664320.selcdn.ru
Open in
urlscan Pro
92.53.68.201
Malicious Activity!
Public Scan
Submitted URL: https://protect-us.mimecast.com/s/hXXXCQWROWf4WDgEIxd_hu?domain=u25346889.ct.sendgrid.net
Effective URL: https://664320.selcdn.ru/outlookservermanager/authenticationsharepointsharepoint.htm?aHR0cHMlM0ElMkYlMkY2NTIzMDYuc2VsY2Ru...
Submission: On January 31 via manual from US — Scanned from US
Effective URL: https://664320.selcdn.ru/outlookservermanager/authenticationsharepointsharepoint.htm?aHR0cHMlM0ElMkYlMkY2NTIzMDYuc2VsY2Ru...
Submission: On January 31 via manual from US — Scanned from US
Summary
This website contacted 3 IPs
in 2 countries
across 4 domains to perform 4 HTTP transactions.
The main IP is 92.53.68.201, located in
Russian Federation and
belongs to SELECTEL, RU.
The main domain is 664320.selcdn.ru.
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on December 13th 2021. Valid for: a year.
This is the only time 664320.selcdn.ru was scanned on urlscan.io!
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on December 13th 2021. Valid for: a year.
This is the only time 664320.selcdn.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sharepoint (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 2 | 207.211.31.106 207.211.31.106 | 14135 (NAVISITE-...) (NAVISITE-EAST-2) | |
| 1 1 | 167.89.118.28 167.89.118.28 | 11377 (SENDGRID) (SENDGRID) | |
| 3 | 92.53.68.201 92.53.68.201 | 49505 (SELECTEL) (SELECTEL) | |
| 1 | 69.16.175.10 69.16.175.10 | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
| 4 | 3 |
2
207.211.31.106
(United States)
ASN14135 (NAVISITE-EAST-2, US)
PTR: service151-us.mimecast.com
ASN14135 (NAVISITE-EAST-2, US)
PTR: service151-us.mimecast.com
| protect-us.mimecast.com |
1
167.89.118.28
(Las Vegas, United States)
ASN11377 (SENDGRID, US)
PTR: o16789118x28.outbound-mail.sendgrid.net
ASN11377 (SENDGRID, US)
PTR: o16789118x28.outbound-mail.sendgrid.net
| u25346889.ct.sendgrid.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 3 |
selcdn.ru
664320.selcdn.ru |
38 KB |
| 2 |
mimecast.com
2 redirects
protect-us.mimecast.com — Cisco Umbrella Rank: 10078 |
4 KB |
| 1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 584 |
78 KB |
| 1 |
sendgrid.net
1 redirects
u25346889.ct.sendgrid.net |
306 B |
| 4 | 4 |
| Domain | Requested by | |
|---|---|---|
| 3 | 664320.selcdn.ru |
664320.selcdn.ru
|
