oscor5lhk.z19.web.core.windows.net Open in urlscan Pro
52.239.177.97 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://oscor5lhk.z19.web.core.windows.net/done.html#purina@ch.nestle.com
Effective URL:
https://oscor5lhk.z19.web.core.windows.net/done.html
Submission: On September 13 via manual (September 13th 2018, 2:08:50 pm UTC) from ES

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 5 domains to perform 10 HTTP transactions. The main IP is 52.239.177.97, located in Des Moines, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is oscor5lhk.z19.web.core.windows.net.
TLS certificate: Issued by Microsoft IT TLS CA 5 on April 19th 2018. Valid for: 2 years.

This is the only time oscor5lhk.z19.web.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online) Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2	52.239.177.97 52.239.177.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1	54.148.84.95 54.148.84.95	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
5	2400:cb00:204... 2400:cb00:2048:1::681c:1f61	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 2	192.186.220.3 192.186.220.3	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com)
1	205.185.208.52 205.185.208.52	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
10	5

2 52.239.177.97 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

oscor5lhk.z19.web.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.148.84.95 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-148-84-95.us-west-2.compute.amazonaws.com

www.sitepoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2400:cb00:2048:1::681c:1f61 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.m5zn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.186.220.3 (Scottsdale, United States) 1 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-192-186-220-3.ip.secureserver.net

csscheckbox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.csscheckbox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.208.52 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	m5zn.com www.m5zn.com	595 KB
2	csscheckbox.com 1 redirects csscheckbox.com www.csscheckbox.com	1 KB
2	windows.net oscor5lhk.z19.web.core.windows.net	33 KB
1	jquery.com code.jquery.com	38 KB
1	sitepoint.com www.sitepoint.com	6 KB
10	5

	Domain	Requested by
5	www.m5zn.com	oscor5lhk.z19.web.core.windows.net
2	oscor5lhk.z19.web.core.windows.net	oscor5lhk.z19.web.core.windows.net
1	code.jquery.com	oscor5lhk.z19.web.core.windows.net
1	www.csscheckbox.com	oscor5lhk.z19.web.core.windows.net
1	csscheckbox.com	1 redirects
1	www.sitepoint.com	oscor5lhk.z19.web.core.windows.net
10	6

This site contains no links.

Subject Issuer	Validity	Valid
*.web.core.windows.net Microsoft IT TLS CA 5	`2018-04-19` - `2020-04-19`	2 years	crt.sh
sitepoint.com SSL.com Premium EV CA	`2018-08-07` - `2019-09-23`	a year	crt.sh
code.jquery.com Let's Encrypt Authority X3	`2018-08-29` - `2018-11-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://oscor5lhk.z19.web.core.windows.net/done.html
Frame ID: C4219E1C49A70FA3F939CC5FAA8B9A44
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

10
Requests

40 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

5
IPs

1
Countries

672 kB
Transfer

733 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

http://csscheckbox.com/checkboxes/u/csscheckbox_a4824bcf5d413f078bdd6abd3e6e5bf4.png HTTP 301
http://www.csscheckbox.com/checkboxes/u/csscheckbox_a4824bcf5d413f078bdd6abd3e6e5bf4.png

