urlscan.io logo urlscan.io
SecurityTrails logo

jj3ro.bitbucket.io Open in urlscan Pro
2406:da00:ff00::3437:b4cb  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://jj3ro.bitbucket.io/
Effective URL: https://jj3ro.bitbucket.io/
Submission: On May 06 via api from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 6 HTTP transactions. The main IP is 2406:da00:ff00::3437:b4cb, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is jj3ro.bitbucket.io.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on June 3rd 2020. Valid for: 2 years.
This is the only time jj3ro.bitbucket.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 2406:da00:ff0... 14618 (AMAZON-AES)
1 2606:4700:303... 13335 (CLOUDFLAR...)
3 104.192.137.11 16509 (AMAZON-02)
1 2001:4de0:ac1... 20446 (STACKPATH...)
6 5
Apex Domain
Subdomains		 Transfer
3 atlassian.com
web-security-reports.services.atlassian.com — Cisco Umbrella Rank: 102603
722 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 936
33 KB
1 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1448
12 KB
1 bitbucket.io
jj3ro.bitbucket.io
125 KB
6 4
Domain Requested by
3 web-security-reports.services.atlassian.com jj3ro.bitbucket.io
1 code.jquery.com jj3ro.bitbucket.io
1 use.fontawesome.com jj3ro.bitbucket.io
1 jj3ro.bitbucket.io
6 4

This site contains no links.

Subject Issuer Validity Valid
*.bitbucket.io
DigiCert SHA2 High Assurance Server CA		 2020-06-03 -
2022-07-05		 2 years crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-07 -
2022-07-06		 a year crt.sh
*.services.atlassian.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-11-12 -
2022-12-06		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://jj3ro.bitbucket.io/
Frame ID: 267BC12070A643730C487A50C9A0C430
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to your accountassets

Page URL History Show full URLs

  1. http://jj3ro.bitbucket.io/ HTTP 307
    https://jj3ro.bitbucket.io/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

172 kB
Transfer

435 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://jj3ro.bitbucket.io/ HTTP 307
    https://jj3ro.bitbucket.io/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
jj3ro.bitbucket.io/
Redirect Chain
  • http://jj3ro.bitbucket.io/
  • https://jj3ro.bitbucket.io/
266 KB
125 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://jj3ro.bitbucket.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2406:da00:ff00::3437:b4cb Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
388c9a3ea0cb905487f101f5730e2fcf54a0f5afec056f566f456ac029f21981
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=900
content-encoding
gzip
content-language
en
content-security-policy-report-only
script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://d301sr5gafysq2.cloudfront.net; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com https://d301sr5gafysq2.cloudfront.net; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net sentry.io bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net; object-src about:; base-uri 'self'
content-type
text/html
date
Fri, 06 May 2022 04:07:38 GMT
etag
W/"557e838e711cbd1fe5a16c43dedde3ac"
last-modified
Mon, 11 Apr 2022 22:50:28 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Language, Origin, Accept-Encoding
x-b3-traceid
b48b2e4697151d2f
x-cache-info
caching
x-dc-location
Micros
x-render-time
0.0567018985748
x-request-count
273
x-served-by
3ea0ca81212c
x-static-version
4d98e9f6c69e
x-usage-input-ops
0
x-usage-output-ops
0
x-usage-quota-remaining
998977.837
x-usage-request-cost
1038.57
x-usage-system-time
0.000216
x-usage-user-time
0.030941
x-version
4d98e9f6c69e
x-view-name
bitbucket.apps.hosted.views.serve

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://jj3ro.bitbucket.io/
Non-Authoritative-Reason
HSTS
all.css
use.fontawesome.com/releases/v5.7.0/css/ 		53 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.7.0/css/all.css
Requested by
Host: jj3ro.bitbucket.io
URL: https://jj3ro.bitbucket.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:a9f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afdc6bf2de981ffd7d370b76f44e7580572f197efbe214b9cfa4005d189d8eae

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://jj3ro.bitbucket.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 04:07:39 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
12277924
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
09JCBX0VRN11XCBM
x-amz-id-2
NNdi3BgAqCp60nQIf+/+fvdUnmfpcZncZjdtzbKfeido+IsmFdqklpKuHPqAzLpar9gxSwcecmk=
last-modified
Wed, 30 Jun 2021 15:45:15 GMT
server
cloudflare
etag
W/"251d28bd755f5269a4531df8a81d5664"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rXV8O7qK0dM8KKsyavrd%2BEBt3uE01LtC5fzREhGe0FmPWcbDhgUxS%2FmvtrJ60x2x6ISqUMlsgRGdyIRZmnaEvLhn12qFCwAtEFlKlzYtxkTf4wQ9FLt33Oirzo42tLR8TeHM6UShxGO%2F9mEd%2Fv05NRLT"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31556926
cf-ray
706ed9a4c8291fc6-NRT
bb-website
web-security-reports.services.atlassian.com/csp-report/ 		0
597 B 		Other
General
Check archive.org
Download Go to
Full URL
https://web-security-reports.services.atlassian.com/csp-report/bb-website
Requested by
Host: jj3ro.bitbucket.io
URL: https://jj3ro.bitbucket.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.192.137.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
globaledge-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://jj3ro.bitbucket.io/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
application/csp-report