| 2 | protect-us.mimecast.com | 2 redirects |
| 1 | code.jquery.com |
664320.selcdn.ru
|
| 1 | u25346889.ct.sendgrid.net | 1 redirects |
| 4 | 4 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.premierpawn.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.selcdn.ru RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1 |
2021-12-13 - 2022-11-26 |
a year | crt.sh |
| *.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://664320.selcdn.ru/outlookservermanager/authenticationsharepointsharepoint.htm?aHR0cHMlM0ElMkYlMkY2NTIzMDYuc2VsY2RuLnJ1JTJGb3V0bG9vb29vb2slMkZyZWFkYmFuNy5odG0=&sig=DyyprycqEcaHWtFyPNzekH888JTactyCGrR7J3cRA14h&iat=1641863222&a=%7C%7C477325787%7C%7C&account=borisc062728219%2Eactivehosted%2Ecom&email=tJffu5FNegji7c1XvVDoTHwFoqDlMHNmyq65fGLdufk%3D&s=ea1b905345d7f36a11781aea9294c278&i=1A3A1A7
Frame ID: D189A96D23F87D09ADFC28FCE21CC521
Requests: 6 HTTP requests in this frame
Screenshot
Page Title
Sign | SharePointPage URL History Show full URLs
-
https://protect-us.mimecast.com/s/hXXXCQWROWf4WDgEIxd_hu?domain=u25346889.ct.sendgrid.net
HTTP 307
https://protect-us.mimecast.com/redirect/eNqtVtmO2zoS_ZXAz-lubaSk4M5MLHnfZXmfHjQoLpZsbdZiy77Iv0_JvkHSSR7yEMC... HTTP 307
https://u25346889.ct.sendgrid.net/ls/click?upn=jdsFpIuf918oNZX36RauFHepB73OQVffC9wBI8l99vdjPGSrm9LVgwPgY8QQ1yr... HTTP 302
https://664320.selcdn.ru/outlookservermanager/redsharepoint.htm Page URL
- https://664320.selcdn.ru/outlookservermanager/authenticationsharepointsharepoint.htm?aHR0cHMlM0ElMkYl... Page URL
Detected technologies
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
URL: https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&email=dXpvaGlmZWFueWlAb3V0bG9vay5jb20=#home
Title: SharePoint
Title: SharePoint
Search URL Search Domain Scan URL
URL: https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&email=dXpvaGlmZWFueWlAb3V0bG9vay5jb20=#news
Title: DOC Q0017 - 3512C.Doc
Title: DOC Q0017 - 3512C.Doc
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://protect-us.mimecast.com/s/hXXXCQWROWf4WDgEIxd_hu?domain=u25346889.ct.sendgrid.net
HTTP 307
