![](/screenshots/0da92933-a393-40a1-ab66-a066bcc3785e.png)
bee8c965.kickoffpages.com
Open in
urlscan Pro
23.23.253.193
Malicious Activity!
Public Scan
Submission: On March 30 via manual from IN
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on June 12th 2020. Valid for: 2 years.
This is the only time bee8c965.kickoffpages.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 23.23.253.193 23.23.253.193 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 2606:4700::68... 2606:4700::6812:1634 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 52.85.114.11 52.85.114.11 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 13.226.159.88 13.226.159.88 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 2606:4700:e6:... 2606:4700:e6::ac40:cb1c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2600:9000:218... 2600:9000:2182:3a00:6:4afb:9140:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
5 | 52.217.93.68 52.217.93.68 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 54.243.120.192 54.243.120.192 | 14618 (AMAZON-AES) (AMAZON-AES) | |
2 | 54.235.185.216 54.235.185.216 | 14618 (AMAZON-AES) (AMAZON-AES) | |
22 | 10 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-23-23-253-193.compute-1.amazonaws.com
bee8c965.kickoffpages.com | |
options.kickoffpages.com |
ASN16509 (AMAZON-02, US)
PTR: server-52-85-114-11.hel50.r.cloudfront.net
d1y0v6ricksqp.cloudfront.net |
ASN16509 (AMAZON-02, US)
PTR: server-13-226-159-88.dus51.r.cloudfront.net
cdn.kickoffpages.com |
ASN16509 (AMAZON-02, US)
cdn.mcauto-images-production.sendgrid.net |
ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
marketing-image-production.s3.amazonaws.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-243-120-192.compute-1.amazonaws.com
api.kickofflabs.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-235-185-216.compute-1.amazonaws.com
leads.kickofflabs.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
amazonaws.com
marketing-image-production.s3.amazonaws.com |
8 KB |
5 |
kickoffpages.com
bee8c965.kickoffpages.com cdn.kickoffpages.com options.kickoffpages.com |
139 KB |
4 |
fontawesome.com
kit.fontawesome.com ka-f.fontawesome.com |
23 KB |
3 |
kickofflabs.com
api.kickofflabs.com leads.kickofflabs.com |
2 KB |
3 |
sendgrid.net
cdn.mcauto-images-production.sendgrid.net |
63 KB |
1 |
cloudfront.net
d1y0v6ricksqp.cloudfront.net |
11 KB |
1 |
googleapis.com
fonts.googleapis.com |
739 B |
22 | 7 |
Domain | Requested by | |
---|---|---|
5 | marketing-image-production.s3.amazonaws.com |
bee8c965.kickoffpages.com
|
3 | cdn.mcauto-images-production.sendgrid.net |
bee8c965.kickoffpages.com
|
3 | ka-f.fontawesome.com |
kit.fontawesome.com
|
2 | leads.kickofflabs.com |
cdn.kickoffpages.com
|
2 | options.kickoffpages.com |
cdn.kickoffpages.com
|
2 | cdn.kickoffpages.com |
bee8c965.kickoffpages.com
|
1 | api.kickofflabs.com | |
1 | d1y0v6ricksqp.cloudfront.net |
bee8c965.kickoffpages.com
|
1 | fonts.googleapis.com |
bee8c965.kickoffpages.com
|
1 | kit.fontawesome.com |
bee8c965.kickoffpages.com
|
1 | bee8c965.kickoffpages.com | |
22 | 11 |
This site contains links to these domains. Also see Links.
Domain |
---|
sidneygsne.xyz |
www.facebook.com |
twitter.com |
instagram.com |
pinterest.com |
linkedin.com |
kickofflabs.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.kickoffpages.com Sectigo RSA Domain Validation Secure Server CA |
2020-06-12 - 2022-06-12 |
2 years | crt.sh |
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2020-11-13 - 2021-12-14 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-03-11 - 2021-06-03 |
3 months | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2021-02-22 - 2022-02-21 |
a year | crt.sh |
cdn.kickoffpages.com Amazon |
2020-10-04 - 2021-11-04 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-13 - 2021-10-12 |
a year | crt.sh |
cdn.mcauto-images-production.sendgrid.net Amazon |
2020-07-16 - 2021-08-16 |
a year | crt.sh |
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2 |
2021-01-11 - 2022-02-11 |
a year | crt.sh |
*.kickofflabs.com Sectigo RSA Domain Validation Secure Server CA |
2020-06-01 - 2022-06-01 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://bee8c965.kickoffpages.com/
Frame ID: 35A627BB342196F0FB95289AF3D570FA
Requests: 20 HTTP requests in this frame
7 Outgoing links
These are links going to different origins than the main page.
