office365migrations.org
Open in
urlscan Pro
40.122.149.92
Malicious Activity!
Public Scan
Submission: On September 20 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on September 20th 2019. Valid for: 3 months.
This is the only time office365migrations.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 40.122.149.92 40.122.149.92 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
1 | 67.227.180.130 67.227.180.130 | 32244 (LIQUIDWEB) (LIQUIDWEB - Liquid Web) | |
1 | 2606:2800:220... 2606:2800:220:1:248:1893:25c8:1946 | 15133 (EDGECAST) (EDGECAST - MCI Communications Services) | |
1 | 13.93.216.144 13.93.216.144 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
12 | 4 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
office365migrations.org |
ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US)
PTR: webhost.avtecmedia.com
www.idbglobalfcu.org |
ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
example.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
sts.bcu.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
office365migrations.org
office365migrations.org |
276 KB |
1 |
bcu.org
sts.bcu.org |
253 KB |
1 |
example.com
example.com |
|
1 |
idbglobalfcu.org
www.idbglobalfcu.org |
25 KB |
12 | 4 |
Domain | Requested by | |
---|---|---|
9 | office365migrations.org |
office365migrations.org
|
1 | sts.bcu.org |
office365migrations.org
|
1 | example.com |
office365migrations.org
|
1 | www.idbglobalfcu.org |
office365migrations.org
|
12 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
login.microsoftonline.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
idbglobalfcu.office365migrations.org Let's Encrypt Authority X3 |
2019-09-20 - 2019-12-19 |
3 months | crt.sh |
idbglobalfcu.org Starfield Secure Certificate Authority - G2 |
2019-05-08 - 2020-05-08 |
a year | crt.sh |
www.example.org DigiCert SHA2 Secure Server CA |
2018-11-28 - 2020-12-02 |
2 years | crt.sh |
STS.BCU.ORG Entrust Certification Authority - L1M |
2017-12-15 - 2020-03-14 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
https://office365migrations.org/
Frame ID: 6187A962F5AA1F4AF1D375781E538F2B
Requests: 11 HTTP requests in this frame
Frame:
https://example.com/
Frame ID: 1C1D37426C2BDA2BD108E542EFFC7DDB
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
Debian (Operating Systems) ExpandDetected patterns
- headers server /Debian/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: get a new Microsoft account
Search URL Search Domain Scan URL
Title: Can’t access your account?
Search URL Search Domain Scan URL
Title: Legal
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Feedback
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
office365migrations.org/ |
23 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
office365migrations.org/office365.php_files/ |
27 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery_002.js
office365migrations.org/office365.php_files/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aad.js
office365migrations.org/office365.php_files/ |
126 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
office365migrations.org/office365.php_files/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
illustration.jpg
office365migrations.org/office365.php_files/ |
199 KB 199 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
office365migrations.org/office365.php_files/ |
316 B 316 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo@2x.png
www.idbglobalfcu.org/images/ |
24 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AD_Glyph_Footer_30x30.png
office365migrations.org/office365.php_files/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
example.com/ Frame 1C1D |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
office365migrations.org/office365.php_files/ |
316 B 316 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
illustration.png
sts.bcu.org/adfs/portal/illustration/ |
253 KB 253 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)38 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate undefined| msViewportStyle function| $ function| jQuery object| ErrorCodes object| Constants object| Context object| Background object| Logo object| Instrument object| User object| tenant_info function| pageOnReady object| Util object| PostType object| LoginOption object| Post function| origHide function| origShow function| origAddClass function| origRemoveClass object| Support object| users object| Tiles object| HIP object| EmailDiscovery object| ProofUp object| StrongAuthCheck object| ThirdPartyCookieStates object| TenantBranding object| MSLogin object| jQuery15107663887832721286 object| HIP_MODE object| MSStrongAuth object| MSLogout object| body string| alt_background_image0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
example.com
office365migrations.org
sts.bcu.org
www.idbglobalfcu.org
13.93.216.144
2606:2800:220:1:248:1893:25c8:1946
40.122.149.92
67.227.180.130
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
8cdf29c87037c7b34d4e5f9fba6f0a741515327c42f8a677a2b118a7c2bf2ef1
a46de39341985513655a1c1422e4a2cdb62e90778c7a2fa6e48f1251aa58e2b1
adfffbc9c29c1b8e8217d1988e44b1264a2e1566e92619f918e139ccd68b5b36
b3c4fd39a0c96930c595c60d3bd41ed0fb032380017fb367db5e7c4c9cf0bf52
bdecf36da33670af23665cfd4f8b0524c46e2d9d8ce6d53eae292e47af38bf90
e744f2ffcbf16b86a9ceb92f8436f634d253b37d241979662e543e43906180bd
e9f76a23a17184eec1ee54b5fa9d25ae90439b9f8edf31391ee19332010fb698
f0ecc5a8e657458720f3d97ab079570ce1f954f951fddc306cde4bc03151d590
f902d8b3484872d0bb6fdb71084823e6363905e3f0ebaeeafa6cb373acd28350