https://protect-us.mimecast.com/redirect/eNqtVtmO2zoS_ZXAz-lubaSk4M5MLHnfZXmfHjQoLpZsbdZiy77Iv0_JvkHSSR7yEMCwTbKqeHiq6pB_NzKaFo1PDRKKgD_nJD4HtEgynn8WGYmPYRAXPEpDXiTxMyWNj40woY1P8sdGxikP0qIIIg5jrKlY0VWsS5IEaxBR-dggRUGoH8QigQ3-fv1nHPG4yF8bn_4LMyII-YREHIavDS9h12e_iF4bH18buU_k-6yGqNBlFQvNk1VODVPTNSpUJpnIUJiMEYU_WGdfvRSE736yzLlHOFEE1YSGTYaJSkyFCI9pis4UypCQVMWQhecxLAvOEOWaDjacS4Zh3uNFDN2DqTqTNEGEqnhUwsyQFYJlYhoGMhDGknE3zpKkcP80AKB3cU0fBBW8Kl5fgKHwcdjgVs_ruqJ8-fhLMguwf0emJKmYMpWpEpUNFXNJMCCSKQZVTANrSCaYMUVoP5JJBFaJxiHBVAasDDFJ0iADjKm6oUgK1whDXDN0ZmIiGQr2OOIqM5HETEkI-R2ZDIM9NgiB4xPDw4xozBRMglSqiHrar8j8MwB-JjMNSRB_zybkQ_6ZzQJ6IY-CPA-gDfhX_r-yilRPQoQDdK8uRkBEVVWVCYKEexQhrGAkQ_Z_ZFV4COpKQD3LmKpExWDo6SaCAhFYhgMIg8pcVTRJhTyZgngm1TSDYKRoFGPxjlVDQqaGqcEJFCuDlpBpvTs1dAXLGuW_YvXPAPie1YjnOdnz15dMUENRnvKi9DzOvmcYgUZ8-d8XkBIWgIjU4tOPYZQGrPFJM0A-vBzyICGYIqA1DXvpNpHRlE0drMjdwfY5PS7no8cEJAXmmpTCMI9I7sNIwzqlKkbcA-YFItRUoBg0HUkCkiG4bjAFmxqqXWKWgcfhKMIjy0NxCLk4iJgd8zDhZXZgx888IkH4TJOoNi-9A5hP-OXD74nmB2A84-ytldCyFr-3D1Kr02rKNoZoRVSMkzKGozfKvOBZZDZqAuhPB691-puUAnFBGnynpPHXUnW_ofn4oVkDvJN_P8GjlX4L9N2JJdG9PepS-aXNI488r1OHkKLqCiQdPyj9BvYbtpqINIEoHzrQXvkPyH4rAz8Ce78QpA_txfqzYT7L-FnW7_N-khf3larILkf_eHxOysKriX-6--c8ZvssYM8xB7svj8RMEgZ3G4hmXSVBCn-_jwtzUb6vT974a1tYhu0-TdzIPuDqzT61tPno8jnIoyJlkiLJqRwQprzb5t91gEe7FFDwDVAxMFRlSZdMGcuyBOtlFsKKXxRp_un15fWlVJAK0gkQaPEe80uYv77QMKDH_5Rp_K8DyztpvxSmbCST3UbFc1J2ejy1dHXqrISwzYvVN0LTPLPDrOtC2Y1W-8tsvzUcR75mbt5l25M9Vrq9lb58Uqw2RdRmfHk2HLsXTffqk9Lhm8i-8ANz0a6UhlWLmSlmElXOp83G6rDohNsxOWmVSpslhLAdy2_t96Pmk9qCD1KM6m2WKksNu7qvDk_W1hxeE72_7YCxH411WV_2Wq3-Yqua_Z2fnipvrS0ATIfNUX8Mv5NT1dc192y6eT1chWY1PuUtXvQrMhlSfWgNfL3clXl8HenjdTNcn6s2qch01yTxGg19sT0cJrtu-9pyduWeoCAm3JL2mn69DUfJRmC7GmLVSrJWP8xSDV14VbX7zvHa64bLULSbVhQn5vVUjXrbgwawh_6I3vb0fGaqfFTOaGgY0m15ghdAZ3oqj5tq1XEnkersN4EDiLULfOEDOPbbi5rRbWyvC36aWsl8nA_SzYpXYbwaluZhzZC_Qd007YH1Wkm4Znq3ggYaU5VLy11Dw_R5xGKIEsjFOR-P16mfzsBYz3rarntbWulolGpyWzPApjfQRi5uHk8IG_1LL9JW52lrT5upn4ydTN0N7PMNfHOpd7k1_crZTeh8NmYjs6yu3aA9Y27kR5rZDWeLRWXtwHRqxzSXChlKtjvli1VR5oPN3J4ljn3FVbnPjsfhjQWrg7_eSod8dgw6mGbCOXd61lwMPY_uXG_eVy_7XuR0u1Qdt8vNkiZ2ZZRpvp3c4YjMMjx_fZs0N0MxxAN3u0cpO5jNhXRmMblu9z4rqJXlYupG7rVsd8eb4Wi5DQqXt69wbv2iDW969-jMaxbOmzoLfqINVodpR1ImMFJw5ouVgN3c8X7Oqo2-XwQ4QAdpwprtKzUGA4mULkvL667l90InXNWZFL0tFPOw3edN5-C37Nms6EOMyxj3WR2r5bU03F4N9weHXHli0LMc97vZaS7g8ZLtrtqs3ns1Usuzk9yW3XhuLXirY2_MtVouoyRxVtOhuvahkzpVy4LvY2BN16VnTZ3BdduSfHdeyhcnGWXNDFfrYXWrlMxdAG2dQsI7fWthwHEyto7RaaKLvhkQaWw529ZtNhzULJzYyL41pRW9xkovWBK3u0gnvdOY2_7A3025Sq8RFvEssKrOJByz4eBmnW173d0u1C1ZtwYlN0rn0dz1pVDf0_s3-sTfylyS32SM387wXsdPsvz27WZ7e8geGKjS2z834BMo7hOW6xcekhUDgu3Lu872HDEuS6OcSPZgq8GNJCHMmrBOwTOJeEYfiv3-4uT7xwMhzZIC3htPZf5cv1koyYv7lf7l_7jlFQo HTTP 307