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request done.html Show response oscor5lhk.z19.web.core.windows.net/	33 KB 33 KB	860ms 480ms	Document text/html	52.239.177.97 Microsoft Corpora...
General Check archive.org Show headers Download Go to Full URL https://oscor5lhk.z19.web.core.windows.net/done.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.239.177.97 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `e57256418a660bcfe52b8d9061e2fb3156b480f388858cf7f3e5ef30a0d94f0e` Request headers Host oscor5lhk.z19.web.core.windows.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id C4219E1C49A70FA3F939CC5FAA8B9A44 Response headers Content-Length 33311 Content-Type text/html Last-Modified Sat, 08 Sep 2018 14:28:53 GMT Accept-Ranges bytes ETag "0x8D615976710AB47" Vary Origin Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id c97bc6de-c01e-0105-2b6b-4b2f81000000 x-ms-version 2018-03-28 Date Thu, 13 Sep 2018 14:08:38 GMT
GET H/1.1	200 OK	MaskedPassword.js Show response www.sitepoint.com/examples/password/MaskedPassword/	17 KB 6 KB	770ms 189ms	Script application/javascript	54.148.84.95 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js Requested by Host: oscor5lhk.z19.web.core.windows.net URL: https://oscor5lhk.z19.web.core.windows.net/done.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.148.84.95 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-54-148-84-95.us-west-2.compute.amazonaws.com Software Apache/2.2.22 (Debian) / Resource Hash `7742fb83d98648f94727a40d5c3381b3245805e62b6f998002d933715ac84b6a` Request headers Referer https://oscor5lhk.z19.web.core.windows.net/done.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 13 Sep 2018 14:07:27 GMT Content-Encoding gzip X-Cache-Lookup HIT from ip-172-31-22-247.us-west-2.compute.internal:3128 Last-Modified Fri, 15 Oct 2010 00:03:45 GMT Server Apache/2.2.22 (Debian) Age 71 ETag "680936-4208-4929c8f629a40" Vary Accept-Encoding X-Cache HIT from ip-172-31-22-247.us-west-2.compute.internal Content-Type application/javascript Accept-Ranges bytes Content-Length 5767
GET H/1.1	200 OK	9eb2773f83989d0.png www.m5zn.com/newuploads/2018/09/07/png//	25 KB 25 KB	29ms 17ms	Image image/png	2400:cb00:2048:1::681c:1f61 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://www.m5zn.com/newuploads/2018/09/07/png//9eb2773f83989d0.png Requested by Host: oscor5lhk.z19.web.core.windows.net URL: https://oscor5lhk.z19.web.core.windows.net/done.html Protocol HTTP/1.1 Server 2400:cb00:2048:1::681c:1f61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `fe29844e164f7495067d0f6704e7dee9cfbbd2a4cd02933393af633e03ad241c` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 13 Sep 2018 14:08:38 GMT CF-Cache-Status HIT Last-Modified Fri, 07 Sep 2018 09:04:38 GMT Server cloudflare ETag "5b923f26-63b0" Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=2592000 Connection keep-alive Accept-Ranges bytes CF-RAY 459b2fdfe4b59c11-AMS Content-Length 25520 Expires Sat, 13 Oct 2018 14:08:38 GMT
GET H/1.1	200 OK	c9eea375dd16c77.png www.m5zn.com/newuploads/2018/09/07/png//	574 B 965 B	19ms 19ms	Image image/png	2400:cb00:2048:1::681c:1f61 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://www.m5zn.com/newuploads/2018/09/07/png//c9eea375dd16c77.png Requested by Host: oscor5lhk.z19.web.core.windows.net URL: https://oscor5lhk.z19.web.core.windows.net/done.html Protocol HTTP/1.1 Server 2400:cb00:2048:1::681c:1f61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `c97d1d203e88bb6e827e3df7f611a2950e1d9b5ee6acd996f337561524389c34` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 13 Sep 2018 14:08:38 GMT CF-Cache-Status HIT Last-Modified Fri, 07 Sep 2018 08:57:53 GMT Server cloudflare ETag "5b923d91-23e" Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=2592000 Connection keep-alive Accept-Ranges bytes CF-RAY 459b2fe024d69c11-AMS Content-Length 574 Expires Sat, 13 Oct 2018 14:08:38 GMT
GET H/1.1	200 OK	54b6d9334161a54.png www.m5zn.com/newuploads/2018/09/07/png//	753 B 1 KB	28ms 28ms	Image image/png	2400:cb00:2048:1::681c:1f61 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://www.m5zn.com/newuploads/2018/09/07/png//54b6d9334161a54.png Requested by Host: oscor5lhk.z19.web.core.windows.net URL: https://oscor5lhk.z19.web.core.windows.net/done.html Protocol HTTP/1.1 Server 2400:cb00:2048:1::681c:1f61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `9dd5e031a96cb31830ef2fb13009f70f2001f7204e8e96faf0999821e7dd67eb` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 13 Sep 2018 14:08:38 GMT CF-Cache-Status HIT Last-Modified Fri, 07 Sep 2018 09:04:37 GMT Server cloudflare ETag "5b923f25-2f1" Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=2592000 Connection keep-alive Accept-Ranges bytes CF-RAY 459b2fe054f79c11-AMS Content-Length 753 Expires Sat, 13 Oct 2018 14:08:38 GMT
