ia601506.us.archive.org Open in urlscan Pro
207.241.227.116 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://archive.org/download/redirect_20210222/redirect.htm#dom
Effective URL:
https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm
Submission: On February 24 via manual (February 24th 2021, 4:06:22 pm UTC) from US

Summary HTTP 10 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 10 HTTP transactions. The main IP is 207.241.227.116, located in San Francisco, United States and belongs to INTERNET-ARCHIVE, US. The main domain is ia601506.us.archive.org.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on December 23rd 2019. Valid for: 2 years.

This is the only time ia601506.us.archive.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sharepoint (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	207.241.224.2 207.241.224.2	7941 (INTERNET-...) (INTERNET-ARCHIVE)
1	207.241.228.153 207.241.228.153	7941 (INTERNET-...) (INTERNET-ARCHIVE)
1	207.241.227.116 207.241.227.116	7941 (INTERNET-...) (INTERNET-ARCHIVE)
6 12	2620:100:6022... 2620:100:6022:15::a27d:420f	19679 (DROPBOX) (DROPBOX)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
1	78.129.237.3 78.129.237.3	20860 (IOMART-AS) (IOMART-AS)
10	6

1 207.241.224.2 (San Francisco, United States) 1 redirects

ASN7941 (INTERNET-ARCHIVE, US)
PTR: www.archive.org

archive.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 207.241.228.153 (San Francisco, United States)

ASN7941 (INTERNET-ARCHIVE, US)

ia801503.us.archive.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 207.241.227.116 (San Francisco, United States)

ASN7941 (INTERNET-ARCHIVE, US)
PTR: ia601506.us.archive.org

ia601506.us.archive.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2620:100:6022:15::a27d:420f (United States) 6 redirects

ASN19679 (DROPBOX, US)

dl.dropbox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dl.dropboxusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.129.237.3 (United Kingdom)

ASN20860 (IOMART-AS, GB)

smtpjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	dropboxusercontent.com dl.dropboxusercontent.com	80 KB
6	dropbox.com 6 redirects dl.dropbox.com	804 B
3	archive.org 1 redirects archive.org ia801503.us.archive.org ia601506.us.archive.org	1 KB
1	smtpjs.com smtpjs.com	782 B
1	googleapis.com ajax.googleapis.com	30 KB
10	5

	Domain	Requested by
6	dl.dropboxusercontent.com	ia601506.us.archive.org
6	dl.dropbox.com	6 redirects
1	smtpjs.com	ia601506.us.archive.org
1	ajax.googleapis.com	ia601506.us.archive.org
1	ia601506.us.archive.org	ia801503.us.archive.org
1	ia801503.us.archive.org
1	archive.org	1 redirects
10	7

This site contains links to these domains. Also see Links.

Domain
www.premierpawn.com

Subject Issuer	Validity	Valid
*.us.archive.org Go Daddy Secure Certificate Authority - G2	`2019-12-23` - `2022-02-21`	2 years	crt.sh
*.dl.dropboxusercontent.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-19` - `2022-02-14`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
smtpjs.com R3	`2021-02-09` - `2021-05-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm
Frame ID: D1FD7FA48B48656966307CAD0917171A
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://archive.org/download/redirect_20210222/redirect.htm HTTP 302
https://ia801503.us.archive.org/13/items/redirect_20210222/redirect.htm Page URL
https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm Page URL

Page Statistics

10
Requests

100 %
HTTPS

33 %
IPv6

5
Domains

7
Subdomains

6
IPs

3
Countries

112 kB
Transfer

320 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&email=dXpvaGlmZWFueWlAb3V0bG9vay5jb20=#home
Title: SharePoint

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://archive.org/download/redirect_20210222/redirect.htm HTTP 302
https://ia801503.us.archive.org/13/items/redirect_20210222/redirect.htm Page URL
https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://archive.org/download/redirect_20210222/redirect.htm HTTP 302
https://ia801503.us.archive.org/13/items/redirect_20210222/redirect.htm

Request Chain 1

https://dl.dropbox.com/s/71mbw0ziz24stew/myscr584876.js?dl=0 HTTP 302
https://dl.dropboxusercontent.com/s/71mbw0ziz24stew/myscr584876.js?dl=0

Request Chain 2

https://dl.dropbox.com/s/45uascggf6klqxg/myscr262639.js?dl=0 HTTP 302
https://dl.dropboxusercontent.com/s/45uascggf6klqxg/myscr262639.js?dl=0