https://u25346889.ct.sendgrid.net/ls/click?upn=jdsFpIuf918oNZX36RauFHepB73OQVffC9wBI8l99vdjPGSrm9LVgwPgY8QQ1yrSsGdYqCM2GHV7U-2BEc5cCdeUv8QCHmOg3-2FeXmCwejdS5Zu0KxDd9p6d0c2vqXXBFdmq6Enaq4x3cAu-2BCQBhDggLA-3D-3D528x_Pp2U46S7h3KqBY9Kyo7IYF-2BhmM717UHDDITY39IZhpqxbW4TU-2FdR5IM-2FNqxI74Sv9SsM-2FVl9xMqsDetIxaNKc7KBJh7uZusnyL7MWAlWvxEaxaOZAanW5KhfYjjNZGEyDQZuga5inaeB0g47yzKLoXf6CxK63BorDIlrp45wexxEIQkyHGlUlfEABmno9yqxLHYj4-2BKhLczgcvvd31k2v5K880zUqfc4FOqukXxVFSNm3QgXiQ-2F4w-2F6j-2BIET-2FeYnCWteqOBoRMsJpXVexlnVKu9jWd5hX5GppH-2BW2oe49bztci4d32wDSWefjIemdn-2Fi1tvsMMWphpP-2B7rH4ZGzUBpLLp41E48-2FHJ4LS6Akq568IwHm4VvODgcAphoMQr3ZJCvz-2Bs0HwzAhxQZNcRPMdL9uxyGiEPdSmhm49GlPTTxBZ-2BOCncs0t1urlGOeTVtusJXRCPoQCy6xugrkkKzdiVjhWY0jsPkiF6crfQvFHBRfKbbcZSbRI3wgHmQGGc3MEuXUcoCx8upsYNz-2BsfrB8bhWzNAXKfK6JSYg5pdj9AT0vdnayYghdtcBrsfOSmSyuEGMXKLUYitSeEy-2F7w4Kz7GkQR8-2FvXQ-2Fho4JVjOF02N-2F26rhfVf-2BSMgRdxX7gTi6i5j0NdAEyc8JJ0auSdpuyZDhHlQlV-2F4fHYPp2KEIeAQjhDCPPtI-2BwM6Id-2BSDbD46EVKgjQayeo8cv1nIGrqRf02erZy4P-2F2VL3uvQozUGnRBTeDFCX9W3uUmooQVOK3Whu-2FxDB-2FkiBOWubBOQJyYD0hSRu1wQoLrAr6xWKxzx2rSTz-2Ft06Z7YB6-2Bq8YQ8FA5w7XJa0MBQYDzPKJ-2FhqdLCzA0Vcyn2HiUaSGTpNHqMeChJhZOe3cym6fnPiBxFNlMdKJzBvCCWGYT3YaWDJue8uQ-3D-3D HTTP 302
https://664320.selcdn.ru/outlookservermanager/redsharepoint.htm Page URL
- https://664320.selcdn.ru/outlookservermanager/authenticationsharepointsharepoint.htm?aHR0cHMlM0ElMkYlMkY2NTIzMDYuc2VsY2RuLnJ1JTJGb3V0bG9vb29vb2slMkZyZWFkYmFuNy5odG0=&sig=DyyprycqEcaHWtFyPNzekH888JTactyCGrR7J3cRA14h&iat=1641863222&a=%7C%7C477325787%7C%7C&account=borisc062728219%2Eactivehosted%2Ecom&email=tJffu5FNegji7c1XvVDoTHwFoqDlMHNmyq65fGLdufk%3D&s=ea1b905345d7f36a11781aea9294c278&i=1A3A1A7 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://protect-us.mimecast.com/s/hXXXCQWROWf4WDgEIxd_hu?domain=u25346889.ct.sendgrid.net HTTP 307
- https://protect-us.mimecast.com/redirect/eNqtVtmO2zoS_ZXAz-lubaSk4M5MLHnfZXmfHjQoLpZsbdZiy77Iv0_JvkHSSR7yEMCwTbKqeHiq6pB_NzKaFo1PDRKKgD_nJD4HtEgynn8WGYmPYRAXPEpDXiTxMyWNj40woY1P8sdGxikP0qIIIg5jrKlY0VWsS5IEaxBR-dggRUGoH8QigQ3-fv1nHPG4yF8bn_4LMyII-YREHIavDS9h12e_iF4bH18buU_k-6yGqNBlFQvNk1VODVPTNSpUJpnIUJiMEYU_WGdfvRSE736yzLlHOFEE1YSGTYaJSkyFCI9pis4UypCQVMWQhecxLAvOEOWaDjacS4Zh3uNFDN2DqTqTNEGEqnhUwsyQFYJlYhoGMhDGknE3zpKkcP80AKB3cU0fBBW8Kl5fgKHwcdjgVs_ruqJ8-fhLMguwf0emJKmYMpWpEpUNFXNJMCCSKQZVTANrSCaYMUVoP5JJBFaJxiHBVAasDDFJ0iADjKm6oUgK1whDXDN0ZmIiGQr2OOIqM5HETEkI-R2ZDIM9NgiB4xPDw4xozBRMglSqiHrar8j8MwB-JjMNSRB_zybkQ_6ZzQJ6IY-CPA-gDfhX_r-yilRPQoQDdK8uRkBEVVWVCYKEexQhrGAkQ_Z_ZFV4COpKQD3LmKpExWDo6SaCAhFYhgMIg8pcVTRJhTyZgngm1TSDYKRoFGPxjlVDQqaGqcEJFCuDlpBpvTs1dAXLGuW_YvXPAPie1YjnOdnz15dMUENRnvKi9DzOvmcYgUZ8-d8XkBIWgIjU4tOPYZQGrPFJM0A-vBzyICGYIqA1DXvpNpHRlE0drMjdwfY5PS7no8cEJAXmmpTCMI9I7sNIwzqlKkbcA-YFItRUoBg0HUkCkiG4bjAFmxqqXWKWgcfhKMIjy0NxCLk4iJgd8zDhZXZgx888IkH4TJOoNi-9A5hP-OXD74nmB2A84-ytldCyFr-3D1Kr02rKNoZoRVSMkzKGozfKvOBZZDZqAuhPB691-puUAnFBGnynpPHXUnW_ofn4oVkDvJN_P8GjlX4L9N2JJdG9PepS-aXNI488r1OHkKLqCiQdPyj9BvYbtpqINIEoHzrQXvkPyH4rAz8Ce78QpA_txfqzYT7L-FnW7_N-khf3larILkf_eHxOysKriX-6--c8ZvssYM8xB7svj8RMEgZ3G4hmXSVBCn-_jwtzUb6vT974a1tYhu0-TdzIPuDqzT61tPno8jnIoyJlkiLJqRwQprzb5t91gEe7FFDwDVAxMFRlSZdMGcuyBOtlFsKKXxRp_un15fWlVJAK0gkQaPEe80uYv77QMKDH_5Rp_K8DyztpvxSmbCST3UbFc1J2ejy1dHXqrISwzYvVN0LTPLPDrOtC2Y1W-8tsvzUcR75mbt5l25M9Vrq9lb58Uqw2RdRmfHk2HLsXTffqk9Lhm8i-8ANz0a6UhlWLmSlmElXOp83G6rDohNsxOWmVSpslhLAdy2_t96Pmk9qCD1KM6m2WKksNu7qvDk_W1hxeE72_7YCxH411WV_2Wq3-Yqua_Z2fnipvrS0ATIfNUX8Mv5NT1dc192y6eT1chWY1PuUtXvQrMhlSfWgNfL3clXl8HenjdTNcn6s2qch01yTxGg19sT0cJrtu-9pyduWeoCAm3JL2mn69DUfJRmC7GmLVSrJWP8xSDV14VbX7zvHa64bLULSbVhQn5vVUjXrbgwawh_6I3vb0fGaqfFTOaGgY0m15ghdAZ3oqj5tq1XEnkersN4EDiLULfOEDOPbbi5rRbWyvC36aWsl8nA_SzYpXYbwaluZhzZC_Qd007YH1Wkm4Znq3ggYaU5VLy11Dw_R5xGKIEsjFOR-P16mfzsBYz3rarntbWulolGpyWzPApjfQRi5uHk8IG_1LL9JW52lrT5upn4ydTN0N7PMNfHOpd7k1_crZTeh8NmYjs6yu3aA9Y27kR5rZDWeLRWXtwHRqxzSXChlKtjvli1VR5oPN3J4ljn3FVbnPjsfhjQWrg7_eSod8dgw6mGbCOXd61lwMPY_uXG_eVy_7XuR0u1Qdt8vNkiZ2ZZRpvp3c4YjMMjx_fZs0N0MxxAN3u0cpO5jNhXRmMblu9z4rqJXlYupG7rVsd8eb4Wi5DQqXt69wbv2iDW969-jMaxbOmzoLfqINVodpR1ImMFJw5ouVgN3c8X7Oqo2-XwQ4QAdpwprtKzUGA4mULkvL667l90InXNWZFL0tFPOw3edN5-C37Nms6EOMyxj3WR2r5bU03F4N9weHXHli0LMc97vZaS7g8ZLtrtqs3ns1Usuzk9yW3XhuLXirY2_MtVouoyRxVtOhuvahkzpVy4LvY2BN16VnTZ3BdduSfHdeyhcnGWXNDFfrYXWrlMxdAG2dQsI7fWthwHEyto7RaaKLvhkQaWw529ZtNhzULJzYyL41pRW9xkovWBK3u0gnvdOY2_7A3025Sq8RFvEssKrOJByz4eBmnW173d0u1C1ZtwYlN0rn0dz1pVDf0_s3-sTfylyS32SM387wXsdPsvz27WZ7e8geGKjS2z834BMo7hOW6xcekhUDgu3Lu872HDEuS6OcSPZgq8GNJCHMmrBOwTOJeEYfiv3-4uT7xwMhzZIC3htPZf5cv1koyYv7lf7l_7jlFQo HTTP 307