Response headers

x-rate-limit-request-remote-addr
10.255.0.9:51058
date
Fri, 06 May 2022 04:07:39 GMT
x-rate-limit-request-forwarded-for
217.138.252.59, 10.22.4.204
x-rate-limit-limit
100.00
nel
{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": 0.001}
server
globaledge-envoy
atl-traceid
7243640dc7422a5e
expect-ct
report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/web-security-reports", max-age=86400
strict-transport-security
max-age=63072000; preload
report-to
{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dj9s4kmieytgz.cloudfront.net"}], "include_subdomains": true}
x-envoy-upstream-service-time
171
x-content-type-options
nosniff
content-length
0
x-xss-protection
1; mode=block
x-rate-limit-duration
1
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
bb-website
web-security-reports.services.atlassian.com/csp-report/ 		0
56 B 		Other
General
Check archive.org
Download Go to
Full URL
https://web-security-reports.services.atlassian.com/csp-report/bb-website
Requested by
Host: jj3ro.bitbucket.io
URL: https://jj3ro.bitbucket.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.192.137.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
globaledge-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://jj3ro.bitbucket.io/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
application/csp-report

Response headers

x-rate-limit-request-remote-addr
10.255.0.9:36674
date
Fri, 06 May 2022 04:07:39 GMT
x-rate-limit-request-forwarded-for
217.138.252.59, 10.22.4.204
x-rate-limit-limit
100.00
nel
{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": 0.001}
server
globaledge-envoy
atl-traceid
c84e868b5cb70012
expect-ct
report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/web-security-reports", max-age=86400
strict-transport-security
max-age=63072000; preload
report-to
{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dj9s4kmieytgz.cloudfront.net"}], "include_subdomains": true}
x-envoy-upstream-service-time
171
x-content-type-options
nosniff
content-length
0
x-xss-protection
1; mode=block
x-rate-limit-duration
1
jquery-1.12.4.min.js
code.jquery.com/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-1.12.4.min.js
Requested by
Host: jj3ro.bitbucket.io
URL: https://jj3ro.bitbucket.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Request headers

Referer
https://jj3ro.bitbucket.io/
Origin
https://jj3ro.bitbucket.io
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 04:07:39 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-17b8b"
vary
Accept-Encoding
x-hw
1651810059.dop051.sj3.t,1651810059.cds048.sj3.hn,1651810059.cds099.sj3.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
33738
truncated
/ 		17 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/jpeg
bb-website
web-security-reports.services.atlassian.com/csp-report/ 		0
69 B 		Other
General
Check archive.org
Download Go to
Full URL
https://web-security-reports.services.atlassian.com/csp-report/bb-website
Requested by
Host: jj3ro.bitbucket.io
URL: https://jj3ro.bitbucket.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.192.137.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
globaledge-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://jj3ro.bitbucket.io/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
application/csp-report

Response headers

x-rate-limit-request-remote-addr
10.255.0.9:51058
date
Fri, 06 May 2022 04:07:40 GMT
x-rate-limit-request-forwarded-for
217.138.252.59, 10.22.4.204
x-rate-limit-limit
100.00
nel
{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": 0.001}
server
globaledge-envoy
atl-traceid
8661fbcea2730bee
expect-ct
report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/web-security-reports", max-age=86400
strict-transport-security
max-age=63072000; preload
report-to
{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dj9s4kmieytgz.cloudfront.net"}], "include_subdomains": true}
x-envoy-upstream-service-time
168
x-content-type-options
nosniff
content-length
0
x-xss-protection
1; mode=block
x-rate-limit-duration
1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| $ function| jQuery function| displaySecondLoginForm function| isEmail

0 Cookies

3 Console Messages

Source Level URL
Text
security error URL: https://jj3ro.bitbucket.io/(Line 4)
Message:
[Report Only] Refused to load the stylesheet 'https://use.fontawesome.com/releases/v5.7.0/css/all.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com https://d301sr5gafysq2.cloudfront.net". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security error URL: https://jj3ro.bitbucket.io/
Message:
[Report Only] Refused to load the script 'https://code.jquery.com/jquery-1.12.4.min.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://d301sr5gafysq2.cloudfront.net". Note that 'strict-dynamic' is present, so host-based allowlisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://jj3ro.bitbucket.io/(Line 119)
Message:
[Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://d301sr5gafysq2.cloudfront.net". Either the 'unsafe-inline' keyword, a hash ('sha256-qmPDeuTsinzTxXWsL4V6Paxqy8pSkPkU/3PwhHtwJt0='), or a nonce ('nonce-...') is required to enable inline execution.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload