urlscan.io logo urlscan.io
SecurityTrails logo

jjs5.bitbucket.io Open in urlscan Pro
2406:da00:ff00::3414:6492  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://jjs5.bitbucket.io/
Effective URL: https://jjs5.bitbucket.io/
Submission: On May 04 via api from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 6 HTTP transactions. The main IP is 2406:da00:ff00::3414:6492, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is jjs5.bitbucket.io.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on June 3rd 2020. Valid for: 2 years.
This is the only time jjs5.bitbucket.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 2406:da00:ff0... 14618 (AMAZON-AES)
1 2606:4700:303... 13335 (CLOUDFLAR...)
3 104.192.137.10 16509 (AMAZON-02)
1 2001:4de0:ac1... 20446 (STACKPATH...)
6 5
Apex Domain
Subdomains		 Transfer
3 atlassian.com
web-security-reports.services.atlassian.com — Cisco Umbrella Rank: 102603
742 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 936
33 KB
1 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1448
12 KB
1 bitbucket.io
jjs5.bitbucket.io
125 KB
6 4
Domain Requested by
3 web-security-reports.services.atlassian.com jjs5.bitbucket.io
1 code.jquery.com jjs5.bitbucket.io
1 use.fontawesome.com jjs5.bitbucket.io
1 jjs5.bitbucket.io
6 4

This site contains no links.

Subject Issuer Validity Valid
*.bitbucket.io
DigiCert SHA2 High Assurance Server CA		 2020-06-03 -
2022-07-05		 2 years crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-07 -
2022-07-06		 a year crt.sh
*.services.atlassian.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-11-12 -
2022-12-06		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://jjs5.bitbucket.io/
Frame ID: 5A66247EEF33443CA5A8B71CFEF0779F
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to your accountassets

Page URL History Show full URLs

  1. http://jjs5.bitbucket.io/ HTTP 307
    https://jjs5.bitbucket.io/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

172 kB
Transfer

435 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://jjs5.bitbucket.io/ HTTP 307
    https://jjs5.bitbucket.io/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
jjs5.bitbucket.io/
Redirect Chain
  • http://jjs5.bitbucket.io/
  • https://jjs5.bitbucket.io/
266 KB
125 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://jjs5.bitbucket.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2406:da00:ff00::3414:6492 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
388c9a3ea0cb905487f101f5730e2fcf54a0f5afec056f566f456ac029f21981
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=900
content-encoding
gzip
content-language
en
content-security-policy-report-only
script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://d301sr5gafysq2.cloudfront.net; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com https://d301sr5gafysq2.cloudfront.net; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net sentry.io bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net; object-src about:; base-uri 'self'
content-type
text/html
date
Wed, 04 May 2022 16:02:47 GMT
etag
W/"6fef121e6336eecaf72bf4dc166c2bf7"
last-modified
Wed, 20 Apr 2022 18:15:19 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Language, Origin, Accept-Encoding
x-b3-traceid
edf4b0c5019211eb
x-cache-info
caching
x-dc-location
Micros
x-render-time
0.066596031189
x-request-count
2722
x-served-by
c93d47ad77dd
x-static-version
64c9f4b4a192
x-usage-input-ops
0
x-usage-output-ops
0
x-usage-quota-remaining
998954.839
x-usage-request-cost
1064.70
x-usage-system-time
0.000280
x-usage-user-time
0.031661
x-version
64c9f4b4a192
x-view-name
bitbucket.apps.hosted.views.serve

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://jjs5.bitbucket.io/
Non-Authoritative-Reason
HSTS
all.css
use.fontawesome.com/releases/v5.7.0/css/ 		53 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.7.0/css/all.css
Requested by
Host: jjs5.bitbucket.io
URL: https://jjs5.bitbucket.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:a9f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afdc6bf2de981ffd7d370b76f44e7580572f197efbe214b9cfa4005d189d8eae

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://jjs5.bitbucket.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 04 May 2022 16:02:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
26078108
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
M0E0YC1ASJ890YES
x-amz-id-2
nxWTWdsYC4fY2jYunjy+Fq7BwkiHRmZQpAOHuEWV6jXOTYkX2aJAJIZjIt5Fa7oUuMP2k/a1NJ0=
last-modified
Wed, 30 Jun 2021 15:45:15 GMT
server
cloudflare
etag
W/"251d28bd755f5269a4531df8a81d5664"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4P2IbQVNGBxmPq78LgXCB7jiLY5VBXxWW0tfIvArcl7Ritt3CaAT%2B3HVoPa84SzFtMvCG3XRElTE4SIxBLj%2FYzCqPZhaGQp5D%2BCpYEwU5wbkzcWdTbJkSweTJnLwQreU8Qo7Qh6kUjrccy66GarVV0Ji"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31556926
cf-ray
7062767a2dfe341a-NRT
bb-website
web-security-reports.services.atlassian.com/csp-report/ 		0
598 B 		Other
General
Check archive.org
Download Go to
Full URL
https://web-security-reports.services.atlassian.com/csp-report/bb-website
Requested by
Host: jjs5.bitbucket.io
URL: https://jjs5.bitbucket.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.192.137.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
globaledge-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://jjs5.bitbucket.io/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
application/csp-report

