misk982ijwev.blob.core.windows.net
Open in
urlscan Pro
52.239.246.4
Malicious Activity!
Public Scan
Effective URL: https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-0...
Submission: On November 12 via manual from FR
Summary
TLS certificate: Issued by Microsoft IT TLS CA 5 on May 1st 2019. Valid for: 2 years.
This is the only time misk982ijwev.blob.core.windows.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook Web Access (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.72.218.171 54.72.218.171 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 1 | 186.64.119.205 186.64.119.205 | 52368 (ZAM LTDA.) (ZAM LTDA.) | |
1 | 52.239.246.4 52.239.246.4 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
12 | 66.55.83.59 66.55.83.59 | 32181 (ASN-GIGENET) (ASN-GIGENET - GigeNET) | |
1 | 40.126.1.166 40.126.1.166 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
14 | 3 |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-72-218-171.eu-west-1.compute.amazonaws.com
redirect.viglink.com |
ASN52368 (ZAM LTDA., CL)
PTR: mail.pyme73.pymedns.net
www.academiapatorodriguez.cl |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
misk982ijwev.blob.core.windows.net |
ASN32181 (ASN-GIGENET - GigeNET, US)
PTR: host4.reddotarms.com
www.reddotarms.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
login.microsoftonline.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
reddotarms.com
www.reddotarms.com |
25 KB |
1 |
microsoftonline.com
login.microsoftonline.com |
|
1 |
windows.net
misk982ijwev.blob.core.windows.net |
15 KB |
1 |
academiapatorodriguez.cl
1 redirects
www.academiapatorodriguez.cl |
383 B |
1 |
viglink.com
1 redirects
redirect.viglink.com |
550 B |
14 | 5 |
Domain | Requested by | |
---|---|---|
12 | www.reddotarms.com |
misk982ijwev.blob.core.windows.net
|
1 | login.microsoftonline.com |
misk982ijwev.blob.core.windows.net
|
1 | misk982ijwev.blob.core.windows.net | |
1 | www.academiapatorodriguez.cl | 1 redirects |
1 | redirect.viglink.com | 1 redirects |
14 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.blob.core.windows.net Microsoft IT TLS CA 5 |
2019-05-01 - 2021-05-01 |
2 years | crt.sh |
reddotarms.com cPanel, Inc. Certification Authority |
2019-09-17 - 2019-12-16 |
3 months | crt.sh |
stamp2.login.microsoftonline.com Microsoft IT TLS CA 1 |
2018-09-24 - 2020-09-24 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D
Frame ID: 4FEAF12FB4DC3A03035F79ABAAF7B845
Requests: 13 HTTP requests in this frame
Frame:
https://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392
Frame ID: BE35F0665E8E32DE450EB0246AE98EE3
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://redirect.viglink.com/?u=https%3A%2F%2Fwww.academiapatorodriguez.cl%2Fksli%2Fwordpress%2Fi9si37mic...
HTTP 302
https://www.academiapatorodriguez.cl/ksli/wordpress/i9si37michael.marter HTTP 302
https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z... Page URL
Detected technologies
Microsoft HTTPAPI (Web Servers) ExpandDetected patterns
- headers server /Microsoft-HTTPAPI(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://redirect.viglink.com/?u=https%3A%2F%2Fwww.academiapatorodriguez.cl%2Fksli%2Fwordpress%2Fi9si37michael.marter%23michael.marter@cegelec.com&cuid=prkk1fswmpz&key=fd5de1d096b38be9fffd6ddc1948df4f
HTTP 302
https://www.academiapatorodriguez.cl/ksli/wordpress/i9si37michael.marter HTTP 302
https://misk982ijwev.blob.core.windows.net/misk982ijwev/index.html?sp=r&st=2019-11-12T03:32:48Z&se=2019-12-12T11:32:48Z&spr=https&sv=2019-02-02&sr=b&sig=bMPnBzgmsRUQLBGluutPTmeVF%2F2gxqjxehT%2F9w7hnvA%3D Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
misk982ijwev.blob.core.windows.net/misk982ijwev/ Redirect Chain
|
15 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logon.css
www.reddotarms.com/js/media/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
owafont.css
www.reddotarms.com/js/media/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
flogon.js
www.reddotarms.com/js/media/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgntopl.gif
www.reddotarms.com/js/media/ |
4 KB 5 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgntopr.gif
www.reddotarms.com/js/media/ |
581 B 902 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgnexlogo.gif
www.reddotarms.com/js/media/ |
61 B 381 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgnbotl.gif
www.reddotarms.com/js/media/ |
9 KB 9 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgnbotr.gif
www.reddotarms.com/js/media/ |
2 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
logout.srf
login.microsoftonline.com/ Frame BE35 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgntopm.gif
www.reddotarms.com/js/media/ |
58 B 378 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgnleft.gif
www.reddotarms.com/js/media/ |
290 B 611 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgnright.gif
www.reddotarms.com/js/media/ |
306 B 627 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgnbotm.gif
www.reddotarms.com/js/media/ |
276 B 597 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook Web Access (Online)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| initLogon function| redir function| shw function| hd function| clkExp function| clkSec function| clkBsc function| clkLgn function| clkRtry function| clkReLgn function| gbid function| IsOwaPremiumBrowser function| hres function| LogoffMime function| addPerfMarker function| secureCookie function| isHttps string| hash string| USER string| USERX object| Page1 object| Page2 object| PASS object| PASSX function| loaded function| KIRIM function| RETRY0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.microsoftonline.com
misk982ijwev.blob.core.windows.net
redirect.viglink.com
www.academiapatorodriguez.cl
www.reddotarms.com
186.64.119.205
40.126.1.166
52.239.246.4
54.72.218.171
66.55.83.59
0e2cda541bf24815df2facd5729d44b70ef4e4bdd160169295944aefc9e51b0b
215d250a6028db2afb14ba5028f23493f042cee6fdd59f59e4deb10fd63b1060
5a8a50bbfec3340a13879de71a5dbe889eca252ac9cfb523c6cea94f05b7b673
6097839fd066f359bbe21fb228714cd33385a6995a060eaa504ee190e3c1178a
95778497704c7df0bf9373d61665247cf5f2f73e04f90f2ea1534da200a851f2
96a4b86c4a5ff1f1aa67c52287be64ebd51598d32cbd1249351e462cae549185
97305ffb8ff74176df42bcd213e7cdfd7679630e19911a2db7b399c7960aec3e
9d894a6800fd18d20423c66066097b9653be9eb3796f6a0e216dca220c45d6d6
a9626d4f60b20f2da50f763f20d891a70625dde0dba68116896026c400b8b775
b125c5f621a199d89bc496740d7dac72f1a8462465a1b61e331727f5d369b2f4
b478b93f8f9a262321211d8ce812cdd6accdfb4ede6e0230ccf44e77ad161f97
da50bcb5382766a7c25162bbfd523928ccecf337ed574af0b249a59b546cb834
f27d451896ac6a8b768361e3f07c2adf1ee7ae6bcb92ac6d0bda7fb5cf915301