example-domain-signin.aws.amazon.com.office365tr.com Open in urlscan Pro
2606:4700:3031::6818:66ce Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
Submission: On December 21 via manual (December 21st 2020, 11:29:06 pm UTC) from US

Summary HTTP 9 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 9 HTTP transactions. The main IP is 2606:4700:3031::6818:66ce, located in United States and belongs to CLOUDFLARENET, US. The main domain is example-domain-signin.aws.amazon.com.office365tr.com.

This is the only time example-domain-signin.aws.amazon.com.office365tr.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AWS (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 6	2606:4700:303... 2606:4700:3031::6818:66ce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:3::272 2a04:4e42:3::272	54113 (FASTLY) (FASTLY)
1	151.101.14.110 151.101.14.110	54113 (FASTLY) (FASTLY)
2	185.221.86.34 185.221.86.34	206998 (NEW-2) (NEW-2)
9	5

6 2606:4700:3031::6818:66ce (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

example-domain-signin.aws.amazon.com.office365tr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::272 (Ascension Island)

ASN54113 (FASTLY, US)

m.media-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.221.86.34 (Germany)

ASN206998 (NEW-2, IE)

bam.eu01.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	office365tr.com 1 redirects example-domain-signin.aws.amazon.com.office365tr.com	460 KB
2	nr-data.net bam.eu01.nr-data.net	493 B
1	newrelic.com js-agent.newrelic.com	10 KB
1	media-amazon.com m.media-amazon.com	115 KB
9	4

	Domain	Requested by
6	example-domain-signin.aws.amazon.com.office365tr.com	1 redirects example-domain-signin.aws.amazon.com.office365tr.com
2	bam.eu01.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	example-domain-signin.aws.amazon.com.office365tr.com
1	m.media-amazon.com	example-domain-signin.aws.amazon.com.office365tr.com
9	4

This site contains links to these domains. Also see Links.

Domain
docs.aws.amazon.com

Subject Issuer	Validity	Valid
images-na.ssl-images-amazon.com DigiCert Global CA G2	`2020-09-16` - `2021-09-21`	a year	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-12-17` - `2021-05-07`	5 months	crt.sh
*.eu01.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-04` - `2022-02-08`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904
Frame ID: 3524737E0A3EBC3AC8144597B7817B65
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 50%
Detected patterns

html /<input[^>]+name="__VIEWSTATE/i

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<input[^>]+name="__VIEWSTATE/i

IIS (Web Servers) Expand

Overall confidence: 50%
Detected patterns

html /<input[^>]+name="__VIEWSTATE/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

9
Requests

44 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

585 kB
Transfer

1509 kB
Size

2
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_u2f.html?icmpid=docs_iam_console
Title: Learn more

Search URL Search Domain Scan URL

URL: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_u2f_supported_configurations.html?icmpid=docs_iam_console
Title: See the list of compatible browsers

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

http://example-domain-signin.aws.amazon.com.office365tr.com/metrics/pageload HTTP 302
http://example-domain-signin.aws.amazon.com.office365tr.com/CustomErrors/404.html

