urlscan.io logo urlscan.io
SecurityTrails logo

misk982ijwev.blob.core.windows.net Open in urlscan Pro
52.239.246.4  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://redirect.viglink.com/?u=https%3A%2F%2Fwww.academiapatorodriguez.cl%2Fksli%2Fwordpress%2Fi9si37michael.marter%23michae...
Effective URL: https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-0...
Submission: On November 12 via manual from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 5 domains to perform 14 HTTP transactions. The main IP is 52.239.246.4, located in Washington, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is misk982ijwev.blob.core.windows.net.
TLS certificate: Issued by Microsoft IT TLS CA 5 on May 1st 2019. Valid for: 2 years.
This is the only time misk982ijwev.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 54.72.218.171 16509 (AMAZON-02)
1 1 186.64.119.205 52368 (ZAM LTDA.)
1 52.239.246.4 8075 (MICROSOFT...)
12 66.55.83.59 32181 (ASN-GIGENET)
1 40.126.1.166 8075 (MICROSOFT...)
14 3
1    54.72.218.171 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-72-218-171.eu-west-1.compute.amazonaws.com
redirect.viglink.com
1    186.64.119.205 (Chile)

ASN52368 (ZAM LTDA., CL)
PTR: mail.pyme73.pymedns.net
www.academiapatorodriguez.cl
1    52.239.246.4 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
misk982ijwev.blob.core.windows.net
12    66.55.83.59 (Arlington, United States)

ASN32181 (ASN-GIGENET - GigeNET, US)
PTR: host4.reddotarms.com
www.reddotarms.com
1    40.126.1.166 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
login.microsoftonline.com
Domain Requested by
12 www.reddotarms.com misk982ijwev.blob.core.windows.net
1 login.microsoftonline.com misk982ijwev.blob.core.windows.net
1 misk982ijwev.blob.core.windows.net
1 www.academiapatorodriguez.cl 1 redirects
1 redirect.viglink.com 1 redirects
14 5

This site contains no links.

Subject Issuer Validity Valid
*.blob.core.windows.net
Microsoft IT TLS CA 5		 2019-05-01 -
2021-05-01		 2 years crt.sh
reddotarms.com
cPanel, Inc. Certification Authority		 2019-09-17 -
2019-12-16		 3 months crt.sh
stamp2.login.microsoftonline.com
Microsoft IT TLS CA 1		 2018-09-24 -
2020-09-24		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
Frame ID: 4FEAF12FB4DC3A03035F79ABAAF7B845
Requests: 13 HTTP requests in this frame

Frame: https://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392
Frame ID: BE35F0665E8E32DE450EB0246AE98EE3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://redirect.viglink.com/?u=https%3A%2F%2Fwww.academiapatorodriguez.cl%2Fksli%2Fwordpress%2Fi9si37mic... HTTP 302
    https://www.academiapatorodriguez.cl/ksli/wordpress/i9si37michael.marter HTTP 302
    https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Microsoft-HTTPAPI(?:\/([\d.]+))?/i

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

3
IPs

3
Countries

41 kB
Transfer

43 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://redirect.viglink.com/?u=https%3A%2F%2Fwww.academiapatorodriguez.cl%2Fksli%2Fwordpress%2Fi9si37michael.marter%23michael.marter@cegelec.com&cuid=prkk1fswmpz&key=fd5de1d096b38be9fffd6ddc1948df4f HTTP 302
    https://www.academiapatorodriguez.cl/ksli/wordpress/i9si37michael.marter HTTP 302
    https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.html
misk982ijwev.blob.core.windows.net/misk982ijwev/
Redirect Chain
  • http://redirect.viglink.com/?u=https%3A%2F%2Fwww.academiapatorodriguez.cl%2Fksli%2Fwordpress%2Fi9si37michael.marter%23michael.marter@cegelec.com&cuid=prkk1fswmpz&key=fd5de1d096b38be9fffd6ddc1948df4f
  • https://www.academiapatorodriguez.cl/ksli/wordpress/i9si37michael.marter
  • https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7h...
15 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.246.4 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
95778497704c7df0bf9373d61665247cf5f2f73e04f90f2ea1534da200a851f2

