alotofblue.com
Open in
urlscan Pro
65.23.154.99
Malicious Activity!
Public Scan
URL:
http://alotofblue.com/Share_doc-file/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C1516451729...
Submission: On January 24 via automatic, source openphish
Submission: On January 24 via automatic, source openphish
Summary
This website contacted 3 IPs
in 2 countries
across 3 domains to perform 28 HTTP transactions.
The main IP is 65.23.154.99, located in
Hudson, United States and
belongs to IO-DATA-CENTERS - IO Capital Princess, LLC, US.
The main domain is alotofblue.com.
This is the only time alotofblue.com was scanned on urlscan.io!
This is the only time alotofblue.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 26 | 65.23.154.99 65.23.154.99 | 12025 (IO-DATA-C...) (IO-DATA-CENTERS - IO Capital Princess) | |
| 2 | 2a02:26f0:6c0... 2a02:26f0:6c00:29f::34ef | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 | 192.0.77.48 192.0.77.48 | 2635 (AUTOMATTIC) (AUTOMATTIC - Automattic) | |
| 28 | 3 |
26
65.23.154.99
(Hudson, United States)
ASN12025 (IO-DATA-CENTERS - IO Capital Princess, LLC, US)
PTR: cpanel-2501-25.datarealm.com
ASN12025 (IO-DATA-CENTERS - IO Capital Princess, LLC, US)
PTR: cpanel-2501-25.datarealm.com
| alotofblue.com | |
| www.alotofblue.com |
1
192.0.77.48
(San Francisco, United States)
ASN2635 (AUTOMATTIC - Automattic, Inc, US)
PTR: s.w.org
ASN2635 (AUTOMATTIC - Automattic, Inc, US)
PTR: s.w.org
| s.w.org |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 26 |
alotofblue.com
1 redirects
alotofblue.com www.alotofblue.com |
682 KB |
| 2 |
gfx.ms
auth.gfx.ms |
293 KB |
| 1 |
w.org
s.w.org |
524 B |
| 28 | 3 |
| Domain | Requested by | |
|---|---|---|
| 21 | www.alotofblue.com |
alotofblue.com
www.alotofblue.com |
| 5 | alotofblue.com |
1 redirects
alotofblue.com
|
| 2 | auth.gfx.ms |
alotofblue.com
|
| 1 | s.w.org |
www.alotofblue.com
|
| 28 | 4 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| account.live.com |
| login.live.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| msagfx.live.com Microsoft IT TLS CA 4 |
2017-07-27 - 2019-07-17 |
2 years | crt.sh |
| *.w.org Go Daddy Secure Certificate Authority - G2 |
2016-11-29 - 2019-12-29 |
3 years | crt.sh |
This page contains 2 frames:
Primary Page:
http://alotofblue.com/Share_doc-file/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Frame ID: 05240457048E3856ACADA50D310B0AB2
Requests: 6 HTTP requests in this frame
Frame:
http://www.alotofblue.com/Share_doc-file/files/prefetch.html
Frame ID: 5FAB37E709CAA059BF0E6F73E7037179
Requests: 22 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3fwa%3dwsignin1.0%26rpsnv%3d13%26ct%3d1493260925%26rver%3d6.7.6640.0%26wp%3dMBI_SSL%26wreply%3dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%26id%3d292841%26CBCXT%3dout%26fl%3dwld%26cobrandid%3d90015%26uaid%3da8d60e23f71e4b599fedbd2dd6b98946%26pid%3d0%26contextid%3d0EE9DFF844DE79AF%26bk%3d1500403644&id=292841&uiflavor=web&cobrandid=90015&uaid=a8d60e23f71e4b599fedbd2dd6b98946&mkt=EN-US&lc=1033&bk=1500403644
Title: Forgot my password
Title: Forgot my password
Search URL Search Domain Scan URL
URL: https://login.live.com/logout.srf?wa=wsignin1.0&rpsnv=13&ct=1493260925&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1&id=292841&CBCXT=out&fl=wld&cobrandid=90015&uaid=a8d60e23f71e4b599fedbd2dd6b98946&pid=0&contextid=0EE9DFF844DE79AF&ru=https://outlook.live.com/owa/%3fnlp%3d1&bk=1500403644&lm=I
Title: Sign in with a different Microsoft account
Title: Sign in with a different Microsoft account
Search URL Search Domain Scan URL
URL: https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&mkt=EN-US&vv=1600
Title: Terms of Use
Title: Terms of Use
Search URL Search Domain Scan URL
URL: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=EN-US&vv=1600
Title: Privacy & Cookies
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- http://alotofblue.com/Share_doc-file/files/prefetch.html HTTP 301
- http://www.alotofblue.com/Share_doc-file/files/prefetch.html
28 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
verificationAttempt.php
alotofblue.com/Share_doc-file/ |
19 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Converged1033.css
alotofblue.com/Share_doc-file/files/ |
85 KB 85 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
microsoft_logo.svg
alotofblue.com/Share_doc-file/files/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
picker_account_msa.svg
alotofblue.com/Share_doc-file/files/ |
379 B 624 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
0-small.jpg
auth.gfx.ms/16.000.27457.4/images/Backgrounds/ |
1 KB 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
0.jpg
auth.gfx.ms/16.000.27457.4/images/Backgrounds/ |
291 KB 291 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
prefetch.html
www.alotofblue.com/Share_doc-file/files/ Frame 5FAB Redirect Chain
|