Response headers

x-rate-limit-request-remote-addr
10.255.0.9:12970
date
Wed, 04 May 2022 16:02:48 GMT
x-rate-limit-request-forwarded-for
217.138.252.196, 10.22.3.86
x-rate-limit-limit
100.00
nel
{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": 0.001}
server
globaledge-envoy
atl-traceid
f0a003348d68b5f2
expect-ct
report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/web-security-reports", max-age=86400
strict-transport-security
max-age=63072000; preload
report-to
{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dj9s4kmieytgz.cloudfront.net"}], "include_subdomains": true}
x-envoy-upstream-service-time
168
x-content-type-options
nosniff
content-length
0
x-xss-protection
1; mode=block
x-rate-limit-duration
1
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
bb-website
web-security-reports.services.atlassian.com/csp-report/ 		0
61 B 		Other
General
Check archive.org
Download Go to
Full URL
https://web-security-reports.services.atlassian.com/csp-report/bb-website
Requested by
Host: jjs5.bitbucket.io
URL: https://jjs5.bitbucket.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.192.137.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
globaledge-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://jjs5.bitbucket.io/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
application/csp-report

Response headers

x-rate-limit-request-remote-addr
10.255.0.8:31342
date
Wed, 04 May 2022 16:02:48 GMT
x-rate-limit-request-forwarded-for
217.138.252.196, 10.22.3.86
x-rate-limit-limit
100.00
nel
{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": 0.001}
server
globaledge-envoy
atl-traceid
c83fd3b6b87d4b8d
expect-ct
report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/web-security-reports", max-age=86400
strict-transport-security
max-age=63072000; preload
report-to
{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dj9s4kmieytgz.cloudfront.net"}], "include_subdomains": true}
x-envoy-upstream-service-time
167
x-content-type-options
nosniff
content-length
0
x-xss-protection
1; mode=block
x-rate-limit-duration
1
jquery-1.12.4.min.js
code.jquery.com/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-1.12.4.min.js
Requested by
Host: jjs5.bitbucket.io
URL: https://jjs5.bitbucket.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Request headers

Referer
https://jjs5.bitbucket.io/
Origin
https://jjs5.bitbucket.io
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 04 May 2022 16:02:48 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-17b8b"
vary
Accept-Encoding
x-hw
1651680168.dop099.sj3.t,1651680168.cds202.sj3.hn,1651680168.cds099.sj3.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
33738
truncated
/ 		17 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/jpeg
bb-website
web-security-reports.services.atlassian.com/csp-report/ 		0
83 B 		Other
General
Check archive.org
Download Go to
Full URL
https://web-security-reports.services.atlassian.com/csp-report/bb-website
Requested by
Host: jjs5.bitbucket.io
URL: https://jjs5.bitbucket.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.192.137.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
globaledge-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://jjs5.bitbucket.io/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
application/csp-report

Response headers

x-rate-limit-request-remote-addr
10.255.0.8:31412
date
Wed, 04 May 2022 16:02:49 GMT
x-rate-limit-request-forwarded-for
217.138.252.196, 10.22.3.86
x-rate-limit-limit
100.00
nel
{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": 0.001}
server
globaledge-envoy
atl-traceid
53aa31a52c0f1eef
expect-ct
report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/web-security-reports", max-age=86400
strict-transport-security
max-age=63072000; preload
report-to
{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dj9s4kmieytgz.cloudfront.net"}], "include_subdomains": true}
x-envoy-upstream-service-time
169
x-content-type-options
nosniff
content-length
0
x-xss-protection
1; mode=block
x-rate-limit-duration
1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| $ function| jQuery function| displaySecondLoginForm function| isEmail

0 Cookies

3 Console Messages

Source Level URL
Text
security error URL: https://jjs5.bitbucket.io/(Line 4)
Message:
[Report Only] Refused to load the stylesheet 'https://use.fontawesome.com/releases/v5.7.0/css/all.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com https://d301sr5gafysq2.cloudfront.net". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security error URL: https://jjs5.bitbucket.io/
Message:
[Report Only] Refused to load the script 'https://code.jquery.com/jquery-1.12.4.min.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://d301sr5gafysq2.cloudfront.net". Note that 'strict-dynamic' is present, so host-based allowlisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://jjs5.bitbucket.io/(Line 119)
Message:
[Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://d301sr5gafysq2.cloudfront.net". Either the 'unsafe-inline' keyword, a hash ('sha256-qmPDeuTsinzTxXWsL4V6Paxqy8pSkPkU/3PwhHtwJt0='), or a nonce ('nonce-...') is required to enable inline execution.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload