login.officecloud24.com
Open in
urlscan Pro
94.152.11.118
Malicious Activity!
Public Scan
Effective URL: https://login.officecloud24.com//?__utma=7078fea2099b0f0&fn=Name&ln=Surname
Submission: On July 06 via manual from IN — Scanned from PL
Summary
TLS certificate: Issued by DOMENY SSL DV Certification Authority on August 26th 2022. Valid for: a year.
This is the only time login.officecloud24.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 94.152.11.118 94.152.11.118 | 29522 (CF-KRK) (CF-KRK) | |
1 | 172.217.18.10 172.217.18.10 | 15169 (GOOGLE) (GOOGLE) | |
2 | 172.217.18.3 172.217.18.3 | 15169 (GOOGLE) (GOOGLE) | |
7 | 3 |
ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
officecloud24.com
login.officecloud24.com |
394 KB |
2 |
gstatic.com
fonts.gstatic.com |
28 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 88 |
995 B |
7 | 3 |
Domain | Requested by | |
---|---|---|
4 | login.officecloud24.com |
login.officecloud24.com
|
2 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
login.officecloud24.com
|
7 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
login.officecloud24.com DOMENY SSL DV Certification Authority |
2022-08-26 - 2023-08-26 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-06-19 - 2023-09-11 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-06-19 - 2023-09-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://login.officecloud24.com//?__utma=7078fea2099b0f0&fn=Name&ln=Surname
Frame ID: 80E27DE7A430E682A4045FC4F1C4D257
Requests: 7 HTTP requests in this frame
Screenshot
Page Title
Podaj hasłoDetected technologies
Google Font API (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
login.officecloud24.com// |
1 KB 651 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
login.officecloud24.com//css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 995 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
login.officecloud24.com//gfx/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg.jpg
login.officecloud24.com//gfx/ |
390 KB 391 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu7GxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ |
12 KB 12 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
login.officecloud24.com/ | Name: __utmb Value: 7078fea2099b0f0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
login.officecloud24.com
172.217.18.10
172.217.18.3
94.152.11.118
3c23eb02de6b34e30f18cfb7167abd81a2cedfd1da60dfcb71989517ab3fb431
420a4d01704ac38baed0f5409e33ee009d58590ee77165c6fc4cdb9dfd2070f9
71e0fefdb561a412f1037e6da0ced0c326db13896cdace0d55bfff0b4c8ca17e
77f6b3f2296262ae1f8eb06228878e951a0bb8c4e04e3eb56b6f4d4ab21333cd
a41fd72f7fb8a2c61d0d6ed8747c1074881d4b7a1c8fa90417fde68a309b4b54
c87b7f745cfb4a994801488584e6e0e78d6c4f0ad567e985a781fc0b86074724
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615