www.o365supports.com
Open in
urlscan Pro
52.25.95.152
Malicious Activity!
Public Scan
URL:
http://www.o365supports.com/6014663-IfS-HO49qbzkhQ
Submission: On December 21 via manual from IE — Scanned from DE
Submission: On December 21 via manual from IE — Scanned from DE
Summary
This website contacted 3 IPs
in 1 countries
across 2 domains to perform 3 HTTP transactions.
The main IP is 52.25.95.152, located in
Boardman, United States and
belongs to AMAZON-02, US.
The main domain is www.o365supports.com.
This is the only time www.o365supports.com was scanned on urlscan.io!
This is the only time www.o365supports.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: LinkedIn (Social Network)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 52.25.95.152 52.25.95.152 | 16509 (AMAZON-02) (AMAZON-02) | |
| 2 | 52.217.132.177 52.217.132.177 | 16509 (AMAZON-02) (AMAZON-02) | |
| 3 | 3 |
1
52.25.95.152
(Boardman, United States)
ASN16509 (AMAZON-02, US)
PTR: ec2-52-25-95-152.us-west-2.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-52-25-95-152.us-west-2.compute.amazonaws.com
| www.o365supports.com |
2
52.217.132.177
(Ashburn, United States)
ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
| staticmediafiles.s3.amazonaws.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 2 |
amazonaws.com
staticmediafiles.s3.amazonaws.com |
96 KB |
| 1 |
o365supports.com
www.o365supports.com |
1 MB |
| 3 | 2 |
| Domain | Requested by | |
|---|---|---|
| 2 | staticmediafiles.s3.amazonaws.com |
www.o365supports.com
|
| 1 | www.o365supports.com | |
| 3 | 2 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| members.ironscales.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.s3.amazonaws.com DigiCert Baltimore CA-2 G2 |
2021-01-11 - 2022-02-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://www.o365supports.com/6014663-IfS-HO49qbzkhQ
Frame ID: E817681EE0002F52F718BB85C2A252B2
Requests: 4 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
URL: https://members.ironscales.com/service/de/6014663-IfS-HO49qbzkhQ
Title: Â Â Â Â Â Â Â Â
Title: Â Â Â Â Â Â Â Â
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
6014663-IfS-HO49qbzkhQ
www.o365supports.com/ |
2 MB 1 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
140 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-1.11.0.min.js
staticmediafiles.s3.amazonaws.com/static/webapp/js/ |
94 KB 95 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
signin-logo_S8VqZ49.png
staticmediafiles.s3.amazonaws.com/media/uploads/demohe/2018/07/01/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: LinkedIn (Social Network)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
staticmediafiles.s3.amazonaws.com
www.o365supports.com
52.217.132.177
52.25.95.152
30052f65174a9e2d75f3ac731c71c6dc14f48a4585a29b176401df4051d64ece
8a6e03f392078aba88b870e2d1a0acb77067a7d1e3d7b787e25392761921ba6a
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
dc9e0bdd2abe847c5d2c8a8ea2a058982e5cf29f3a73e7bf96be30f6d344deff