www.barecovecarpet.com
Open in
urlscan Pro
104.28.14.45
Malicious Activity!
Public Scan
Effective URL: http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Submission: On February 15 via manual from GB
Summary
This is the only time www.barecovecarpet.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online) Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 3 | 104.28.14.45 104.28.14.45 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
8 | 2.20.23.219 2.20.23.219 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 104.28.15.45 104.28.15.45 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
10 | 3 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.barecovecarpet.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.barecovecarpet.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com |
292 KB |
4 |
barecovecarpet.com
2 redirects
www.barecovecarpet.com |
15 KB |
10 | 2 |
Domain | Requested by | |
---|---|---|
8 | secure.aadcdn.microsoftonline-p.com |
www.barecovecarpet.com
|
4 | www.barecovecarpet.com |
2 redirects
www.barecovecarpet.com
|
10 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
account.live.com |
passwordreset.microsoftonline.com |
login.live.com |
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/
Frame ID: (DD8B5477AF01A9925FEB4168AD2A19A3)
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://www.barecovecarpet.com/wp-includes/office365/
HTTP 302
http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea HTTP 301
http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/ Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /cloudflare/i
HeadJS (JavaScript Libraries) Expand
Detected patterns
- env /^head$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Personal account
Search URL Search Domain Scan URL
Title: Work or school account
Search URL Search Domain Scan URL
Title: Sign in with a Microsoft account
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.barecovecarpet.com/wp-includes/office365/
HTTP 302
http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea HTTP 301
http://www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.barecovecarpet.com/wp-includes/office365/f871294f53067d9d4745bf106dc0c3ea/ Redirect Chain
|
45 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.min.css
secure.aadcdn.microsoftonline-p.com/ests/2.1.6310.8/content/cdnbundles/ |
22 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_hover.min.css
secure.aadcdn.microsoftonline-p.com/ests/2.1.6310.8/content/cdnbundles/ |
89 B 454 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.1.11.min.js
secure.aadcdn.microsoftonline-p.com/ests/2.1.6310.8/content/cdnbundles/ |
108 KB 38 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aad.login.min.js
secure.aadcdn.microsoftonline-p.com/ests/2.1.6310.8/content/cdnbundles/ |
176 KB 43 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
heroillustration
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/ |
199 KB 199 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bannerlogo
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
close.png
secure.aadcdn.microsoftonline-p.com/ests/2.1.6310.8/content/images/ |
190 B 517 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.png
secure.aadcdn.microsoftonline-p.com/ests/2.1.6310.8/content/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
email-decode.min.js
www.barecovecarpet.com/cdn-cgi/scripts/d07b1474/cloudflare-static/ |
973 B 1008 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online) Microsoft (Consumer)27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| $Config boolean| isTouch string| cssId object| head object| link undefined| msViewportStyle function| $ function| jQuery object| jQuery111209120326982958404 undefined| MSLogin undefined| proxy undefined| ErrorCodes object| Constants undefined| Context undefined| Background undefined| Logo undefined| Instrument undefined| User undefined| tenant_info undefined| MSLogout undefined| ThirdPartyCookieStates undefined| PostType undefined| LoginOption undefined| TenantBranding undefined| users undefined| Tiles object| $Debug7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
outlook.office365.com/ | Name: OIDC Value: 1 |
|
outlook.office365.com/ | Name: ClientId Value: A8E5A01BAEE04AC3A583EEF663BB3F31 |
|
www.office.com/ | Name: OH.SID Value: c7809c26-72bb-492c-a8dd-1e905184bfe0 |
|
.office.com/ | Name: MUID Value: 2C335A141F3F6CF52D4951831E336D42 |
|
portal.office.com/ | Name: p.PersID Value: 71268c89-5eee-4ad4-bfa1-5ed0104bf72b |
|
portal.office.com/ | Name: s.SessID Value: a1af9c7b-bbc7-4f16-94d3-86d01b98df37 |
|
.barecovecarpet.com/ | Name: __cfduid Value: df5854d81ad986527c17e8b8a71b08b061518685115 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
secure.aadcdn.microsoftonline-p.com
www.barecovecarpet.com
104.28.14.45
104.28.15.45
2.20.23.219
03fbdd6b5a426541d3569d83889367397cbe2db3b2f99c2c926b8f1683cf0e3b
080ff245615e719959bc5537e164ac4495c4b8036462dfee2076dd92f22c8491
1cb99b8f6ef91cab65770c9233f5a9db4e461d1c39c2e561c8606e3994eb1a30
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
91c2b74542e11d0278e02715a980b39582eae2e3b519ddd2d4f9ca939e58109c
9e444d6e8e9247aa4f8fb0025995c7867fc1d63c182774f4524a3cf8588c10c5
b8a876c091593e2dd069f5c2405da574e022481419f705a866aaab2959f6e3ad
f3e8e97da9b75cbd9928c1c3a4a41120f19a1b03674280cb078707b7922d6f96
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603