Request headers

Host
misk982ijwev.blob.core.windows.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Length
15131
Content-Type
text/html
Last-Modified
Tue, 12 Nov 2019 03:32:27 GMT
Accept-Ranges
bytes
ETag
"0x8D76720F1178B5D"
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id
9d39ed91-501e-0047-6a74-99fb05000000
x-ms-version
2019-02-02
x-ms-creation-time
Tue, 12 Nov 2019 03:32:27 GMT
x-ms-lease-status
unlocked
x-ms-lease-state
available
x-ms-blob-type
BlockBlob
x-ms-server-encrypted
true
Date
Tue, 12 Nov 2019 16:13:58 GMT

Redirect headers

status
302
date
Tue, 12 Nov 2019 16:13:57 GMT
server
Apache
expires
Wed, 11 Jan 1984 05:00:00 GMT
cache-control
no-cache, must-revalidate, max-age=0 public
link
<https://www.academiapatorodriguez.cl/ksli/wordpress/wp-json/>; rel="https://api.w.org/"
strict-transport-security
max-age=63072000; includeSubdomains;
location
https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
content-length
0
content-type
text/html; charset=UTF-8
logon.css
www.reddotarms.com/js/media/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.reddotarms.com/js/media/logon.css
Requested by
Host: misk982ijwev.blob.core.windows.net
URL: https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.55.83.59 Arlington, United States, ASN32181 (ASN-GIGENET - GigeNET, US),
Reverse DNS
host4.reddotarms.com
Software
Apache /
Resource Hash
da50bcb5382766a7c25162bbfd523928ccecf337ed574af0b249a59b546cb834

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 12 Nov 2019 16:13:59 GMT
Content-Encoding
gzip
Last-Modified
Sat, 09 Nov 2019 02:26:28 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=5259487, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
891
Expires
Wed, 08 Jan 2020 23:24:35 GMT
owafont.css
www.reddotarms.com/js/media/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.reddotarms.com/js/media/owafont.css
Requested by
Host: misk982ijwev.blob.core.windows.net
URL: https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.55.83.59 Arlington, United States, ASN32181 (ASN-GIGENET - GigeNET, US),
Reverse DNS
host4.reddotarms.com
Software
Apache /
Resource Hash
5a8a50bbfec3340a13879de71a5dbe889eca252ac9cfb523c6cea94f05b7b673

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 12 Nov 2019 16:13:59 GMT
Content-Encoding
gzip
Last-Modified
Sat, 09 Nov 2019 02:26:28 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=5259487, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1571
Expires
Wed, 08 Jan 2020 23:24:35 GMT
flogon.js
www.reddotarms.com/js/media/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reddotarms.com/js/media/flogon.js
Requested by
Host: misk982ijwev.blob.core.windows.net
URL: https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.55.83.59 Arlington, United States, ASN32181 (ASN-GIGENET - GigeNET, US),
Reverse DNS
host4.reddotarms.com
Software
Apache /
Resource Hash
215d250a6028db2afb14ba5028f23493f042cee6fdd59f59e4deb10fd63b1060

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 12 Nov 2019 16:13:59 GMT
Content-Encoding
gzip
Last-Modified
Sat, 09 Nov 2019 02:26:26 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=5259487, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1685
Expires
Wed, 11 Nov 2020 16:13:59 GMT
lgntopl.gif
www.reddotarms.com/js/media/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reddotarms.com/js/media/lgntopl.gif
Requested by
Host: misk982ijwev.blob.core.windows.net
URL: https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.55.83.59 Arlington, United States, ASN32181 (ASN-GIGENET - GigeNET, US),
Reverse DNS
host4.reddotarms.com
Software
Apache /
Resource Hash
b478b93f8f9a262321211d8ce812cdd6accdfb4ede6e0230ccf44e77ad161f97