GET H/1.1	200 OK	1c6fb36aef197d5.png www.m5zn.com/newuploads/2018/09/07/png//	518 B 909 B	16ms 15ms	Image image/png	2400:cb00:2048:1::681c:1f61 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://www.m5zn.com/newuploads/2018/09/07/png//1c6fb36aef197d5.png Requested by Host: oscor5lhk.z19.web.core.windows.net URL: https://oscor5lhk.z19.web.core.windows.net/done.html Protocol HTTP/1.1 Server 2400:cb00:2048:1::681c:1f61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `85e2ac81e461ab1ade344e29a40a6b92b83e8b231e092003dd52042c007e28bb` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 13 Sep 2018 14:08:38 GMT CF-Cache-Status HIT Last-Modified Fri, 07 Sep 2018 08:57:53 GMT Server cloudflare ETag "5b923d91-206" Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=2592000 Connection keep-alive Accept-Ranges bytes CF-RAY 459b2fe065089c11-AMS Content-Length 518 Expires Sat, 13 Oct 2018 14:08:38 GMT
GET H/1.1	200 OK	csscheckbox_a4824bcf5d413f078bdd6abd3e6e5bf4.png www.csscheckbox.com/checkboxes/u/ Redirect Chain http://csscheckbox.com/checkboxes/u/csscheckbox_a4824bcf5d413f078bdd6abd3e6e5bf4.png http://www.csscheckbox.com/checkboxes/u/csscheckbox_a4824bcf5d413f078bdd6abd3e6e5bf4.png	536 B 804 B	303ms 152ms	Image image/png	192.186.220.3 GoDaddy.com
General Check archive.org Show headers Download Go to Show image Full URL http://www.csscheckbox.com/checkboxes/u/csscheckbox_a4824bcf5d413f078bdd6abd3e6e5bf4.png Requested by Host: oscor5lhk.z19.web.core.windows.net URL: https://oscor5lhk.z19.web.core.windows.net/done.html Protocol HTTP/1.1 Server 192.186.220.3 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-192-186-220-3.ip.secureserver.net Software Apache / Resource Hash `3328548bcb03a94996313cb4d9b1b014b1a85cd5e6519c7fd0b9446b78e69208` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 13 Sep 2018 14:08:39 GMT Last-Modified Mon, 31 Jul 2017 00:49:27 GMT Server Apache ETag "9b4eb5d-218-55592672513ee" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 536 Redirect headers Location http://www.csscheckbox.com/checkboxes/u/csscheckbox_a4824bcf5d413f078bdd6abd3e6e5bf4.png Date Thu, 13 Sep 2018 14:08:39 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5 Content-Length 296 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	760fe41056b0b16.jpg www.m5zn.com/newuploads/2018/09/07/jpg//	566 KB 566 KB	17ms 17ms	Image image/jpeg	2400:cb00:2048:1::681c:1f61 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://www.m5zn.com/newuploads/2018/09/07/jpg//760fe41056b0b16.jpg Requested by Host: oscor5lhk.z19.web.core.windows.net URL: https://oscor5lhk.z19.web.core.windows.net/done.html Protocol HTTP/1.1 Server 2400:cb00:2048:1::681c:1f61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `7764c38d71f5ee52d39f237f08b4e82b4715c73bfa0afbaee30a60b0dfd058ca` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 13 Sep 2018 14:08:39 GMT CF-Cache-Status HIT Last-Modified Fri, 07 Sep 2018 08:58:19 GMT Server cloudflare ETag "5b923dab-8d78c" Vary Accept-Encoding Content-Type image/jpeg Cache-Control public, max-age=2592000 Connection keep-alive Accept-Ranges bytes CF-RAY 459b2fe3f7329c11-AMS Content-Length 579468 Expires Sat, 13 Oct 2018 14:08:39 GMT
GET H/1.1	404 The requested content does not exist.	small.jpg oscor5lhk.z19.web.core.windows.net/images/	321 B 321 B	125ms 125ms	Image text/html	52.239.177.97 Microsoft Corpora...
General Check archive.org Show headers Download Go to Show image Full URL https://oscor5lhk.z19.web.core.windows.net/images/small.jpg?x=12f4b8b543125cc986c79cd85320812f Requested by Host: oscor5lhk.z19.web.core.windows.net URL: https://oscor5lhk.z19.web.core.windows.net/done.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.239.177.97 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `53a248e92ec7a2efa6ac0ea801d923075a3923b1b41ed9d444d5dcad741dbfea` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host oscor5lhk.z19.web.core.windows.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://oscor5lhk.z19.web.core.windows.net/done.html Connection keep-alive Cache-Control no-cache Referer https://oscor5lhk.z19.web.core.windows.net/done.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 13 Sep 2018 14:08:39 GMT Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 x-ms-error-code WebContentNotFound Vary Origin Content-Type text/html x-ms-request-id c97bc937-c01e-0105-236b-4b2f81000000 x-ms-version 2018-03-28 Content-Length 321
GET H/1.1	200 OK	jquery-1.9.1.min.js Show response code.jquery.com/	90 KB 38 KB	30ms 6ms	Script application/javascript	205.185.208.52 Highwinds Network...
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-1.9.1.min.js Requested by Host: oscor5lhk.z19.web.core.windows.net URL: https://oscor5lhk.z19.web.core.windows.net/done.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 205.185.208.52 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US), Reverse DNS vip052.ssl.hwcdn.net Software nginx / Resource Hash `c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4` Request headers Referer https://oscor5lhk.z19.web.core.windows.net/done.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers Date Thu, 13 Sep 2018 14:08:39 GMT Content-Encoding gzip Last-Modified Fri, 24 Oct 2014 00:16:07 GMT Server nginx ETag W/"54499a47-169d5" Vary Accept-Encoding X-HW 1536847719.dop005.fr8.t,1536847719.cds004.fr8.shn,1536847719.cds004.fr8.c Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control max-age=315360000 Connection Keep-Alive Accept-Ranges bytes Content-Length 37959