Request Chain 3

https://dl.dropbox.com/s/iri3h6e40giwbgp/myscr408434.js?dl=0 HTTP 302
https://dl.dropboxusercontent.com/s/iri3h6e40giwbgp/myscr408434.js?dl=0

Request Chain 4

https://dl.dropbox.com/s/q3i9j9uulpdw0ex/myscr294914.js?dl=0 HTTP 302
https://dl.dropboxusercontent.com/s/q3i9j9uulpdw0ex/myscr294914.js?dl=0

Request Chain 5

https://dl.dropbox.com/s/edj6r87l0s18yj9/myscr741586.js?dl=0 HTTP 302
https://dl.dropboxusercontent.com/s/edj6r87l0s18yj9/myscr741586.js?dl=0

Request Chain 8

https://dl.dropbox.com/s/jn3d0nvz733l8xx/myscr660617.js?dl=0 HTTP 302
https://dl.dropboxusercontent.com/s/jn3d0nvz733l8xx/myscr660617.js?dl=0

10 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

redirect.htm Show response
ia801503.us.archive.org/13/items/redirect_20210222/
Redirect Chain

https://archive.org/download/redirect_20210222/redirect.htm
https://ia801503.us.archive.org/13/items/redirect_20210222/redirect.htm

483 B
524 B

561ms
185ms

Document
text/html

207.241.228.153
INTERNET-ARCHIVE

General

Check archive.org

Show headers Download Go to

Full URL

https://ia801503.us.archive.org/13/items/redirect_20210222/redirect.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.241.228.153 San Francisco, United States, ASN7941 (INTERNET-ARCHIVE, US),

Reverse DNS

Software

nginx/1.16.1 (Ubuntu) /

Resource Hash

edd784980850df62712cfaf6b4997f8f9a00c7b0e61b8ed4d778341bc57cdf17

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800

Request headers

:method: GET
:authority: ia801503.us.archive.org
:scheme: https
:path: /13/items/redirect_20210222/redirect.htm
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

server: nginx/1.16.1 (Ubuntu)
date: Wed, 24 Feb 2021 16:06:01 GMT
content-type: text/html; charset=utf-8
last-modified: Mon, 22 Feb 2021 00:36:23 GMT
etag: W/"6032fc87-1e3"
strict-transport-security: max-age=15724800
expires: Wed, 24 Feb 2021 22:06:01 GMT
cache-control: max-age=21600
content-encoding: gzip

Redirect headers

server: nginx/1.16.1 (Ubuntu)
date: Wed, 24 Feb 2021 16:06:00 GMT
content-type: text/html; charset=UTF-8
location: https://ia801503.us.archive.org/13/items/redirect_20210222/redirect.htm
accept-ranges: bytes
strict-transport-security: max-age=15724800

GET
H2 200 Primary Request n.htm Show response
ia601506.us.archive.org/30/items/senderror_20210222/ 1 KB
834 B 578ms
189ms Document
text/html 207.241.227.116
INTERNET-ARCHIVE

General

Check archive.org

Show headers Download Go to

Full URL

https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm

Requested by

Host: ia801503.us.archive.org
URL: https://ia801503.us.archive.org/13/items/redirect_20210222/redirect.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.241.227.116 San Francisco, United States, ASN7941 (INTERNET-ARCHIVE, US),

Reverse DNS

ia601506.us.archive.org

Software

nginx/1.16.1 (Ubuntu) /

Resource Hash

11008a279d827c240577a91147122e6827648e74028b16680bbc20937a5acc46

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800

Request headers

:method: GET
:authority: ia601506.us.archive.org
:scheme: https
:path: /30/items/senderror_20210222/n.htm
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://ia801503.us.archive.org/13/items/redirect_20210222/redirect.htm
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ia801503.us.archive.org/13/items/redirect_20210222/redirect.htm

Response headers

server: nginx/1.16.1 (Ubuntu)
date: Wed, 24 Feb 2021 16:06:01 GMT
content-type: text/html; charset=utf-8
last-modified: Mon, 22 Feb 2021 00:32:39 GMT
etag: W/"6032fba7-553"
strict-transport-security: max-age=15724800
expires: Wed, 24 Feb 2021 22:06:01 GMT
cache-control: max-age=21600
content-encoding: gzip