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 12 Nov 2019 16:13:59 GMT
Last-Modified
Sat, 09 Nov 2019 02:34:42 GMT
Server
Apache
Content-Type
image/gif
Cache-Control
max-age=5259487, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
4455
Expires
Wed, 08 Jan 2020 23:32:49 GMT
lgntopr.gif
www.reddotarms.com/js/media/ 		581 B
902 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reddotarms.com/js/media/lgntopr.gif
Requested by
Host: misk982ijwev.blob.core.windows.net
URL: https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.55.83.59 Arlington, United States, ASN32181 (ASN-GIGENET - GigeNET, US),
Reverse DNS
host4.reddotarms.com
Software
Apache /
Resource Hash
f27d451896ac6a8b768361e3f07c2adf1ee7ae6bcb92ac6d0bda7fb5cf915301

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 12 Nov 2019 16:13:59 GMT
Last-Modified
Sat, 09 Nov 2019 02:34:42 GMT
Server
Apache
Content-Type
image/gif
Cache-Control
max-age=5259487, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
581
Expires
Wed, 08 Jan 2020 23:32:49 GMT
lgnexlogo.gif
www.reddotarms.com/js/media/ 		61 B
381 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reddotarms.com/js/media/lgnexlogo.gif
Requested by
Host: misk982ijwev.blob.core.windows.net
URL: https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.55.83.59 Arlington, United States, ASN32181 (ASN-GIGENET - GigeNET, US),
Reverse DNS
host4.reddotarms.com
Software
Apache /
Resource Hash
b125c5f621a199d89bc496740d7dac72f1a8462465a1b61e331727f5d369b2f4

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 12 Nov 2019 16:13:59 GMT
Last-Modified
Sat, 09 Nov 2019 02:34:42 GMT
Server
Apache
Content-Type
image/gif
Cache-Control
max-age=5259487, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
61
Expires
Wed, 08 Jan 2020 23:32:49 GMT
lgnbotl.gif
www.reddotarms.com/js/media/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reddotarms.com/js/media/lgnbotl.gif
Requested by
Host: misk982ijwev.blob.core.windows.net
URL: https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.55.83.59 Arlington, United States, ASN32181 (ASN-GIGENET - GigeNET, US),
Reverse DNS
host4.reddotarms.com
Software
Apache /
Resource Hash
0e2cda541bf24815df2facd5729d44b70ef4e4bdd160169295944aefc9e51b0b

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 12 Nov 2019 16:13:59 GMT
Last-Modified
Sat, 09 Nov 2019 02:34:42 GMT
Server
Apache
Content-Type
image/gif
Cache-Control
max-age=5259487, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
9311
Expires
Wed, 08 Jan 2020 23:32:49 GMT
lgnbotr.gif
www.reddotarms.com/js/media/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reddotarms.com/js/media/lgnbotr.gif
Requested by
Host: misk982ijwev.blob.core.windows.net
URL: https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.55.83.59 Arlington, United States, ASN32181 (ASN-GIGENET - GigeNET, US),
Reverse DNS
host4.reddotarms.com
Software
Apache /
Resource Hash
97305ffb8ff74176df42bcd213e7cdfd7679630e19911a2db7b399c7960aec3e

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 12 Nov 2019 16:13:59 GMT
Last-Modified
Sat, 09 Nov 2019 02:34:42 GMT
Server
Apache
Content-Type
image/gif
Cache-Control
max-age=5259487, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
2392
Expires
Wed, 08 Jan 2020 23:32:49 GMT
Cookie set logout.srf
login.microsoftonline.com/ Frame BE35 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392
Requested by
Host: misk982ijwev.blob.core.windows.net
URL: https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.126.1.166 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Host
login.microsoftonline.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Referer
https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D

