www.o365supports.com
Open in
urlscan Pro
52.25.95.152
Malicious Activity!
Public Scan
URL:
http://www.o365supports.com/6014643-isM_9ZUo1X67iw
Submission: On December 20 via manual from IE — Scanned from DE
Submission: On December 20 via manual from IE — Scanned from DE
Summary
This website contacted 3 IPs
in 1 countries
across 2 domains to perform 3 HTTP transactions.
The main IP is 52.25.95.152, located in
Boardman, United States and
belongs to AMAZON-02, US.
The main domain is www.o365supports.com.
This is the only time www.o365supports.com was scanned on urlscan.io!
This is the only time www.o365supports.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: LinkedIn (Social Network)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 52.25.95.152 52.25.95.152 | 16509 (AMAZON-02) (AMAZON-02) | |
| 2 | 52.217.82.44 52.217.82.44 | 16509 (AMAZON-02) (AMAZON-02) | |
| 3 | 3 |
1
52.25.95.152
(Boardman, United States)
ASN16509 (AMAZON-02, US)
PTR: ec2-52-25-95-152.us-west-2.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-52-25-95-152.us-west-2.compute.amazonaws.com
| www.o365supports.com |
2
52.217.82.44
(Ashburn, United States)
ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
| staticmediafiles.s3.amazonaws.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 2 |
amazonaws.com
staticmediafiles.s3.amazonaws.com |
96 KB |
| 1 |
o365supports.com
www.o365supports.com |
1 MB |
| 3 | 2 |
| Domain | Requested by | |
|---|---|---|
| 2 | staticmediafiles.s3.amazonaws.com |
www.o365supports.com
|
| 1 | www.o365supports.com | |
| 3 | 2 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| members.ironscales.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.s3.amazonaws.com DigiCert Baltimore CA-2 G2 |
2021-01-11 - 2022-02-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://www.o365supports.com/6014643-isM_9ZUo1X67iw
Frame ID: 1F3734608FC420AC446ECDCC39E59D12
Requests: 4 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
URL: https://members.ironscales.com/service/de/6014643-isM_9ZUo1X67iw
Title: Â Â Â Â Â Â Â Â
Title: Â Â Â Â Â Â Â Â
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
6014643-isM_9ZUo1X67iw
www.o365supports.com/ |
2 MB 1 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
140 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-1.11.0.min.js
staticmediafiles.s3.amazonaws.com/static/webapp/js/ |
94 KB 95 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
signin-logo_S8VqZ49.png
staticmediafiles.s3.amazonaws.com/media/uploads/demohe/2018/07/01/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: LinkedIn (Social Network)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
staticmediafiles.s3.amazonaws.com
www.o365supports.com
52.217.82.44
52.25.95.152
30052f65174a9e2d75f3ac731c71c6dc14f48a4585a29b176401df4051d64ece
6f42b9689150f10b0bda83d338a4d4a3e5ce82adaf72a456e1e3cd6acedf73f5
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
dc9e0bdd2abe847c5d2c8a8ea2a058982e5cf29f3a73e7bf96be30f6d344deff