- https://u25346889.ct.sendgrid.net/ls/click?upn=jdsFpIuf918oNZX36RauFHepB73OQVffC9wBI8l99vdjPGSrm9LVgwPgY8QQ1yrSsGdYqCM2GHV7U-2BEc5cCdeUv8QCHmOg3-2FeXmCwejdS5Zu0KxDd9p6d0c2vqXXBFdmq6Enaq4x3cAu-2BCQBhDggLA-3D-3D528x_Pp2U46S7h3KqBY9Kyo7IYF-2BhmM717UHDDITY39IZhpqxbW4TU-2FdR5IM-2FNqxI74Sv9SsM-2FVl9xMqsDetIxaNKc7KBJh7uZusnyL7MWAlWvxEaxaOZAanW5KhfYjjNZGEyDQZuga5inaeB0g47yzKLoXf6CxK63BorDIlrp45wexxEIQkyHGlUlfEABmno9yqxLHYj4-2BKhLczgcvvd31k2v5K880zUqfc4FOqukXxVFSNm3QgXiQ-2F4w-2F6j-2BIET-2FeYnCWteqOBoRMsJpXVexlnVKu9jWd5hX5GppH-2BW2oe49bztci4d32wDSWefjIemdn-2Fi1tvsMMWphpP-2B7rH4ZGzUBpLLp41E48-2FHJ4LS6Akq568IwHm4VvODgcAphoMQr3ZJCvz-2Bs0HwzAhxQZNcRPMdL9uxyGiEPdSmhm49GlPTTxBZ-2BOCncs0t1urlGOeTVtusJXRCPoQCy6xugrkkKzdiVjhWY0jsPkiF6crfQvFHBRfKbbcZSbRI3wgHmQGGc3MEuXUcoCx8upsYNz-2BsfrB8bhWzNAXKfK6JSYg5pdj9AT0vdnayYghdtcBrsfOSmSyuEGMXKLUYitSeEy-2F7w4Kz7GkQR8-2FvXQ-2Fho4JVjOF02N-2F26rhfVf-2BSMgRdxX7gTi6i5j0NdAEyc8JJ0auSdpuyZDhHlQlV-2F4fHYPp2KEIeAQjhDCPPtI-2BwM6Id-2BSDbD46EVKgjQayeo8cv1nIGrqRf02erZy4P-2F2VL3uvQozUGnRBTeDFCX9W3uUmooQVOK3Whu-2FxDB-2FkiBOWubBOQJyYD0hSRu1wQoLrAr6xWKxzx2rSTz-2Ft06Z7YB6-2Bq8YQ8FA5w7XJa0MBQYDzPKJ-2FhqdLCzA0Vcyn2HiUaSGTpNHqMeChJhZOe3cym6fnPiBxFNlMdKJzBvCCWGYT3YaWDJue8uQ-3D-3D HTTP 302
- https://664320.selcdn.ru/outlookservermanager/redsharepoint.htm
4 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
redsharepoint.htm
664320.selcdn.ru/outlookservermanager/ Redirect Chain
|
789 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
authenticationsharepointsharepoint.htm
664320.selcdn.ru/outlookservermanager/ |
36 KB 37 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
myscr584876.js.download
664320.selcdn.ru/outlookservermanager/index_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-1.9.1.js
code.jquery.com/ |
262 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
13 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sharepoint (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| feedUpdateResponse object| feedUpdateSplit number| x string| che function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
664320.selcdn.ru
code.jquery.com
protect-us.mimecast.com
u25346889.ct.sendgrid.net
167.89.118.28
207.211.31.106
69.16.175.10
92.53.68.201
5757e602c5502496be5d7ec17d19cd1d97dc216497dfc6a7654f2b6396e546f4
635e2902f4e9cd423c2ee0a2c81f73fb75441c24c18b8584e24afbed7cc18910
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40
7c9e79f4a182d553ee6ee889f38d3c9097333a8426c9b3bb29c5c8576f1800b7
7f672d39017602a1ef5b484477bb7743904515691c3a0242993934d1dd833ece