Response headers

Cache-Control
no-cache, no-store
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Expires
-1
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Link
<https://aadcdn.msftauth.net>; rel=preconnect; crossorigin <https://aadcdn.msftauth.net>; rel=dns-prefetch <https://aadcdn.msauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control
on
x-ms-request-id
f53f2cae-2fc2-4d18-82df-38db20402000
x-ms-ests-server
2.1.9645.7 - DUB2 ProdSlices
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie
SignInStateCookie=CAQABAAIAAACQN9QBRU3jT6bcBQLZNUj7Gf7Aho9kOxg3MT8aDl0pBj-Uvx3q7akFDjjpPDgIfJ1MLQswBz8As-xKzg5Sz662dr5K9kAhT2ucgQ6-cGHCQCAA; path=/; secure; HttpOnly ESTSSSOTILES=1; expires=Mon, 12-Nov-2029 16:13:58 GMT; path=/; secure AADSSOTILES=1; expires=Mon, 12-Nov-2029 16:13:58 GMT; path=/; secure; HttpOnly ESTSAUTHPERSISTENT=AQABAAQAAACQN9QBRU3jT6bcBQLZNUj7XTAkiY0o5aweKArF5YoDOABWlsL0UWiMva8w0DNE6Q6foAA3Nx1NKyYYGGgz3UV1KKytjURfS9WhIObN_k7W7nqjy657dMR-Zgq9wQEaqKPR9SxViaQCmE65efP7cjGWNbmLuns_nSk7d4YfTbO-9qmsPemuXwD9fsbQu_sJVnz-Klf8hiSGwnpurw-ZQTawwfQhdxZcM3VP3sPMRfaHkCAAIABAACAAAAA; domain=.login.microsoftonline.com; expires=Mon, 10-Feb-2020 16:13:58 GMT; path=/; secure; HttpOnly ESTSAUTH=AQABAAQAAACQN9QBRU3jT6bcBQLZNUj7DeXHRNd1Ihm7aDTH920guFE3XycYCRQ0iIPxiorpGXDP_-P6hKq66Bi7RWj-w36Dvo5d4-C2T7bCzr9JCNsPm3b6Fddv5-q8AFYpQPLqUWzjxqoj4ZiNwGmS0uqlVsg-RaYCclDj1SgA9CUkQKmajCylEtUfWbCGGIy3BF_BZ8G4SztWKxS3gTyECoIxZ3NyE1JhalNHvpkWXVfqOVumJSAAIABAACAAAAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly ESTSAUTHLIGHT=+; path=/; secure ch=VejB85vXZydsQoNPjnfszejtvk5pjlM2lpD9zbX-9sE; domain=.login.microsoftonline.com; expires=Mon, 10-Feb-2020 16:13:58 GMT; path=/; secure ESTSSC=00; path=/; secure; HttpOnly buid=AQABAAEAAACQN9QBRU3jT6bcBQLZNUj7ILQ90tB2wqaJ-WuQSXspFoGD2PSuoQmoIkhosXaOLyc2DJ8O6Unswq3r3uO3DvOCODDGFgw56k2bZKRrJ4G1R2E5WVK_aVCv6xwDDDyL81kgAA; expires=Thu, 12-Dec-2019 16:13:58 GMT; path=/; secure; HttpOnly fpc=AmFlyJS5eudIiL32iCLvbCM; expires=Thu, 12-Dec-2019 16:13:58 GMT; path=/; secure; HttpOnly esctx=AQABAAAAAACQN9QBRU3jT6bcBQLZNUj72jprhdE6WyiJ0tvDFet21JyHpJqDozKqjKFhoQwNYAj9OZXVyoN1GQX44rqvUA5nW1LtULT9YAWWPjxksF_18Cs1W3jUflc9C7xyRU6RABfAoGfc0wa3ADV9dumoOHxjmTr-LOaQXWJA-ZNfTEjgnd1GNAuErNU1yrtdAj72EQwgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly x-ms-gateway-slice=prod; path=/; SameSite=None; secure; HttpOnly stsservicecookie=ests; path=/; SameSite=None; secure; HttpOnly
Referrer-Policy
strict-origin-when-cross-origin
Date
Tue, 12 Nov 2019 16:13:57 GMT
Content-Length
117504
lgntopm.gif
www.reddotarms.com/js/media/ 		58 B
378 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reddotarms.com/js/media/lgntopm.gif
Requested by
Host: misk982ijwev.blob.core.windows.net
URL: https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.55.83.59 Arlington, United States, ASN32181 (ASN-GIGENET - GigeNET, US),
Reverse DNS
host4.reddotarms.com
Software
Apache /
Resource Hash
9d894a6800fd18d20423c66066097b9653be9eb3796f6a0e216dca220c45d6d6