12 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.css
www.alotofblue.com/wp-content/themes/twentyeleven/ Frame 5FAB |
113 KB 114 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
styles.css
www.alotofblue.com/wp-content/plugins/contact-form-7/includes/css/ Frame 5FAB |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mediaelementplayer.min.css
www.alotofblue.com/wp-content/plugins/media-element-html5-video-and-audio-player/mediaelement/v4/ Frame 5FAB |
11 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mediaelementplayer-legacy.min.css
www.alotofblue.com/wp-content/plugins/media-element-html5-video-and-audio-player/mediaelement/v4/ Frame 5FAB |
11 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.js
www.alotofblue.com/wp-includes/js/jquery/ Frame 5FAB |
95 KB 95 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-migrate.min.js
www.alotofblue.com/wp-includes/js/jquery/ Frame 5FAB |
10 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
gigpress.js
www.alotofblue.com/wp-content/plugins/gigpress/scripts/ Frame 5FAB |
476 B 731 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mediaelement-and-player.min.js
www.alotofblue.com/wp-content/plugins/media-element-html5-video-and-audio-player/mediaelement/v4/ Frame 5FAB |
154 KB 155 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
gigpress.css
www.alotofblue.com/wp-content/plugins/gigpress/css/ Frame 5FAB |
6 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
scripts.js
www.alotofblue.com/wp-content/plugins/contact-form-7/includes/js/ Frame 5FAB |
14 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wp-embed.min.js
www.alotofblue.com/wp-includes/js/ Frame 5FAB |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wp-emoji-release.min.js
www.alotofblue.com/wp-includes/js/ Frame 5FAB |
12 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg_medicine_bottle.jpg
www.alotofblue.com/wp-content/uploads/2013/04/ Frame 5FAB |
113 KB 113 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.png
www.alotofblue.com/wp-content/uploads/2012/02/ Frame 5FAB |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
itune1.png
www.alotofblue.com/wp-content/uploads/2012/03/ Frame 5FAB |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
facebook1.png
www.alotofblue.com/wp-content/uploads/2012/03/ Frame 5FAB |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
twitter-21.png
www.alotofblue.com/wp-content/uploads/2012/03/ Frame 5FAB |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
myspace1.png
www.alotofblue.com/wp-content/uploads/2012/03/ Frame 5FAB |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
instagram.png
www.alotofblue.com/wp-content/uploads/2012/03/ Frame 5FAB |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
youtube1.png
www.alotofblue.com/wp-content/uploads/2012/03/ Frame 5FAB |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1f642.svg
s.w.org/images/core/emoji/11/svg/ Frame 5FAB |
525 B 524 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| empty0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
alotofblue.com
auth.gfx.ms
s.w.org
www.alotofblue.com
192.0.77.48
2a02:26f0:6c00:29f::34ef
65.23.154.99
02df80c07f6d6896c7b4974f1b00d69c920e71b2683101ef044129d79920faca
0466734b731acb2709928a14d088981cb6ac5f0866c90236325a7f803ed80e56
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0df34b37d2d23a2a5056ac368248444c36789c9f71b7e15c13e056b722f335ff
1c18367a4c47e705f6c94762f8ecacb8c99882cf18d78de4753900ab990f9dc7
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
2abe34835f5555333edccab5786c3fb72eb1755110f38d2fdb2c0ae7ed4db6ed
34d8da073f47030ee94b99d84fbe68e3345bd8aaa37ea909ff2da00238447486
40e5bda35db1532954f46c94f332db149e1a8d5c9de17510f4f91302c5ab4dcc
45199ed5ad30b45913fd589f9a9a0362a2c5df08072486c1c72953b0fb7a1f6e
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214
64dfe040b3ce5f831618b18b4acaa098479c872cd18848e3fec697ee2230f625
6850972b2fe8391872c812f32fe5b2a25457dce12bc0932e4fb3bd63b9a06ba7
68faf37f67590f6b973d2c1c07f0fa4c27529616725ca62d34d5cacd6794d558
6b749426f3a3be59afcaa156ca882257f1b2396523cac364239ae907fe48215b
6f609918f58fa05cd1195ce7b7380d3606fde7427eb415f5705a1155df1439a6
7b35ef55aa018c7f9c99b9ad766edab264126dfc39a104d91d398d2b19bb743d
8e2d5b7c96931a7cac72873b2f3715f72349cb9bc6289d1facedca268d686864
943c44a0f3dc1aba84f5fbe8465baadbb90af66cd7be9f37ca07a39260357ad2
946579c3716774ca7cf2bae99072853f5a39e8e1f67c43e90ddb9e0538297b31
a559ba07f12aeda335ca811bb96b6f57b555815a835fe5f86ad6e7f166190e6d
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
c0a92fec1b61d6d41d2ca39ef20815f94743de02bbc5df73cd99f561f60d34fe
c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b
d2458b9fd9089fdcb9de317093e004ef3a65597dc68b9adfdeb15a7c9968d0d5
e1ac9d8c1e3c9f8b2745d67f126ad1e50de16c084326de37d40f589bc1a8be6c
fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e