeafa6cb373acd28350
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603