oscor5lhk.z19.web.core.windows.net
Open in
urlscan Pro
52.239.177.97
Malicious Activity!
Public Scan
Effective URL: https://oscor5lhk.z19.web.core.windows.net/done.html
Submission: On September 13 via manual from ES
Summary
TLS certificate: Issued by Microsoft IT TLS CA 5 on April 19th 2018. Valid for: 2 years.
This is the only time oscor5lhk.z19.web.core.windows.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online) Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 52.239.177.97 52.239.177.97 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
1 | 54.148.84.95 54.148.84.95 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
5 | 2400:cb00:204... 2400:cb00:2048:1::681c:1f61 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 2 | 192.186.220.3 192.186.220.3 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
1 | 205.185.208.52 205.185.208.52 | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
10 | 5 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
oscor5lhk.z19.web.core.windows.net |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-148-84-95.us-west-2.compute.amazonaws.com
www.sitepoint.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.m5zn.com |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-192-186-220-3.ip.secureserver.net
csscheckbox.com | |
www.csscheckbox.com |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net
code.jquery.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
m5zn.com
www.m5zn.com |
595 KB |
2 |
csscheckbox.com
1 redirects
csscheckbox.com www.csscheckbox.com |
1 KB |
2 |
windows.net
oscor5lhk.z19.web.core.windows.net |
33 KB |
1 |
jquery.com
code.jquery.com |
38 KB |
1 |
sitepoint.com
www.sitepoint.com |
6 KB |
10 | 5 |
Domain | Requested by | |
---|---|---|
5 | www.m5zn.com |
oscor5lhk.z19.web.core.windows.net
|
2 | oscor5lhk.z19.web.core.windows.net |
oscor5lhk.z19.web.core.windows.net
|
1 | code.jquery.com |
oscor5lhk.z19.web.core.windows.net
|
1 | www.csscheckbox.com |
oscor5lhk.z19.web.core.windows.net
|
1 | csscheckbox.com | 1 redirects |
1 | www.sitepoint.com |
oscor5lhk.z19.web.core.windows.net
|
10 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.web.core.windows.net Microsoft IT TLS CA 5 |
2018-04-19 - 2020-04-19 |
2 years | crt.sh |
sitepoint.com SSL.com Premium EV CA |
2018-08-07 - 2019-09-23 |
a year | crt.sh |
code.jquery.com Let's Encrypt Authority X3 |
2018-08-29 - 2018-11-27 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://oscor5lhk.z19.web.core.windows.net/done.html
Frame ID: C4219E1C49A70FA3F939CC5FAA8B9A44
Requests: 10 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- http://csscheckbox.com/checkboxes/u/csscheckbox_a4824bcf5d413f078bdd6abd3e6e5bf4.png HTTP 301
- http://www.csscheckbox.com/checkboxes/u/csscheckbox_a4824bcf5d413f078bdd6abd3e6e5bf4.png
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
done.html
oscor5lhk.z19.web.core.windows.net/ |
33 KB 33 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MaskedPassword.js
www.sitepoint.com/examples/password/MaskedPassword/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
9eb2773f83989d0.png
www.m5zn.com/newuploads/2018/09/07/png// |
25 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c9eea375dd16c77.png
www.m5zn.com/newuploads/2018/09/07/png// |
574 B 965 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
54b6d9334161a54.png
www.m5zn.com/newuploads/2018/09/07/png// |
753 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1c6fb36aef197d5.png
www.m5zn.com/newuploads/2018/09/07/png// |
518 B 909 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
csscheckbox_a4824bcf5d413f078bdd6abd3e6e5bf4.png
www.csscheckbox.com/checkboxes/u/ Redirect Chain
|
536 B 804 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
760fe41056b0b16.jpg
www.m5zn.com/newuploads/2018/09/07/jpg// |
566 KB 566 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
small.jpg
oscor5lhk.z19.web.core.windows.net/images/ |
321 B 321 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.9.1.min.js
code.jquery.com/ |
90 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online) Microsoft (Consumer)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| MaskedPassword function| gdc123f6d9 string| k function| $ function| jQuery string| hash function| sendmails0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
csscheckbox.com
oscor5lhk.z19.web.core.windows.net
www.csscheckbox.com
www.m5zn.com
www.sitepoint.com
192.186.220.3
205.185.208.52
2400:cb00:2048:1::681c:1f61
52.239.177.97
54.148.84.95
3328548bcb03a94996313cb4d9b1b014b1a85cd5e6519c7fd0b9446b78e69208
53a248e92ec7a2efa6ac0ea801d923075a3923b1b41ed9d444d5dcad741dbfea
7742fb83d98648f94727a40d5c3381b3245805e62b6f998002d933715ac84b6a
7764c38d71f5ee52d39f237f08b4e82b4715c73bfa0afbaee30a60b0dfd058ca
85e2ac81e461ab1ade344e29a40a6b92b83e8b231e092003dd52042c007e28bb
9dd5e031a96cb31830ef2fb13009f70f2001f7204e8e96faf0999821e7dd67eb
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c97d1d203e88bb6e827e3df7f611a2950e1d9b5ee6acd996f337561524389c34
e57256418a660bcfe52b8d9061e2fb3156b480f388858cf7f3e5ef30a0d94f0e
fe29844e164f7495067d0f6704e7dee9cfbbd2a4cd02933393af633e03ad241c