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online) Microsoft (Consumer)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
csscheckbox.com
oscor5lhk.z19.web.core.windows.net
www.csscheckbox.com
www.m5zn.com
www.sitepoint.com
192.186.220.3
205.185.208.52
2400:cb00:2048:1::681c:1f61
52.239.177.97
54.148.84.95
3328548bcb03a94996313cb4d9b1b014b1a85cd5e6519c7fd0b9446b78e69208
53a248e92ec7a2efa6ac0ea801d923075a3923b1b41ed9d444d5dcad741dbfea
7742fb83d98648f94727a40d5c3381b3245805e62b6f998002d933715ac84b6a
7764c38d71f5ee52d39f237f08b4e82b4715c73bfa0afbaee30a60b0dfd058ca
85e2ac81e461ab1ade344e29a40a6b92b83e8b231e092003dd52042c007e28bb
9dd5e031a96cb31830ef2fb13009f70f2001f7204e8e96faf0999821e7dd67eb
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c97d1d203e88bb6e827e3df7f611a2950e1d9b5ee6acd996f337561524389c34
e57256418a660bcfe52b8d9061e2fb3156b480f388858cf7f3e5ef30a0d94f0e
fe29844e164f7495067d0f6704e7dee9cfbbd2a4cd02933393af633e03ad241c

oscor5lhk.z19.web.core.windows.net Open in urlscan Pro 52.239.177.97 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

10 Requests

40 %HTTPS

20 %IPv6

5 Domains

6 Subdomains

5 IPs

1 Countries

672 kBTransfer

733 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

oscor5lhk.z19.web.core.windows.net Open in urlscan Pro
52.239.177.97 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

40 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

5
IPs

1
Countries

672 kB
Transfer

733 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!