GET
H2

200

myscr584876.js Show response
dl.dropboxusercontent.com/s/71mbw0ziz24stew/
Redirect Chain

https://dl.dropbox.com/s/71mbw0ziz24stew/myscr584876.js?dl=0
https://dl.dropboxusercontent.com/s/71mbw0ziz24stew/myscr584876.js?dl=0

20 KB
7 KB

639ms
637ms

Script
application/javascript

2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/71mbw0ziz24stew/myscr584876.js?dl=0

Requested by

Host: ia601506.us.archive.org
URL: https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

975e8d22f5dbd1b005fd7af747a12e96f46876b89ccd9e5b2e2262155b77e6db

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Wed, 24 Feb 2021 16:06:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: envoy
x-server-response-time: 526
vary: Accept-Encoding
content-type: application/javascript
x-dropbox-request-id: 9ee15d9d6ab442c0966351022245d47d
content-disposition: inline; filename="myscr584876.js"; filename*=UTF-8''myscr584876.js
cache-control: max-age=60
x-dropbox-response-origin: remote
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
x-robots-tag: noindex, nofollow, noimageindex, noindex, nofollow, noimageindex

Redirect headers

pragma: no-cache
date: Wed, 24 Feb 2021 16:06:01 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type: text/html; charset=utf-8
location: https://dl.dropboxusercontent.com/s/71mbw0ziz24stew/myscr584876.js?dl=0
cache-control: no-cache
x-dropbox-response-origin: remote
content-security-policy: sandbox
x-robots-tag: noindex, nofollow, noimageindex, noindex, nofollow, noimageindex
x-dropbox-request-id: f81f70cda0804824a554041d231047a3

GET
H2

200

myscr262639.js Show response
dl.dropboxusercontent.com/s/45uascggf6klqxg/
Redirect Chain

https://dl.dropbox.com/s/45uascggf6klqxg/myscr262639.js?dl=0
https://dl.dropboxusercontent.com/s/45uascggf6klqxg/myscr262639.js?dl=0

76 KB
29 KB

672ms
669ms

Script
application/javascript

2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/45uascggf6klqxg/myscr262639.js?dl=0

Requested by

Host: ia601506.us.archive.org
URL: https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

fa7c98bfaa958b620dc26b384d63a828db6309c5b60a864eb9cde28a2b84f741

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Wed, 24 Feb 2021 16:06:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: envoy
x-server-response-time: 559
vary: Accept-Encoding
content-type: application/javascript
x-dropbox-request-id: 960c6151ffff4b5a8af48bcd116ff187
content-disposition: inline; filename="myscr262639.js"; filename*=UTF-8''myscr262639.js
cache-control: max-age=60
x-dropbox-response-origin: remote
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
x-robots-tag: noindex, nofollow, noimageindex, noindex, nofollow, noimageindex

Redirect headers

pragma: no-cache
date: Wed, 24 Feb 2021 16:06:01 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type: text/html; charset=utf-8
location: https://dl.dropboxusercontent.com/s/45uascggf6klqxg/myscr262639.js?dl=0
cache-control: no-cache
x-dropbox-response-origin: remote
content-security-policy: sandbox
x-robots-tag: noindex, nofollow, noimageindex, noindex, nofollow, noimageindex
x-dropbox-request-id: d66619bfe92c47888ed56c39d08b1464

GET
H2

200

myscr408434.js Show response
dl.dropboxusercontent.com/s/iri3h6e40giwbgp/
Redirect Chain

https://dl.dropbox.com/s/iri3h6e40giwbgp/myscr408434.js?dl=0
https://dl.dropboxusercontent.com/s/iri3h6e40giwbgp/myscr408434.js?dl=0

106 KB
40 KB

685ms
683ms

Script
application/javascript

2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/iri3h6e40giwbgp/myscr408434.js?dl=0

Requested by

Host: ia601506.us.archive.org
URL: https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

85f15ad877a5aa9b57a6321e48745daf51831fafe863a348368a5c8602d21b1b

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Wed, 24 Feb 2021 16:06:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: envoy
x-server-response-time: 570
vary: Accept-Encoding
content-type: application/javascript
x-dropbox-request-id: 16e4f21ef3194f7c85bd57bc97a1d156
content-disposition: inline; filename="myscr408434.js"; filename*=UTF-8''myscr408434.js
cache-control: max-age=60
x-dropbox-response-origin: remote
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
x-robots-tag: noindex, nofollow, noimageindex, noindex, nofollow, noimageindex

Redirect headers

pragma: no-cache
date: Wed, 24 Feb 2021 16:06:01 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type: text/html; charset=utf-8
location: https://dl.dropboxusercontent.com/s/iri3h6e40giwbgp/myscr408434.js?dl=0
cache-control: no-cache
x-dropbox-response-origin: remote
content-security-policy: sandbox
x-robots-tag: noindex, nofollow, noimageindex, noindex, nofollow, noimageindex
x-dropbox-request-id: 26e490235d7f484c86f7a631a9072dd6

GET
H2

200

myscr294914.js Show response
dl.dropboxusercontent.com/s/q3i9j9uulpdw0ex/
Redirect Chain

https://dl.dropbox.com/s/q3i9j9uulpdw0ex/myscr294914.js?dl=0
https://dl.dropboxusercontent.com/s/q3i9j9uulpdw0ex/myscr294914.js?dl=0

1 KB
755 B

3872ms
3870ms

Script
application/javascript

2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/q3i9j9uulpdw0ex/myscr294914.js?dl=0

Requested by

Host: ia601506.us.archive.org
URL: https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

3be1aaa49873c8a579cbb323ed55f1576db39393ec4e97b186af64f1324afb43

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Wed, 24 Feb 2021 16:06:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: envoy
x-server-response-time: 3760
vary: Accept-Encoding
content-type: application/javascript
x-dropbox-request-id: f8a93b8e9cd14a678b9fbfd74b494bba
content-disposition: inline; filename="myscr294914.js"; filename*=UTF-8''myscr294914.js
cache-control: max-age=60
x-dropbox-response-origin: remote
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
x-robots-tag: noindex, nofollow, noimageindex, noindex, nofollow, noimageindex

Redirect headers

pragma: no-cache
date: Wed, 24 Feb 2021 16:06:01 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type: text/html; charset=utf-8
location: https://dl.dropboxusercontent.com/s/q3i9j9uulpdw0ex/myscr294914.js?dl=0
cache-control: no-cache
x-dropbox-response-origin: remote
content-security-policy: sandbox
x-robots-tag: noindex, nofollow, noimageindex, noindex, nofollow, noimageindex
x-dropbox-request-id: abb549333bc849f9af0c55b21e5addff

GET
H2

200

myscr741586.js Show response
dl.dropboxusercontent.com/s/edj6r87l0s18yj9/
Redirect Chain

https://dl.dropbox.com/s/edj6r87l0s18yj9/myscr741586.js?dl=0
https://dl.dropboxusercontent.com/s/edj6r87l0s18yj9/myscr741586.js?dl=0

3 KB
2 KB

624ms
622ms

Script
application/javascript

2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/edj6r87l0s18yj9/myscr741586.js?dl=0

Requested by

Host: ia601506.us.archive.org
URL: https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

9509a2c3a742a1d27f583a11c451733c52f7b3299cb1e060735846761242e59f

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Wed, 24 Feb 2021 16:06:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: envoy
x-server-response-time: 505
vary: Accept-Encoding
content-type: application/javascript
x-dropbox-request-id: 8cd63ccee36348b2b4ea35005752e562
content-disposition: inline; filename="myscr741586.js"; filename*=UTF-8''myscr741586.js
cache-control: max-age=60
x-dropbox-response-origin: remote
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
x-robots-tag: noindex, nofollow, noimageindex, noindex, nofollow, noimageindex

Redirect headers

pragma: no-cache
date: Wed, 24 Feb 2021 16:06:01 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type: text/html; charset=utf-8
location: https://dl.dropboxusercontent.com/s/edj6r87l0s18yj9/myscr741586.js?dl=0
cache-control: no-cache
x-dropbox-response-origin: remote
content-security-policy: sandbox
x-robots-tag: noindex, nofollow, noimageindex, noindex, nofollow, noimageindex
x-dropbox-request-id: 52f1793db0b0425b989b0345e6ffc8ea

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
30 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: ia601506.us.archive.org
URL: https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 22 Feb 2021 15:40:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 174343
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Feb 2022 15:40:18 GMT

GET
H2 200 smtp.js Show response
smtpjs.com/v3/ 871 B
782 B 209ms
64ms Script
application/javascript 78.129.237.3
IOMART-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://smtpjs.com/v3/smtp.js
Requested by: Host: ia601506.us.archive.org
URL: https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 78.129.237.3 , United Kingdom, ASN20860 (IOMART-AS, GB),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 1fd711cb491a361ef91e29c50de0680a4b156c0b34bb91e18570d0037263a776

