urlscan.io logo urlscan.io
SecurityTrails logo

login.officecloud24.com Open in urlscan Pro
94.152.11.118  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://login.officecloud24.com//?__utma=7078fea2099b0f0&fn=Name&ln=Surname
Effective URL: https://login.officecloud24.com//?__utma=7078fea2099b0f0&fn=Name&ln=Surname
Submission: On July 06 via manual from IN — Scanned from PL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 94.152.11.118, located in Poland and belongs to CF-KRK, PL. The main domain is login.officecloud24.com.
TLS certificate: Issued by DOMENY SSL DV Certification Authority on August 26th 2022. Valid for: a year.
This is the only time login.officecloud24.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
4 94.152.11.118 29522 (CF-KRK)
1 172.217.18.10 15169 (GOOGLE)
2 172.217.18.3 15169 (GOOGLE)
7 3
Apex Domain
Subdomains		 Transfer
4 officecloud24.com
login.officecloud24.com
394 KB
2 gstatic.com
fonts.gstatic.com
28 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 88
995 B
7 3
Domain Requested by
4 login.officecloud24.com login.officecloud24.com
2 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com login.officecloud24.com
7 3

This site contains no links.

Subject Issuer Validity Valid
login.officecloud24.com
DOMENY SSL DV Certification Authority		 2022-08-26 -
2023-08-26		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-06-19 -
2023-09-11		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-06-19 -
2023-09-11		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://login.officecloud24.com//?__utma=7078fea2099b0f0&fn=Name&ln=Surname
Frame ID: 80E27DE7A430E682A4045FC4F1C4D257
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Podaj hasło

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

422 kB
Transfer

425 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
login.officecloud24.com// 		1 KB
651 B 		Document
General
Check archive.org
Download Go to
Full URL
https://login.officecloud24.com//?__utma=7078fea2099b0f0&fn=Name&ln=Surname
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
94.152.11.118 , Poland, ASN29522 (CF-KRK, PL),
Reverse DNS
lexi.rev.domeny.host
Software
nginx /
Resource Hash
71e0fefdb561a412f1037e6da0ced0c326db13896cdace0d55bfff0b4c8ca17e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
pl-PL,pl;q=0.9

Response headers

content-encoding
br
content-type
text/html
date
Thu, 06 Jul 2023 08:23:02 GMT
server
nginx
vary
Accept-Encoding
style.css
login.officecloud24.com//css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.officecloud24.com//css/style.css
Requested by
Host: login.officecloud24.com
URL: https://login.officecloud24.com//?__utma=7078fea2099b0f0&fn=Name&ln=Surname
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
94.152.11.118 , Poland, ASN29522 (CF-KRK, PL),
Reverse DNS
lexi.rev.domeny.host
Software
nginx /
Resource Hash
a41fd72f7fb8a2c61d0d6ed8747c1074881d4b7a1c8fa90417fde68a309b4b54

Request headers

accept-language
pl-PL,pl;q=0.9
Referer
https://login.officecloud24.com//?__utma=7078fea2099b0f0&fn=Name&ln=Surname
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 06 Jul 2023 08:23:03 GMT
content-encoding
br
last-modified
Wed, 17 Jul 2019 04:41:32 GMT
server
nginx
etag
W/"102747-a92-58dd91b7ab700"
vary
Accept-Encoding
content-type
text/css
css
fonts.googleapis.com/ 		2 KB
995 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto&display=swap
Requested by
Host: login.officecloud24.com
URL: https://login.officecloud24.com//?__utma=7078fea2099b0f0&fn=Name&ln=Surname
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.10 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f10.1e100.net
Software
ESF /
Resource Hash
c87b7f745cfb4a994801488584e6e0e78d6c4f0ad567e985a781fc0b86074724
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
pl-PL,pl;q=0.9
Referer
https://login.officecloud24.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 06 Jul 2023 08:23:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 06 Jul 2023 06:32:47 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 06 Jul 2023 08:23:03 GMT
logo.png
login.officecloud24.com//gfx/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.officecloud24.com//gfx/logo.png
Requested by
Host: login.officecloud24.com
URL: https://login.officecloud24.com//?__utma=7078fea2099b0f0&fn=Name&ln=Surname
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
94.152.11.118 , Poland, ASN29522 (CF-KRK, PL),
Reverse DNS
lexi.rev.domeny.host
Software
nginx /
Resource Hash
420a4d01704ac38baed0f5409e33ee009d58590ee77165c6fc4cdb9dfd2070f9

Request headers

accept-language
pl-PL,pl;q=0.9
Referer
https://login.officecloud24.com//?__utma=7078fea2099b0f0&fn=Name&ln=Surname
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 06 Jul 2023 08:23:03 GMT
last-modified
Wed, 17 Jul 2019 04:41:34 GMT
server
nginx
accept-ranges
bytes
etag
"10274a-422-58dd91b993b80"
content-length
1058
content-type
image/png
bg.jpg
login.officecloud24.com//gfx/ 		390 KB
391 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.officecloud24.com//gfx/bg.jpg
Requested by
Host: login.officecloud24.com
URL: https://login.officecloud24.com//css/style.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
94.152.11.118 , Poland, ASN29522 (CF-KRK, PL),
Reverse DNS
lexi.rev.domeny.host
Software
nginx /
Resource Hash
77f6b3f2296262ae1f8eb06228878e951a0bb8c4e04e3eb56b6f4d4ab21333cd

Request headers

accept-language
pl-PL,pl;q=0.9
Referer
https://login.officecloud24.com//css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 06 Jul 2023 08:23:03 GMT
last-modified
Wed, 17 Jul 2019 04:41:33 GMT
server
nginx
accept-ranges
bytes
etag
"102748-61981-58dd91b89f940"
content-length
399745
content-type
image/jpeg
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f3.1e100.net
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://login.officecloud24.com
accept-language
pl-PL,pl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 22:16:07 GMT
x-content-type-options
nosniff
age
554816
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 28 Jun 2024 22:16:07 GMT
KFOmCnqEu92Fr1Mu7GxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f3.1e100.net
Software
sffe /
Resource Hash
3c23eb02de6b34e30f18cfb7167abd81a2cedfd1da60dfcb71989517ab3fb431
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://login.officecloud24.com
accept-language
pl-PL,pl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 01 Jul 2023 18:23:15 GMT
x-content-type-options
nosniff
age
395988
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11872
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:25:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 30 Jun 2024 18:23:15 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

1 Cookies

Domain/Path Name / Value
login.officecloud24.com/ Name: __utmb
Value: 7078fea2099b0f0