9 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response example-domain-signin.aws.amazon.com.office365tr.com/	646 KB 366 KB	365ms 358ms	Document text/html	2606:4700:3031::6818:66ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904 Protocol HTTP/1.1 Server 2606:4700:3031::6818:66ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4f8aa96e6af047d7a56886f490e7a3e346723e83d18695ad21ad7ef123ebdbe1` Request headers Host example-domain-signin.aws.amazon.com.office365tr.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 21 Dec 2020 23:28:50 GMT Content-Type text/html; charset=utf-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie __cfduid=dfc95f8acadecb1b0de89916f29113f2a1608593330; expires=Wed, 20-Jan-21 23:28:50 GMT; path=/; domain=.office365tr.com; HttpOnly; SameSite=Lax ASP.NET_SessionId=r0t0tcyrvpobdel3wv1yymd2; path=/; HttpOnly; SameSite=Lax Cache-Control private X-AspNet-Version 4.0.30319 Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept X-UA-Compatible IE=edge CF-Cache-Status DYNAMIC cf-request-id 07293b68a100004a67c93af000000001 Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fuy8COU9ybmB3DUkozdhKMlnA6USycSQ0m8NpZ0LVEcUsC7cTYMJ1ZLMmuod0lxIqswtiafL2hDKEJi4EJfEC13P60oQ9JB6nqbVxsQE9K7dzPvI45fE7yt3owFEpXG84ha%2BH5vyax10jwNdN9yETlcL7tfbKas%2Fmiz%2BzHNA99%2BT"}],"group":"cf-nel","max_age":604800} NEL {"report_to":"cf-nel","max_age":604800} Server cloudflare CF-RAY 605561ba98f14a67-FRA Content-Encoding gzip
GET H2	200	fwcim._CB454428048_.js Show response m.media-amazon.com/images/G/01/x-locale/common/login/	406 KB 115 KB	21ms 6ms	Script application/x-javascript	2a04:4e42:3::272 FASTLY
General Check archive.org Show headers Download Go to Full URL https://m.media-amazon.com/images/G/01/x-locale/common/login/fwcim._CB454428048_.js Requested by Host: example-domain-signin.aws.amazon.com.office365tr.com URL: http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:3::272 , Ascension Island, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash `b2cc97c937b2669ac42786fb13c686bf7f24222ad042f0cee1764024d251c4d4` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 21 Dec 2020 23:28:50 GMT content-encoding gzip last-modified Wed, 13 Feb 2019 17:16:46 GMT age 23442099 vary Accept-Encoding x-cache HIT from fastly, HIT from fastly content-type application/x-javascript access-control-allow-origin * expires Tue, 13 Mar 2040 02:09:05 GMT cache-control max-age=630720000,public x-amz-ir-id c37ea5ef-8afb-4556-9556-e1719c6a19b1 accept-ranges bytes timing-allow-origin https://www.amazon.com content-length 117246 x-served-by cache-dca17745-DCA, cache-fra19135-FRA
GET H/1.1	200 OK	jquery-3.0.0.js Show response example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/	364 KB 82 KB	19ms 18ms	Script application/javascript	2606:4700:3031::6818:66ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-3.0.0.js Requested by Host: example-domain-signin.aws.amazon.com.office365tr.com URL: http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904 Protocol HTTP/1.1 Server 2606:4700:3031::6818:66ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b9065e2a0e1ebbb88f32a1a2b859446cdfa4d7886bf009e0f3e3ff475ae16b98` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 21 Dec 2020 23:28:50 GMT Content-Encoding gzip CF-Cache-Status HIT NEL {"report_to":"cf-nel","max_age":604800} Age 1586 Transfer-Encoding chunked Connection keep-alive cf-request-id 07293b6a6800004a67208e2000000001 X-UA-Compatible IE=edge Last-Modified Sat, 12 Sep 2020 12:24:41 GMT Server cloudflare ETag W/"cc6f8db0ff88d61:0" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fi%2BEu%2FESy9edbW3sGVT3J5g3sypWDLKA2KTu0tELCBmV1gqd%2BLnKYVvIlVjAZ3X3J45zEDqEsGTj1Ng12cAmQbQMdR8k%2Bi6fqMhLsfcfB4Y1amTY0JWnWMF7CAvjVmaIWCJnm4k%2FCxtVuSCGxty26ExmM3VDC4trewDkXvgbF1kI"}],"group":"cf-nel","max_age":604800} Content-Type application/javascript Cache-Control max-age=14400 CF-RAY 605561bd7e394a67-FRA Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept
GET H/1.1	200 OK	jquery-migrate-3.3.1.js Show response example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/	30 KB 9 KB	26ms 21ms	Script application/javascript	2606:4700:3031::6818:66ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-migrate-3.3.1.js Requested by Host: example-domain-signin.aws.amazon.com.office365tr.com URL: http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904 Protocol HTTP/1.1 Server 2606:4700:3031::6818:66ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `127308bdd96abc9b5ccfcb6d55f2bebbbf617bfa619b63c03715d781421b1b22` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 21 Dec 2020 23:28:50 GMT Content-Encoding gzip CF-Cache-Status HIT NEL {"report_to":"cf-nel","max_age":604800} Age 1586 Transfer-Encoding chunked Connection keep-alive cf-request-id 07293b6a6d0000bf0aa11ee000000001 X-UA-Compatible IE=edge Last-Modified Sat, 12 Sep 2020 12:24:41 GMT Server cloudflare ETag W/"feb8eb0ff88d61:0" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YmVKNDF4Fn3A6MFe7YYElHXw8ZkVW%2FqhSGPsl5eL8FiAN9AD9b35MWzaYy%2FWt%2BaGa1Fosfb0eIyeQUlEaacBxJuWOgQPU0Iu95jPFWXBRuiiLrPbaSIX8WRHuLW%2F1QXFdcWl6bx6cip%2Fb0MyP85%2FbxCrq6ylUG9TNSJhY2P8XyBV"}],"group":"cf-nel","max_age":604800} Content-Type application/javascript Cache-Control max-age=14400 CF-RAY 605561bd7e53bf0a-FRA Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept
GET DATA	200 OK	truncated /	32 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `50e56bd81afcef466f4155d50c7225da52d1f0594357c32a13762afa69947b73` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8d82b1e7faa7f2cdecd63fbe12c5a878d88a70bf383a552c1e66f03d2b795f38` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/png
POST H/1.1	200 OK	TURL Show response example-domain-signin.aws.amazon.com.office365tr.com/ContentShow.aspx/	119 B 939 B	55ms 54ms	XHR application/json	2606:4700:3031::6818:66ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://example-domain-signin.aws.amazon.com.office365tr.com/ContentShow.aspx/TURL Requested by Host: example-domain-signin.aws.amazon.com.office365tr.com URL: http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-3.0.0.js Protocol HTTP/1.1 Server 2606:4700:3031::6818:66ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1a160758e9a57ab961d25490a598656bcfa7b18d519b7a6892b89483fd32411a` Request headers Accept application/json, text/javascript, /; q=0.01 Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904 X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type application/json; charset=UTF-8 Response headers Date Mon, 21 Dec 2020 23:28:50 GMT Content-Encoding gzip CF-Cache-Status DYNAMIC NEL {"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mONbasnLbI4TM%2FkR1OIoZQK%2F2PAn1hlohQO3qboFz2l3nphe8Pd9f9s%2BZncFRxd%2BFQaksT%2BGkMiCjqAg%2FTjvff%2FJKB8Dne3Mybigkdxny7gu0J%2FL%2Fez2Ik7FRmCdrftLs5yMz2KA3GpwJInqsncj4otoydIDEcnGceQOX8n9rR7l"}],"group":"cf-nel","max_age":604800} Content-Type application/json; charset=utf-8 Cache-Control private, max-age=0 Connection keep-alive CF-RAY 605561be1f834a67-FRA Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept cf-request-id 07293b6aca00004a67ce2b8000000001 X-UA-Compatible IE=edge
GET DATA	200 OK	truncated /	226 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e89be6bba4cc671c3fe91a5b721d263f88c1e3d1e1bbcccbb035fd7b524f6aa7` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf8
GET H2	200	nr-1184.min.js Show response js-agent.newrelic.com/	27 KB 10 KB	27ms 26ms	Script application/javascript	151.101.14.110 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js-agent.newrelic.com/nr-1184.min.js Requested by Host: example-domain-signin.aws.amazon.com.office365tr.com URL: http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.14.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash `780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 21 Dec 2020 23:28:50 GMT content-encoding gzip x-amz-request-id DCAF92F89A2CA027 x-cache HIT content-length 10624 x-amz-id-2 TRHerhVqdOKsza8E2v00gPT2CAbWzfpInLOFmUaGEwIXQEnp+g+VCzJEiqRyaVzOv5v636FnSaM= x-served-by cache-fra19145-FRA last-modified Mon, 28 Sep 2020 16:34:45 GMT server AmazonS3 x-timer S1608593331.908141,VS0,VE0 etag "3d7f312be60d08a2568e311e4762f3af" vary Accept-Encoding content-type application/javascript via 1.1 varnish cache-control public, max-age=7200, stale-if-error=604800 accept-ranges bytes x-cache-hits 6706