Title: View Document
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Powered by KickoffLabs
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
bee8c965.kickoffpages.com/ |
47 KB 47 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4d24be3fdc.js
kit.fontawesome.com/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
4 KB 739 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
d1y0v6ricksqp.cloudfront.net/css/bootstrap/3.4.1_simple/ |
56 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kickofflabs.css
cdn.kickoffpages.com/droppable_theme_styles/1.2/ |
157 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v5.15.3/css/ |
59 KB 13 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.3/css/ |
26 KB 4 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v5.15.3/css/ |
3 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
469x107.png
cdn.mcauto-images-production.sendgrid.net/07d9ac8cc71e2271/ef118e0f-126b-4dce-bb7e-15870d850db0/ |
5 KB 5 KB |
Image
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
466x288.png
cdn.mcauto-images-production.sendgrid.net/07d9ac8cc71e2271/fee04730-2e11-46f8-a27c-9d6fa89b1d97/ |
48 KB 48 KB |
Image
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
149x87.png
cdn.mcauto-images-production.sendgrid.net/07d9ac8cc71e2271/2ca8985f-8769-4456-b98c-94a807c1ea45/ |
9 KB 9 KB |
Image
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
facebook.png
marketing-image-production.s3.amazonaws.com/social/white/ |
746 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
twitter.png
marketing-image-production.s3.amazonaws.com/social/white/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
instagram.png
marketing-image-production.s3.amazonaws.com/social/white/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pinterest.png
marketing-image-production.s3.amazonaws.com/social/white/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
linkedin.png
marketing-image-production.s3.amazonaws.com/social/white/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kol.js
cdn.kickoffpages.com/2.0.0/ |
248 KB 68 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
options.kickoffpages.com/148312/ |
59 B 537 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
/
options.kickoffpages.com/148312/ |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2d531d40-2ac8-4b0d-85da-8b5360ca1166
api.kickofflabs.com/stats/b/ |
35 B 271 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2019a4ba-edb0-43ae-9528-a2de621c4f73
leads.kickofflabs.com/anon/148312/ |
448 B 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
2019a4ba-edb0-43ae-9528-a2de621c4f73
leads.kickofflabs.com/anon/148312/ |
0 0 |
Preflight
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| FontAwesomeKitConfig boolean| kol_skip_font_awesome object| KOLSettings object| kol_oauth_options object| kolOptions function| setKolInputValue function| runKolInstantSignup function| setImmediate function| clearImmediate function| KOL object| _kol boolean| _kolDebuggingEnabled object| __kol_analytics0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' |
Strict-Transport-Security | max-age=15552000; |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.kickofflabs.com
bee8c965.kickoffpages.com
cdn.kickoffpages.com
cdn.mcauto-images-production.sendgrid.net
d1y0v6ricksqp.cloudfront.net
fonts.googleapis.com
ka-f.fontawesome.com
kit.fontawesome.com
leads.kickofflabs.com
marketing-image-production.s3.amazonaws.com
options.kickoffpages.com
13.226.159.88
23.23.253.193
2600:9000:2182:3a00:6:4afb:9140:93a1
2606:4700::6812:1634
2606:4700:e6::ac40:cb1c
2a00:1450:4001:828::200a
52.217.93.68
52.85.114.11
54.235.185.216
54.243.120.192
0154369b7faddde0dd9042555d53afab09935a99d1e4c035ba6dab3ba91e1728
035ffda1f12b59c12b3e8e702cf98d555634e088dacc3d4d6f836290ffe92cfc
1476c101cda6283fbd6a7b4381767b7ecde6d8e1bd871dd43bfba89f1b950a87
2246212770d7ee65ae37c08cf280be33a1cf5a1fe0409d5aac3ae8a964907ce9
31cd010d4129451a24e7a27700c8602fa695f7dc3e57f7189418e17c18605d2b
362daeaf1f7e05fee9a609e549f148aacbe518c166fbd96ead69057e295742af
40d145934118f5fa7dc39207d3f63992143bcd74d58f54ef0837b321df072029
771954590aef702d686f04cc09458587bfb76309912e47f02e213c57a0b6dcf9
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
a397ddd187e22cfae68c5ef7fa8c870e4625c548f5af4f4f8f04ea1de8e130d7
a478a9408bf9d83f7beea2aa7bd59e8800ad9a4491c6ee7fc7274e2f8cae7853
a6007bc753977879bb74f610f4c193eb5ac81648b8de4e0582554017c1ba1791
a731032ebf2f7baab700b3d6e99be26b2f26c6561e983233b384b2c21671ab1a
ad759fa2c31b5d717c304d14567cf436338b054b247bc10bdc736b394944d463
ae194939ebfc37e77eca6cf7da71f3bf5faf91b0dbc1a93fdc09f8c1ca85781d
bc39faeca56080ddf58d15275b2fe0cfa3bc1ec8afd82508555b25555ec95086
c2819ca1f7ad1af7ba53c4edfdfd395c547bcb16d29892a234d7860c689ed929
cee502c5b67f76895134d68fd3a23374dc9b57e32ca42b72855ae5e33a541097
d83af247def45828af6233ddafc93309bd81d5c64817a66b24e8b9ed572123ee
e9e2c23858043dd0a2de1358fa1f7d939984a675e097e7a29b27a2d2c6373223