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.reddotarms.com/js/media/logon.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 12 Nov 2019 16:13:59 GMT
Last-Modified
Sat, 09 Nov 2019 02:34:42 GMT
Server
Apache
Content-Type
image/gif
Cache-Control
max-age=5259487, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
58
Expires
Wed, 08 Jan 2020 23:32:49 GMT
lgnleft.gif
www.reddotarms.com/js/media/ 		290 B
611 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reddotarms.com/js/media/lgnleft.gif
Requested by
Host: misk982ijwev.blob.core.windows.net
URL: https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.55.83.59 Arlington, United States, ASN32181 (ASN-GIGENET - GigeNET, US),
Reverse DNS
host4.reddotarms.com
Software
Apache /
Resource Hash
96a4b86c4a5ff1f1aa67c52287be64ebd51598d32cbd1249351e462cae549185

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.reddotarms.com/js/media/logon.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 12 Nov 2019 16:13:59 GMT
Last-Modified
Sat, 09 Nov 2019 02:34:42 GMT
Server
Apache
Content-Type
image/gif
Cache-Control
max-age=5259487, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
290
Expires
Wed, 08 Jan 2020 23:32:49 GMT
lgnright.gif
www.reddotarms.com/js/media/ 		306 B
627 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reddotarms.com/js/media/lgnright.gif
Requested by
Host: misk982ijwev.blob.core.windows.net
URL: https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.55.83.59 Arlington, United States, ASN32181 (ASN-GIGENET - GigeNET, US),
Reverse DNS
host4.reddotarms.com
Software
Apache /
Resource Hash
a9626d4f60b20f2da50f763f20d891a70625dde0dba68116896026c400b8b775

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.reddotarms.com/js/media/logon.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 12 Nov 2019 16:13:59 GMT
Last-Modified
Sat, 09 Nov 2019 02:34:42 GMT
Server
Apache
Content-Type
image/gif
Cache-Control
max-age=5259487, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
306
Expires
Wed, 08 Jan 2020 23:32:49 GMT
lgnbotm.gif
www.reddotarms.com/js/media/ 		276 B
597 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reddotarms.com/js/media/lgnbotm.gif
Requested by
Host: misk982ijwev.blob.core.windows.net
URL: https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.55.83.59 Arlington, United States, ASN32181 (ASN-GIGENET - GigeNET, US),
Reverse DNS
host4.reddotarms.com
Software
Apache /
Resource Hash
6097839fd066f359bbe21fb228714cd33385a6995a060eaa504ee190e3c1178a

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.reddotarms.com/js/media/logon.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 12 Nov 2019 16:13:59 GMT
Last-Modified
Sat, 09 Nov 2019 02:34:42 GMT
Server
Apache
Content-Type
image/gif
Cache-Control
max-age=5259487, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
276
Expires
Wed, 08 Jan 2020 23:32:49 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| initLogon function| redir function| shw function| hd function| clkExp function| clkSec function| clkBsc function| clkLgn function| clkRtry function| clkReLgn function| gbid function| IsOwaPremiumBrowser function| hres function| LogoffMime function| addPerfMarker function| secureCookie function| isHttps string| hash string| USER string| USERX object| Page1 object| Page2 object| PASS object| PASSX function| loaded function| KIRIM function| RETRY

0 Cookies