GET H/1.1	200 OK	404.html Show response example-domain-signin.aws.amazon.com.office365tr.com/CustomErrors/ Redirect Chain http://example-domain-signin.aws.amazon.com.office365tr.com/metrics/pageload http://example-domain-signin.aws.amazon.com.office365tr.com/CustomErrors/404.html	1 KB 1 KB	52ms 51ms	XHR text/html	2606:4700:3031::6818:66ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://example-domain-signin.aws.amazon.com.office365tr.com/CustomErrors/404.html Protocol HTTP/1.1 Server 2606:4700:3031::6818:66ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d0ffc65048158a9d94bf3990f5bdaa67e3ce6ec6783c9110f8295ddd1783fa76` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 21 Dec 2020 23:28:50 GMT Content-Encoding gzip CF-Cache-Status DYNAMIC Last-Modified Sat, 12 Sep 2020 12:24:52 GMT Server cloudflare Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VDqsIIErDU4zspoPTJBGjHYMsZ47wK5tTp%2B%2Br1xT1%2BFgXUvkchFYkO4pLYo%2BHZBcrPLaZr47cBxf9nXkxgNWoZuPwVr9%2B5En70v52r%2BZIxqL5qKzAkBx5rEKwXBLGjcCIIwQ9tvpNbqqCkB7IGGBtkKrXc8cTEBbk2QeUcQ6tTuJ"}],"group":"cf-nel","max_age":604800} Content-Type text/html NEL {"report_to":"cf-nel","max_age":604800} Connection keep-alive CF-RAY 605561be6e79bf0a-FRA Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept cf-request-id 07293b6b020000bf0a989c1000000001 X-UA-Compatible IE=edge Redirect headers Date Mon, 21 Dec 2020 23:28:50 GMT CF-Cache-Status DYNAMIC NEL {"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=J0CLsTN1n8n6rKlEGIztBlT4o3MO%2BvHPFen9IPm7jc5YVvXB77PTlie%2FoPNYTOeFvwA0bn4LwDcoaJrFk%2BKg%2FFURd7akR1hCmAHW5hxlECjNneVvbSzZkz4DagUtmLOZYdegaxroFT8IarDsah%2BS5J8JNqxQykFpTOXfIyOnf%2F4%2F"}],"group":"cf-nel","max_age":604800} Content-Type text/html; charset=UTF-8 Location http://example-domain-signin.aws.amazon.com.office365tr.com/CustomErrors/404.html Connection keep-alive CF-RAY 605561be1e6cbf0a-FRA Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept cf-request-id 07293b6ad20000bf0a770f5000000001 X-UA-Compatible IE=edge
GET H/1.1	200 OK	fa229cc1a3 Show response bam.eu01.nr-data.net/1/	57 B 275 B	104ms 26ms	Script text/javascript	185.221.86.34 NEW-2
General Check archive.org Show headers Download Go to Full URL https://bam.eu01.nr-data.net/1/fa229cc1a3?a=606863&v=1184.ab39b52&to=MhBSZQoZVkJXAERRDgtacWIoV1teWBdVVhUWHV9GVhlLQU4%3D&rst=605&ck=1&ref=http://example-domain-signin.aws.amazon.com.office365tr.com/&ap=289&be=371&fe=567&dc=560&perf=%7B%22timing%22:%7B%22of%22:1608593330329,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:1,%22c%22:1,%22ce%22:7,%22rq%22:7,%22rp%22:365,%22rpe%22:460,%22dl%22:367,%22di%22:559,%22ds%22:560,%22de%22:566,%22dc%22:567,%22l%22:567,%22le%22:568%7D,%22navigation%22:%7B%7D%7D&fp=548&fcp=548&jsonp=NREUM.setToken Requested by Host: js-agent.newrelic.com URL: https://js-agent.newrelic.com/nr-1184.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.221.86.34 , Germany, ASN206998 (NEW-2, IE), Reverse DNS Software / Resource Hash `d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Expires Thu, 01 Jan 1970 00:00:00 GMT Content-Length 57 Content-Type text/javascript;charset=ISO-8859-1
POST H/1.1	200 OK	fa229cc1a3 Show response bam.eu01.nr-data.net/events/1/	24 B 218 B	26ms 25ms	XHR image/gif	185.221.86.34 NEW-2
General Check archive.org Show headers Download Go to Full URL https://bam.eu01.nr-data.net/events/1/fa229cc1a3?a=606863&v=1184.ab39b52&to=MhBSZQoZVkJXAERRDgtacWIoV1teWBdVVhUWHV9GVhlLQU4%3D&rst=10617&ck=1&ref=http://example-domain-signin.aws.amazon.com.office365tr.com/ Requested by Host: js-agent.newrelic.com URL: https://js-agent.newrelic.com/nr-1184.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.221.86.34 , Germany, ASN206998 (NEW-2, IE), Reverse DNS Software / Resource Hash `0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300` Request headers Referer http://example-domain-signin.aws.amazon.com.office365tr.com/?iid=94df5f8a-bf83-4a64-8093-0d28f6129904 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 content-type text/plain Response headers Access-Control-Allow-Origin http://example-domain-signin.aws.amazon.com.office365tr.com Access-Control-Allow-Credentials true Content-Length 24 Content-Type image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AWS (Online)