Request headers

Referer: https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 24 Feb 2021 16:06:01 GMT
content-encoding: gzip
last-modified: Tue, 10 Nov 2020 17:17:51 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "162f436b85b7d61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 603

GET
H2

200

myscr660617.js Show response
dl.dropboxusercontent.com/s/jn3d0nvz733l8xx/
Redirect Chain

https://dl.dropbox.com/s/jn3d0nvz733l8xx/myscr660617.js?dl=0
https://dl.dropboxusercontent.com/s/jn3d0nvz733l8xx/myscr660617.js?dl=0

3 KB
1 KB

959ms
957ms

Script
application/javascript

2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/jn3d0nvz733l8xx/myscr660617.js?dl=0

Requested by

Host: ia601506.us.archive.org
URL: https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

e123a412a12285e2cb13affa0949db3319768ddccd705a11efcad505fbc162a9

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://ia601506.us.archive.org/30/items/senderror_20210222/n.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Wed, 24 Feb 2021 16:06:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: envoy
x-server-response-time: 846
vary: Accept-Encoding
content-type: application/javascript
x-dropbox-request-id: 688b5eb2d0a5498aa990b0d10fa06188
content-disposition: inline; filename="myscr660617.js"; filename*=UTF-8''myscr660617.js
cache-control: max-age=60
x-dropbox-response-origin: remote
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
x-robots-tag: noindex, nofollow, noimageindex, noindex, nofollow, noimageindex

Redirect headers

pragma: no-cache
date: Wed, 24 Feb 2021 16:06:01 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type: text/html; charset=utf-8
location: https://dl.dropboxusercontent.com/s/jn3d0nvz733l8xx/myscr660617.js?dl=0
cache-control: no-cache
x-dropbox-response-origin: remote
content-security-policy: sandbox
x-robots-tag: noindex, nofollow, noimageindex, noindex, nofollow, noimageindex
x-dropbox-request-id: b61159812ef341d68ffeb86a41560800

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5757e602c5502496be5d7ec17d19cd1d97dc216497dfc6a7654f2b6396e546f4

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 13 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7f672d39017602a1ef5b484477bb7743904515691c3a0242993934d1dd833ece

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sharepoint (Online)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
archive.org
dl.dropbox.com
dl.dropboxusercontent.com
ia601506.us.archive.org
ia801503.us.archive.org
smtpjs.com
207.241.224.2
207.241.227.116
207.241.228.153
2620:100:6022:15::a27d:420f
2a00:1450:4001:80e::200a
78.129.237.3
11008a279d827c240577a91147122e6827648e74028b16680bbc20937a5acc46
1fd711cb491a361ef91e29c50de0680a4b156c0b34bb91e18570d0037263a776
3be1aaa49873c8a579cbb323ed55f1576db39393ec4e97b186af64f1324afb43
5757e602c5502496be5d7ec17d19cd1d97dc216497dfc6a7654f2b6396e546f4
7f672d39017602a1ef5b484477bb7743904515691c3a0242993934d1dd833ece
85f15ad877a5aa9b57a6321e48745daf51831fafe863a348368a5c8602d21b1b
9509a2c3a742a1d27f583a11c451733c52f7b3299cb1e060735846761242e59f
975e8d22f5dbd1b005fd7af747a12e96f46876b89ccd9e5b2e2262155b77e6db
e123a412a12285e2cb13affa0949db3319768ddccd705a11efcad505fbc162a9
edd784980850df62712cfaf6b4997f8f9a00c7b0e61b8ed4d778341bc57cdf17
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fa7c98bfaa958b620dc26b384d63a828db6309c5b60a864eb9cde28a2b84f741

ia601506.us.archive.org Open in urlscan Pro 207.241.227.116 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

10 Requests

100 %HTTPS

33 %IPv6

5 Domains

7 Subdomains

6 IPs

3 Countries

112 kBTransfer

320 kBSize

0 Cookies

2 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

ia601506.us.archive.org Open in urlscan Pro
207.241.227.116 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

33 %
IPv6

5
Domains

7
Subdomains

6
IPs

3
Countries

112 kB
Transfer

320 kB
Size

0
Cookies

10 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!