172 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			example-domain-signin.aws.amazon.com.office365tr.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: r0t0tcyrvpobdel3wv1yymd2
			.office365tr.com/	1970-01-19 15:33:05	Name: __cfduid Value: dfc95f8acadecb1b0de89916f29113f2a1608593330

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-migrate-3.3.1.js(Line 69) Message: JQMIGRATE: Migrate is installed with logging active, version 3.3.1
console-api	warning	URL: http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-migrate-3.3.1.js(Line 100) Message: JQMIGRATE: jQuery.fn.keypress() event shorthand is deprecated
console-api	log	URL: http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-migrate-3.3.1.js(Line 102) Message: console.trace
console-api	warning	URL: http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-migrate-3.3.1.js(Line 100) Message: JQMIGRATE: jQuery.fn.click() event shorthand is deprecated
console-api	log	URL: http://example-domain-signin.aws.amazon.com.office365tr.com/Assets/js/jquery-migrate-3.3.1.js(Line 102) Message: console.trace

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam.eu01.nr-data.net
example-domain-signin.aws.amazon.com.office365tr.com
js-agent.newrelic.com
m.media-amazon.com
151.101.14.110
185.221.86.34
2606:4700:3031::6818:66ce
2a04:4e42:3::272
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
127308bdd96abc9b5ccfcb6d55f2bebbbf617bfa619b63c03715d781421b1b22
1a160758e9a57ab961d25490a598656bcfa7b18d519b7a6892b89483fd32411a
4f8aa96e6af047d7a56886f490e7a3e346723e83d18695ad21ad7ef123ebdbe1
50e56bd81afcef466f4155d50c7225da52d1f0594357c32a13762afa69947b73
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77
8d82b1e7faa7f2cdecd63fbe12c5a878d88a70bf383a552c1e66f03d2b795f38
b2cc97c937b2669ac42786fb13c686bf7f24222ad042f0cee1764024d251c4d4
b9065e2a0e1ebbb88f32a1a2b859446cdfa4d7886bf009e0f3e3ff475ae16b98
d0ffc65048158a9d94bf3990f5bdaa67e3ce6ec6783c9110f8295ddd1783fa76
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1
e89be6bba4cc671c3fe91a5b721d263f88c1e3d1e1bbcccbb035fd7b524f6aa7

example-domain-signin.aws.amazon.com.office365tr.com Open in urlscan Pro 2606:4700:3031::6818:66ce Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

44 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

5 IPs

3 Countries

585 kBTransfer

1509 kBSize

2 Cookies

2 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

172 JavaScript Global Variables

2 Cookies

5 Console Messages

Indicators

example-domain-signin.aws.amazon.com.office365tr.com Open in urlscan Pro
2606:4700:3031::6818:66ce Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

44 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

585 kB
Transfer

1509 kB
Size

2
Cookies

9 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!